RSA Admin

sftp and logfiles with headers and each log is covering several lines

Discussion created by RSA Admin Employee on Jun 8, 2012
Hi Is there any ways to handle logs with each entry covering several lines. Should the be converted before send by the sftp agent og can it be handled by the envision appliance ? I haven't seen any example on this situation. A log could be like below. Directory: /usr/bla/system Name: security_00.0.log --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<!-- LOGHEADER[START]/ --><!-- HELP[Manual modification of the header may cause parsing problem!]/ --><!-- LOGHEADER[END]/ --> #2.0#2010 04 10 09:23:38:617#+0200#Info#/System/Security/Authentication# #SEC#security#0050568F73DA3DFB00000000000062C1#5769250000000004# [@495173614],5,Dedicated_Application_Thread]#Plain## LOGIN.OK User: TESTUSER IP Address: 1.1.1.1

Outcomes