Anyone try to built the device parser for watchguard XTM series ? Was trying hard, but realized that its only capture the logs that have been recognized. And still working hard to built this.
Appreciate if can share.
Can you kindly submit the raw logs of the same, I need to do the test on that.
I've multiple logs from multiple XTM model, can i send through your email? thanks.
How you will share the same? I can't share my email address here in the open text public-ally. Hope you can understand.
And also defines all the details of your firewall, like the firewall type, XTM model means, the version number, etc.
Understand that, I need to check first the logs so will not publicly share some privacy content.
but don't do any changes with the format of the logs and don't cut and those logs from the middle, because it will change the line of the log.
For the security you can do the changes in the IP Addresses, if you want.
I uploaded here,
Invincea Threat Data Server Event Source Configuration Guide
thanks in advance..
Thanks for uploading the same.
I'll look the logs in free time to create a parser for the same soon.
This is my watchguard parser. It parsed all logs XTM5 series logs and XTM8Series logs by using ESI, but when upload in SA, It did works for xtm8 series file but it didnt work for XTM 5 series. Do you know why?
Retrieving data ...