AnsweredAssumed Answered

How to build logic and capture specific data from 2 types of logs?

Question asked by Utsav Sejpal on Jan 11, 2018
Latest reply on Jan 11, 2018 by Joshua Randall

Hi Experts,

 

We've integrated Trend micro webproxy device with RSA SA Netwintess (10.6.2.0).

 

It forwards the same log under two different types. For e.g. if user A accessed website B then 2 different logs are generated with the exact time stamp. 1)Event URL Access Tracking 2)Event URL monitoring

 

Below are the samples:

 

1) EVT_URL_ACCESS_TRACKING

 

 

2) EVT_URL_MONITORING|LOG_CRIT

 

 

EVT_URL_Access log can be of allowed/denied while EVT_URL_Monitoring is the log of allowed website.

 

So, we wanted to achieve that if user name, time and URL (with contains and ot exact) matches then capture bytes, source and destination from EVT_URL_ACCESS_TRACKING

 

Match Condition:

match-user-exact

match-time-exact

URL with domain contains

 

Action:

Then write bytes, source, destination to Report/Chart etc which will be available from URL Access tracking logs.

 

Thanks

Utsav Sejpal

Outcomes