I have a customer running NW 10.6.3 and we have several parsers enabled like:
rhlinx, bigip, mcafeegw, solaris, aix, hpux and several unix flavor parsers...
The problem that I'm facing is the following:
I have several event sources that produce events with ntp and there are parsed as McAfee Web Gateway instead other unix/linux OS (as result, the customer sees over 200 devices labeled as McAfee Web Gateway when in reality he has onlye 4 Mcafee Proxies). There is any method that I can use to order/priorize for example solaris, rhlinux or aix parser over mcafee web gateway? (I think the alphabetic order of the device name is used in the decoder to priorize the parser wich is used)
Regards,
Max
There is no way to order the way parsers are evaluated. However for the situation you describe the best course would be to map those devices to only use a specific parser.