RSA Admin

Trouble parsing application log comming with snare

Discussion created by RSA Admin Employee on Jul 15, 2011
Latest reply on Jul 20, 2011 by RSA Admin

Hi,

 

My colleague is having trouble with parsing aswell. We have an application running on a Windows box sending it's logs in the same syslog stream as snare.

 

He ran a sendunknown_messages and used the unx file in esi to parse the logs. yet again, esi parsing fine, but enVision doesn't seem to parse. The device was also typed as a multidevice, so he made a new event source but that didn't help aswell. Again, the ese scheme is the same as the enVision scheme, they have had the same ESU installed.

 

Are more people experiencing these issues and could you check what's wrong?

Outcomes