I need to parse log files in txt from an inhouse application, i'm trying to configure a Datasource of type Syslog via CIFS, at this point is connecting to the share, but how to create rules, i am testing with a server.log from epo and this is the format in the logs without headers:
20131130195109 I #07672 NAIMSRV Processing agent props for micvmove07(F86663EF-B8BB-E111-839A-000000000000)
20131130195109 I #07672 NAIMSRV Sending props response for agent micvmove07, agent has up-to-date policy
The doc is very ambigous and not clear, anybody has a example?
You can access : http://gskinner.com/RegExr/ to parser log .
i has example
i have event log query dns of BIND 9 :
<166>named: queries: info: client 192.168.16.75#55294: view localhost_resolver: query: microsoft.com IN A +
i parser rule parser as:
when at policy editor :
you can read : http://kb.mcafee.com/agent/index?page=content&id=KB78119 to can know rule parser