cancel
Showing results for 
Search instead for 
Did you mean: 
bperez
Level 10
Report Inappropriate Content
Message 1 of 2

How to parse log files via CIFS and ASP

I need to parse log files in txt from an inhouse application, i'm trying to configure a Datasource of type Syslog via CIFS, at this point is connecting to the share, but how to create rules, i am testing with a server.log from epo and this is the format in the logs without headers:

20131130195109    I    #07672    NAIMSRV     Processing agent props for micvmove07(F86663EF-B8BB-E111-839A-000000000000)

20131130195109    I    #07672    NAIMSRV     Sending props response for agent micvmove07, agent has up-to-date policy

The doc is very ambigous and not clear, anybody has a example?

Regards

Bernardo.

1 Reply
lichnt
Level 7
Report Inappropriate Content
Message 2 of 2

Re: How to parse log files via CIFS and ASP

You can access : http://gskinner.com/RegExr/ to parser log .

i has example

i have event log query dns of BIND 9 :

<166>named[28925]: queries: info: client 192.168.16.75#55294: view localhost_resolver: query: microsoft.com IN A +

i  parser  rule parser as:

.*?client\s(\d+\x2e\d+\x2e\d+\x2e\d+)+\W+(\d+)+.*?query\x3a\s+(.*?)IN

when at policy editor :

02.png

you can read :  http://kb.mcafee.com/agent/index?page=content&id=KB78119 to can know rule parser

Luck!