cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

NGINX logs to ESM

Jump to solution

Hi everybody.

My ESM not parsing ngnix logs (I see "unknown event"). I tried to find regex for nginx in "Advanced Syslog Parser Rule", but not found. It's a true, that there is no parser rule for nginx and I need to create my own?

1 Solution

Accepted Solutions
Reliable Contributor brenta
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: NGINX logs to ESM

Jump to solution

You will need to make your own parser. It's always best to make your own, this ensures the valuable fields are parsed from the packets.

Brent
1 Reply
Reliable Contributor brenta
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: NGINX logs to ESM

Jump to solution

You will need to make your own parser. It's always best to make your own, this ensures the valuable fields are parsed from the packets.

Brent
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center