cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Windows default parser

by doing this, I am actually cancelling ALL existing Parsers (?) (for that specific windows event), meaning I have to re-create them in my new ASP rule?... hope I understood correctly.

if that is the case, it sounds very exhausting. is this the only solution?

I just want to add more data "on-top" of what already exists...

source user for example - sometimes extracted correctly and sometime it does not.

I want my ASP rule will provide another parsing layer in case the default one misses...

 

Re: Windows default parser

BTW

under "Order ASP Rule" I cant choose the type I assigned for the ASP rule,

it is not available on the drop down list [windows event log - WMI]

pbpillai
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 13 of 16

Re: Windows default parser

After selecting ‘Order ASP Rule’ you will have to click on the Custom tab and promote the specific custom rule to the highest order.

I would advise to go with Luke’ s recommendation to open a service request so that we can find out if the Windows default parser has any issues.

Re: Windows default parser

Opened a SR. Thank you.

Former Member
Not applicable
Report Inappropriate Content
Message 15 of 16

Re: Windows default parser

reset program

Re: Windows default parser

 Unfortunately we cange add or change fields for winodws but this Article helped me. No need to add any new fields. McAfee had it implemented already .Just in a weird way. Works if you want to drill down using event ID.

https://kc.mcafee.com/agent/index?page=content&id=KB90670&locale=en_US

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community