1 2 Previous Next 10 Replies Latest reply on Oct 20, 2017 2:39 PM by srobison62

    Custom Parser help

    srobison62

      We created a parser for an ESM that is sending correlated events to a syslog forwarder, and then our master ESM is getting those forwarded events.  Currently we are able to parse out the pertinent data, but when you look at the dashboard instead of seeing the event ID like you would normally see, you just see SYSLOG-NG.  The event ID is visible in the log but I cant edit Rule_Message in the Field Assignment.  Has anyone worked with anything like this before?

        1 2 Previous Next