1 Reply Latest reply on Apr 9, 2013 7:09 AM by artek

    Parse and display an event category

    mlopezt

      Hi all, it is my first consultation, perhaps the answer lies elsewhere, but so far I have not found.

      I wonder if it is possible to realize a parsing rule and then a view, where I show the categories of events blocked / allowed by the firewall (McAfee Firewall Enterprise ASP).

       

      That is that you can show the category that appears in syslog as sf_cat

       

      i.e : ...url = "http://www.mcafee.com/" result_code = 301, sf_cat = "Business, Software / Hardware" sf_action = ALLOW..."

       

      Currently this event is detected by the parsing rule "McAfee_FW_Ent Net traffic - Session end", but nowhere shows me which category has this event.

       

       

      from already thank you very much.

       

      Regards

      Mauricio L.