1 Reply Latest reply on Apr 9, 2013 7:09 AM by artek

    Parse and display an event category


      Hi all, it is my first consultation, perhaps the answer lies elsewhere, but so far I have not found.

      I wonder if it is possible to realize a parsing rule and then a view, where I show the categories of events blocked / allowed by the firewall (McAfee Firewall Enterprise ASP).


      That is that you can show the category that appears in syslog as sf_cat


      i.e : ...url = "http://www.mcafee.com/" result_code = 301, sf_cat = "Business, Software / Hardware" sf_action = ALLOW..."


      Currently this event is detected by the parsing rule "McAfee_FW_Ent Net traffic - Session end", but nowhere shows me which category has this event.



      from already thank you very much.



      Mauricio L.