Collect logs from a .txt file located on a Windows Server.
I've created the regex expression to collect the data that I'm interested of in this log file.
I've never created a customized parser before and looking for some guidance. Either by linking to some good turtorial/documents or by comments.
What kind of Data Source should I add in the ESM? How do I specify this specific log file on the remote server? And how do I implement this regex expression for normalization/categorization etc.
I have used these documents to create a few.
For me, delivery was an issue. I have the agent installed on a box (or two) that goes out and tails all of my logs like this. For some linux ones I have added, I just had it push it to the receiver via syslog.
Edit: Fixed links.