log exporter fieldmapping.xml - how to exclusions?

Ambross — Mon, 22 Apr 2024 08:04:06 GMT

Hello Everyone,

i would like to understand how to exclude certain log fields of certain blades.

As far as i unterstand and according to sk122323, you add a filterGroup to the fieldmapping.xml, so this is what i came up with so far:

<filterGroup operator="and">  <product name="Firewall" operator="and"> <field name="layer_name" operator="or"></field> <field name="layer_uuid" operator="or"></field> <field name="logid" operator="or"></field> <field name="nat_addtnl_rulenum" operator="or"></field> <field name="parent_rule" operator="or"></field> <required>false</required> </product>  <product name="HTTPS Inspection" operator="and"> <field name="https_inspection_rule_id" operator="or"></field> <field name="service" operator="or"></field> <field name="proto" operator="or"></field> <field name="ifdir" operator="or"></field> <required>false</required> </product>  <product name="Threat Emulation" operator="and"> <field name="file_sha1" operator="or"></field> <field name="file_sha256" operator="or"></field> <field name="layer_uuid" operator="or"></field> <required>false</required> </field> </product> </filterGroup>

Am i on the right track? I feel like this is not a difficult task, but i cant wrap my head around about what the interpreter expects.

Has someone done this before and can give me some advise?

Re: log exporter fieldmapping.xml - how to exclusions?

Amir_Senn — Mon, 22 Apr 2024 09:53:59 GMT

AFAIK the filter configuration of log exporter is to exclude entire logs and not specific fields.

topic log exporter fieldmapping.xml - how to exclusions? in API / CLI Discussion

log exporter fieldmapping.xml - how to exclusions?

Re: log exporter fieldmapping.xml - how to exclusions?