Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AkosBakos
Collaborator

Eventia Log Parsing tool tutorial/HowTo

Dear Community,

I'm newbie in this tool. I want to parse Juniper logs into SmartCenter.

My first step was successful -> the syslogs have been parsed into the SmartLog. I saw only the RAW syslog in the "Default Device Message" and nothing more.

I created a .C file, where I matched the detected fields one by one with the CP fields.

In the Product identification, I searched for this sting: "RT_FLOW_SESSION_CREATE"

After I wanted to simulate with an another syslog message that contained this sting, the matched fields (src, dst, etc.) weren't recognized.

I thought I made a tiny mistake but it ruins the whole parsing.

Maybe somebody has a .prs file that could share with me? 

BR

Akos

0 Kudos
3 Replies
the_rock
Legend
Legend

Its been ages since I worked with Juniper device. Are you getting any relevant error as far as logs in mgmt server?

Andy

0 Kudos
AkosBakos
Collaborator

Hi 

No error messages. The full syslog message is in that field, thatbI mentioned.

Therefore, I ask for a sample .prs file maybe somebody has one 😉

Br

Akos

0 Kudos
the_rock
Legend
Legend

Hopefully someone can provide it.

Cheers,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events