Create a Post
Showing results for 
Search instead for 
Did you mean: 

Creating a syslog parser for Email

I am trying to build a parser for the Barracuda Email Security Gateway.

The first order of business is to know what I should use as Product Name. In the R80.20 log I can select as filter blade:"Anti-Spam and Email Security" but I am not sure what the equivalent is for the Eventia Log Parsing Editor.

Then I am trying to figure out which fields I can use.

Labels (1)
5 Replies

My first attempt is online on syslog2checkpoint/BSF at master · hvdkooij/syslog2checkpoint · GitHub 

It at least has only hits and partial hits on the sample syslog set I have collected from my test Barracuda.

The partial hits look like something I can't fix with the Eventia Log Parsing Editor. So I may have to dive in and fix it manually.

The tricky thing is that I have a starting match that results in 3 main patterns and 1 of them has 2 rather different subsections. And I couldn't find a way to get that fixed with said tool.

0 Kudos

Actually the code is now documented in the appendix of the Logging and Monitoring manual

Appendix: Manual Syslog Parsing 

All we need now is a good definition of all the fields we are allowed to use.

The LEA field guide from 2014 is ... not entirely up-to-date.

0 Kudos

One challenge is to understand which action values I can use for:


0 Kudos

The first draft version is working (well sort of ...) but I would like to refine and enhance it once I have more insight in the exact field names I can use in Check Point.

So my lab SmartCenter now is more or less becoming my SIEM.

0 Kudos

As I am not shy of doing some reverse engineering .....

I started to put a field list on syslog2checkpoint/ at master · hvdkooij/syslog2checkpoint · GitHub 

Anyone willing to contribute let me know through github.