...
Apr 01 16:38:29 CNOC-01 b102ogt: [SYSTEM]<6> Local authentication failed(user: admin): Admin password error.
Create Parser Rules
opEvents will process the syslog log file as specified on opCommon.json.
Code Block |
---|
"opevents_logs" : {
"traplog" : [
"<nmis9_logs>/trap.log"
],
"nmis_eventlog" : [
"<nmis9_logs>/event.log"
],
"tivoli_log" : [
"<nmis9_logs>/tivoli.log"
],
"cisco_compatible" : [
"<nmis9_logs>/cisco.log"
],
"syslog_message" : [
"<nmis9_logs>/syslog.log"
],
"winlogd" : [
"<nmis9_logs>/winlogd.log"
]
}, |
When parsing the traps, at least the following properties should be extracted:
- date
- host
- trap
- details
- event
- element
- stateful
- state
- priority
The shipped version of EventParserRules.json
has a syslog section that will extract the date, host and details fields for most situations.
This article focuses on situations where customers want customization for the remaining fields.