Resolution
fact
Security Manager 4.10
symptom
fix
note
Security Manager 4.10
symptom
How do I use the parsing capabilities of the new Application Log Provider?
fix
The following fields determine how the provider will parse the logs. These options are on the Parsing tab of the provider.
- Enable Parsing
Specifies whether to parse information gathered from the specified application log. - Date/Time starting position
Specifies the location of the application log file. For example, to start at the first position for a date and time entry such as Mar 21 2002 10:10:23, enter 1. This field is available only when you select Enable Parsing for a syslog port application log file. - Date/Time field length
Specifies the number of characters to allow for date and time information. For example, to specify the length for a date and time entry such as Mar 21 2002 10:10:23, enter 20. This field is only available when you select Enable Parsing for a syslog port application log file. - Valid field delimiters
Specifies valid characters that delimit information in a log file. This field is available only when you select Enable Parsing. - Enable space as a delimiter
Specifies to use a space as the delimiting character. This field is available only when you select Enable Parsing. - Enable tab as a delimiter
Specifies to use a tab as the delimiting character. This field is available only when you select Enable Parsing. - Parameter to use as Event Id
Specifies the event ID you want to assign to log entries. Enter 0 or leave this field blank if you do not want to use a parameter for the event ID. This field is available only when you select Enable Parsing. - Event source
Specifies the source of events. This field is available only when you select Enable Parsing.
note
The parsing capabilities are new to Security Manager 4.10 and are only available for the following application log types:
- Generic single-line log file
- Syslog port
Additional Information
Formerly known as NETIQKB16873