How do I use the parsing capabilities of the new Application Log Provider? (NETIQKB16873)

  • 7716873
  • 02-Feb-2007
  • 03-Mar-2008

Resolution

fact
Security Manager 4.10

symptom

How do I use the parsing capabilities of the new Application Log Provider?



fix

The following fields determine how the provider will parse the logs.  These options are on the Parsing tab of the provider.

  • Enable Parsing

    Specifies whether to parse information gathered from the specified application log.
  • Date/Time starting position

    Specifies the location of the application log file. For example, to start at the first position for a date and time entry such as Mar 21 2002 10:10:23, enter 1. This field is available only when you select Enable Parsing for a syslog port application log file.
  • Date/Time field length

    Specifies the number of characters to allow for date and time information. For example, to specify the length for a date and time entry such as Mar 21 2002 10:10:23, enter 20. This field is only available when you select Enable Parsing for a syslog port application log file.
  • Valid field delimiters

    Specifies valid characters that delimit information in a log file. This field is available only when you select Enable Parsing.
  • Enable space as a delimiter

    Specifies to use a space as the delimiting character. This field is available only when you select Enable Parsing.
  • Enable tab as a delimiter

    Specifies to use a tab as the delimiting character. This field is available only when you select Enable Parsing.
  • Parameter to use as Event Id

    Specifies the event ID you want to assign to log entries. Enter 0 or leave this field blank if you do not want to use a parameter for the event ID. This field is available only when you select Enable Parsing.
  • Event source

    Specifies the source of events. This field is available only when you select Enable Parsing.



note

The parsing capabilities are new to Security Manager 4.10 and are only available for the following application log types:

  • Generic single-line log file
  • Syslog port


Additional Information

Formerly known as NETIQKB16873