Video Screencast Help
Search Video Help Close Back
to help

Create a Pattern to this CustomLog

Created: 16 Feb 2012 | 3 comments
Leonardo Ferla's picture
Leonardo Ferla
0 0 Votes
Login to vote

Hi guys. I have this log to collect and correlate. Im thinking to use Customs Logs, but I dont know how to create a pattern. Somebody can help me?

<EventID>10</EventID><Timestamp>2/12/2012 2:32:33 PM</Timestamp><UserID>xxxxxxxxx</UserID><UserAgent>Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)</UserAgent><UserHostAddress>192.168.10.1</UserHostAddress><Message>GetUser Success</Message><Realm>SecureAuth</Realm><Appliance>secureauth01.com.br</Appliance><Company>Contoso</Company>

Thanks

Discussion Filed Under:
,

Comments 3 CommentsJump to latest comment

Avkash K's picture
Avkash K
Create a Pattern to this CustomLog - Comment:16 Feb 2012 : Link

Hi,

 

You can use Universal Collector OR Collector studio for your customized collector requirement.

Regards,

Avkash K

0
Login to vote
  • Actions
Leonardo Ferla's picture
Leonardo Ferla
Create a Pattern to this CustomLog - Comment:17 Feb 2012 : Link

Hi Avkash.

I don´t have the Collector Stdudio. If I use Universal Collector, can you provide an example, just to understand the concept?

Thanks

Leonardo Ferla
 

0
Login to vote
  • Actions
Avkash K's picture
Avkash K
Create a Pattern to this CustomLog - Comment:18 Feb 2012 : Link

Hi,

First of all, following Universal Event Collectors are available:

  • Universal LogFile Event Collector

    Collects events from products that log to text files.

  • Universal Syslog Event Collector

    Collects events from products that log events by using the Syslog protocol.

  • Universal Event Collector for Microsoft Windows

    Collects events from Microsoft Windows event logs.

  • Universal Event Collector for Microsoft Windows Vista

    Collects events from Microsoft Windows Vista, Windows Server 2008, and Windows 7 event logs.

 

Decide what type of collector you are going to use.

Below document will help you in configuring the Univesal Event collectors in proper fashion depending on your requirements.

Symantec™ Universal Event Collectors 4.4 for Symantec Security Information Manager 4.7 Implementation Guide:

http://www.symantec.com/docs/DOC2494

 

Below are some more articles which can help you in your requirements:

SPECIFYING “LOG FILE NAME” PATTERNS FOR LOG FILE SENSORS:

http://www.symantec.com/docs/TECH146007

 

How “Log File Name” patterns works with Symantec Security Information Manager Event Collector Log File Sensor:

http://www.symantec.com/docs/TECH141570

 

I think this will help you in clearing all your concepts......

Regards,

Avkash K

0
Login to vote
  • Actions