Custom Log Query
I'm looking at using the universal log file collector to read in a variety of csv files, mainly for log storage but also some correlation. A fair bit of googling got me thinking this was quite simple, but when I look at the Custom Log option in the Web GUI all I see are options to add Direct and Literal pattern mappings, these are drop down boxes only. Reading the 4.7.4 User Guide I should be able to add a pattern referencing informal fields, so my csv will look something like:
01/01/01,12:00,testuser,1.2.3.4,5.6.7.8
Date, Time, User Name, Source IP, Destination IP
and I'd like to pattern map them using field1, field2, field3 etc as described in the User Guide. Page 207 lists the three different types of pattern matching, but on the actual GUI there are only two available? I looked in the earlier 4.7 User Guide and it goes into more detail and actually shows a table with exactly what I want to do, but i can't see how to input this in the Web GUI. What am I missing?
Thanks
Mike
Comments
Have you gone through this
Have you gone through this guide?
Symantec™ Universal Event Collectors 4.4 for Symantec Security Information Manager 4.7 Implementation Guide:
http://www.symantec.com/docs/DOC2494
Regards,
Avkash K
I think that document is out
I think that document is out of date as it references three types of mappings, direct, pattern and literal, there are no longer three available in the Web GUI! typically it's the one I want that no longer exists.
Would you like to reply?
Login or Register to post your comment.