[Lognorm] Syntax questions
Sam Castellano
scastellano at quadrantsec.com
Mon Sep 18 19:43:41 CEST 2017
Good afternoon,
I am having an issue parsing my log that has backslashes "\" in it. The rules I am writing are getting stuck and telling me the unparsed portion starts with the "\". Also the originial log has 1 "\" but the returned parsed data shows two "\" as such "\ \". Also, I am trying to work with the string-to parameter and am having trouble. I was hoping you could show me a quick and easy example of a log and rule to help me comprehend it.
Best regards-
Sam Castellano
Security Analyst
Quadrant Information Security
O: (904)296-9100 x100
T: (800) 538-9357 x100
E: soc at quadrantsec.com
Learn more about our managed SIEM [ https://quadrantsec.com/SaganMSSP | people + product ]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.adiscon.net/pipermail/lognorm/attachments/20170918/78365fb9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2132 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.adiscon.net/pipermail/lognorm/attachments/20170918/78365fb9/attachment.bin>
More information about the Lognorm
mailing list