About the Log Parsers Page
To access this page, click Configure > Insights > Log Parsers.
Use the flexible log parser to define how the system log data must be parsed. The flexible parser enables you to provide a sample of your logs to create a new parser, parse the logs, normalize the fields, filter logs based on your configured criteria, and assign severity and semantics to various fields. You can create multiple parsers for different log sources. You can also import the parsers from a file or export the parsers to a standard file that can be saved and shared.
Security Director Insights includes prepackaged parsers for SRX Series device logs. You can export a prepackaged parser to a file and save a copy of that parser. This is a sample parser. You can add any logs to it, change the filter criteria, or modify the conditions for severity settings according to your environment and Security Operation Center (SOC) process. Before modifying a prepackaged log parser, it’s good to export it to a file and save a copy of the default parser. You can always import it back to the SRX Series device if you need it later.
Tasks You Can Perform
You can perform the following tasks from the Log Parsers page:
Create a new log parser. See Create a New Log Parser.
Import and export log parsers. See Import and Export Log Parsers.
Edit and delete a log parser. See Edit and Delete a Log Parser.
Field Descriptions
Table 1 provides guidelines to configure the Log Parsers.
Table 1: Fields on the Log Parsers Page
Field | Description |
---|---|
Name | Specifies the name of the log parser that you have created. |
Description | Specifies the corresponding description provided for the log parser. |