Forum Discussion

omrip's avatar
omrip
Copper Contributor
Oct 17, 2019

Parsing syslog

1. i am ingesting firewall logs as syslog and trying to parse out the fields accordingly using the split command, i have a problem that the beginig of the logs is not piped and i have made the split ...
data collection
Log Data
CliveWatson's avatar
CliveWatson
Former Employee
Oct 20, 2019

omrip 

 

CommonSecurityLog
| getschema 
| summarize count(ColumnName) 

Syslog
| getschema 
| summarize count(ColumnName)

 

I make the difference 152 vs 15 columns of data,  are there certain columns you are missing in Syslog?  Is the data you require in the Syslog but needs extracting / parsing which is I believe one of the things CEF does for you?   BTW, I'm no expert on CEF or Syslog, but keen to understand your use case.

 

Thanks 

 

 

Villagerchan8829's avatar
Villagerchan8829
Copper Contributor
Jan 12, 2025

*Jan 11 23:43:30: %SYS-5-CONFIG_I: Configured from console by admin0001 on vty0 (192.168.10.1)

*Jan 11 23:43:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/2, changed state to up

Hello CliveWatson May get for advise, I would like to parse syslog message above for example logs. I'm still looking for the document to parse the syslog messages. please help me to guide and how can i parse for like above messages.