Forum Discussion
Syslog Message parser
Hi All, I have below syslog message which need to be parsed. I tried to parse manually however, since its not being ingested as raw log so manually parsing does not work. Any help would be gre...
There are lots of examples in the Sentinel github: https://github.com/Azure/Azure-Sentinel/search?q=syslog+syslogmessage
Typically people use extract or matches regex, but parse, parse-where or split also work, some of the ASIM parsers are very recent like this one: https://github.com/Azure/Azure-Sentinel/blob/2c16f2a009afd5cd8b6c2baf2d07a7beb8c79854/Parsers/ASimDns/Parsers/ASimDnsInfobloxNIOS.yaml
Typically people use extract or matches regex, but parse, parse-where or split also work, some of the ASIM parsers are very recent like this one: https://github.com/Azure/Azure-Sentinel/blob/2c16f2a009afd5cd8b6c2baf2d07a7beb8c79854/Parsers/ASimDns/Parsers/ASimDnsInfobloxNIOS.yaml