Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Syslog Message parser

Copper Contributor

Hi All,


   I have below syslog message which need to be parsed. I tried to parse manually however, since its not being ingested as raw log so manually parsing does not work. Any help would be greatly appreciated regarding parsing below syslog message. Thanks. 


APPTRACK_SESSION_CREATE: AppTrack session created> icmp UNKNOWN UNKNOWN> Wan-Out-1 N/A 1 audit-untrust zone-wan untrust 380677 N/A N/A UNKNOWN abc.1 N/A N/A N/A N/A




1 Reply
There are lots of examples in the Sentinel github:

Typically people use extract or matches regex, but parse, parse-where or split also work, some of the ASIM parsers are very recent like this one: