Firewalls - How to add

In the case of Firewall logs, you have to import the logs in to EventLog Analyzer. After importing the logs extract the custom fields specific to the Firewall logs.

Add Firewalls to monitor

Import Firewall Logs

 

  1. To import Custom Logs, Choose 'Automatically Identify' option from 'Choose Log Format' field

  2. You can choose to import the logs once or at a regular interval using the 'Time Interval' filed options. If you choose to import the logs once, select 'Import Once' option from this field. Alternatively, if you want to import the logs at a regular time interval, you can choose from the options 'Import Every Hour', 'Import Every Day' or 'Import Every <xxx> Minutes'

  3. Browse the the custom log using 'Choose File' button in the 'File Location' field

  4. If you want to import your custom logs on a periodical basis, and if your log name also changes at regular intervals, then you can mention it by checking 'Does the filename changes periodically' option. After checking the option, provide the filename pattern of the custom log in 'Filename Pattern' field. You can choose the pattern from the predefined list or you can also provide your own  pattern using '+' option.

Add Windows Hosts

Note:
Providing the filename pattern helps in identifying the custom logs on each periodical imports, even if its name is changed.

  1. Associate the custom logs to a host. You can also choose a host, that has already been added to the EventLog Analyzer server,using 'Existing Host' link

  2. You can choose to extract fields from your custom logs even before the import, so that your logs have those custom fields on import. Choose the 'Field Extraction' option for extracting fields from the custom logs

Field Extraction for Custom Logs

 

ULPI - Field Extraction

 

  1. The field extraction page provides you with 10 default fields which are extracted for the custom logs. You can delete or modify these default fields

  2. You can also create a custom field.For creating custom fields, click on the tools icon at the right end corner of your log message

Custom Field Extraction

 

Custom log - Field Extraction

  1. Select and click the value of the field to be extracted

  2. Provide the Field name and provide the appropriate Prefix and Suffix option. This will help you in exact extraction of the fields. Then click on 'Create Pattern'

  3. After the pattern has been generated, click on Validate pattern. If the generated pattern does not match your criteria, click on Choose another pattern

  4. Once the pattern is generated as per your requirement, click on Save Pattern to save the extracted field

Custom Logs Field Extraction

 

  1. Now we will have the custom fields in the left pane
  2. Click on the Import Now button to import the custom logs. This log will now have all the custom and default fields on import