1055| External Services Interface AOS-W 6.5.3.x| User Guide
In the CLI
Use these CLI commands to manage syslog parser domains.
Adding a new syslog parser domain
esiparserdomainname
peerpeer-ip
serveripaddr
Showing ESI syslog parser domain information
showesiparserdomains
Deleting an existing syslog parser domain
noesiparserdomainname
Editing an existing syslog parser domain
esiparserdomainname
no
peerpeer-ip
serveripaddr
Managing Syslog Parser Rules
The following sections describe how to manage syslog parser rules using the WebUI and CLI.
In the WebUI
Click on the Syslog Parser Rules tab to display the Syslog Parser Rules view. This view displays a table of rules
with the following columns:
n Name— rule name
n Ena—where “y” indicates the rule is enabled and “n” indicates the rule is disabled (not enabled)
n Condition—Match condition (a regular expression)
n Match—Match type (IP address, MAC address, or user)
n User—Match pattern (a regular expression)
n Set—Set type (blacklist or role)
n Value—Set value (role name)
n Domain—Parser domain to which this rule is to be applied
n Actions—The actions that can be performed on each rule.
Adding a new parser rule
To add a new syslog parser rule:
1. Click Add in the SyslogParser Rules view. The system displays the new rule view.
1. In the Rule Name text box, type the name of the rule you want to add.
2. Click the Enable checkbox to enable the rule.
3. In the Condition Pattern text box, type the regular expression to be used as the condition pattern.
For example, “log_id=[0–9]{10}[]” to search for and match a 10-digit string preceded by “log_id=” and
followed by one space.
4. In the drop-down Match list, use the drop-down menu to select the match type (ipaddr, mac, or user).
5. In the Match Pattern text box, type the regular expression to be used as the match pattern.
To Next Page
Loading...