SecMaster
SecMaster
- What's New
- Function Overview
- Service Overview
- Billing
- Getting Started
-
User Guide
- Buying SecMaster
- Authorizing SecMaster
- Viewing Security Overview
- Workspaces
- Viewing Purchased Resources
- Security Situation
- Resource Manager
- Risk Prevention
- Threat Operations
- Security Orchestration
-
Playbook Overview
- Ransomware Incident Response Solution
- Attack Link Analysis Alert Notification
- HSS Isolation and Killing of Malware
- Automatic Renaming of Alert Names
- Auto High-Risk Vulnerability Notification
- Automatic Notification of High-Risk Alerts
- Auto Blocking for High-risk Alerts
- Real-time Notification of Critical Organization and Management Operations
-
Settings
- Data Integration
-
Log Data Collection
- Data Collection Overview
- Adding a Node
- Configuring a Component
- Adding a Connection
- Creating and Editing a Parser
- Adding and Editing a Collection Channel
- Managing Connections
- Managing Parsers
- Managing Collection Channels
- Viewing Collection Nodes
- Managing Nodes and Components
- Partitioning a Disk
- Logstash Configuration Description
- Connector Rules
- Parser Rules
- Upgrading the Component Controller
- Customizing Directories
- Permissions Management
- Key Operations Recorded by CTS
-
Best Practices
-
Log Access and Transfer Operation Guide
- Solution Overview
- Resource Planning
- Process Flow
-
Procedure
- (Optional) Step 1: Buy an ECS
- (Optional) Step 2: Buy a Data Disk
- (Optional) Step 3: Attach a Data Disk
- Step 4: Create a Non-administrator IAM User
- Step 5: Configure Network Connection
- Step 6: Install the Component Controller (isap-agent)
- Step 7: Install the Log Collection Component (Logstash)
- (Optional) Step 8: Creating a Log Storage Pipeline
- Step 9: Configure a Connector
- (Optional) Step 10: Configure a Log Parser
- Step 11: Configure a Log Collection Channel
- Step 12: Verify Log Access and Transfer
- Credential Leakage Response Solution
-
Log Access and Transfer Operation Guide
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
API
- Alert Management
- Incident Management
- Indicator Management
- Playbook Management
- Alert Rule Management
- Playbook Version Management
- Playbook Rule Management
- Playbook Instance Management
- Playbook Approval Management
- Playbook Action Management
- Incident Relationship Management
- Data Class Management
- Workflow Management
- Data Space Management
- Pipelines
- Workspace Management
- Metering and Billing
- Metric Query
- Baseline Inspection
- Appendix
- FAQs
On this page
Help Center/
SecMaster/
Best Practices/
Log Access and Transfer Operation Guide/
Procedure/
(Optional) Step 10: Configure a Log Parser
(Optional) Step 10: Configure a Log Parser
Updated on 2025-01-22 GMT+08:00
This topic describes how to configure a log parser to convert the log format in a codeless manner.
SecMaster provides log parser (rule) templates. You can use them directly. If the log parser (rule) templates cannot meet your log conversion requirements, you can create custom log parsers (rules).
Method 1: Using a Template
The following example shows how to parse DBAPPSecurity WAF logs.
- Log in to the management console.
- Click
in the upper left corner of the page and choose Security & Compliance > SecMaster. - In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 1 Workspace management page
- In the navigation pane on the left, choose Settings > Collections. Then, select the Parsers tab.
Figure 2 Accessing the Parsers tab page
- On the Parsers tab page, click the Templates tab.
- On the template list page, locate the row that contains Analysis of Anheng WAF log and click Create by Template in the Operation column.
- On the Create Parser page, set parameters.
Table 1 Parameters for adding a parser Parameter
Description
Basic Information
Name
Parser name, which is automatically generated by the system based on the template and can be changed.
Description
Parser description, which is automatically generated by the system based on the template and can be modified.
Rules
Parsing rules, which are automatically generated by the system based on the template. You can edit them as needed.
To add a rule, click Add, select a rule type, and set parameters based on the selected rule.
- Parsing rule: Select parsing rules for the parser. For details about the parameters, see Parser Rules.
- Conditional control: Select the conditions for the parser. You can select If, Else, or Else if.
- Click OK in the lower right corner of the page.
Method 2: Creating a Custom Parser
If the log parser (rule) templates cannot meet your log conversion requirements, you can create custom log parsers (rules).
- Log in to the management console.
- Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 3 Workspace management page
- In the navigation pane on the left, choose Settings > Collections. Then, select the Parsers tab.
Figure 4 Accessing the Parsers tab page
- On the Parsers tab, click Add.
- On the Create Parser page, set parameters.
Table 2 Parameters for adding a parser Parameter
Description
Basic Information
Name
Set the parser name.
Description
Enter the parser description.
Rules
Set the parsing rule of the parser. The procedure is as follows:
- Click Add and select a rule type.
- Parsing rule: Select parsing rules for the parser. For details about the parameters, see Parser Rules.
- Conditional control: Select the conditions for the parser. You can select If, Else, or Else if.
- Set parameters based on the selected rule.
- Click Add and select a rule type.
- Click OK in the lower right corner of the page.
Parent topic: Procedure
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.
