Help Center/ SecMaster/ Best Practices/ Log Access and Transfer Operation Guide/ Procedure/ (Optional) Step 10: Configure a Log Parser
Updated on 2024-11-18 GMT+08:00
View PDF

(Optional) Step 10: Configure a Log Parser

This topic describes how to configure a log parser to convert the log format in a codeless manner.

SecMaster provides log parser (rule) templates. You can use them directly. If the log parser (rule) templates cannot meet your log conversion requirements, you can create custom log parsers (rules).

Method 1: Using a Template

The following example shows how to parse DBAPPSecurity WAF logs.

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  4. In the navigation pane on the left, choose Settings > Collections. Then, select the Parsers tab.

    Figure 2 Accessing the Parsers tab page

  5. On the Parsers tab page, click the Templates tab.
  6. On the template list page, locate the row that contains Analysis of Anheng WAF log and click Create by Template in the Operation column.
  7. On the Create Parser page, set parameters.

    Table 1 Parameters for adding a parser

    Parameter

    Description

    Basic Information

    Name

    Parser name, which is automatically generated by the system based on the template and can be changed.

    Description

    Parser description, which is automatically generated by the system based on the template and can be modified.

    Rules

    Parsing rules, which are automatically generated by the system based on the template. You can edit them as needed.

    To add a rule, click Add, select a rule type, and set parameters based on the selected rule.

    • Parsing rule: Select parsing rules for the parser. For details about the parameters, see Parser Rules.
    • Conditional control: Select the conditions for the parser. You can select If, Else, or Else if.

  8. Click OK in the lower right corner of the page.

Method 2: Creating a Custom Parser

If the log parser (rule) templates cannot meet your log conversion requirements, you can create custom log parsers (rules).

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 3 Workspace management page

  4. In the navigation pane on the left, choose Settings > Collections. Then, select the Parsers tab.

    Figure 4 Accessing the Parsers tab page

  5. On the Parsers tab, click Add.
  6. On the Create Parser page, set parameters.

    Table 2 Parameters for adding a parser

    Parameter

    Description

    Basic Information

    Name

    Set the parser name.

    Description

    Enter the parser description.

    Rules

    Set the parsing rule of the parser. The procedure is as follows:

    1. Click Add and select a rule type.
      • Parsing rule: Select parsing rules for the parser. For details about the parameters, see Parser Rules.
      • Conditional control: Select the conditions for the parser. You can select If, Else, or Else if.
    2. Set parameters based on the selected rule.

  7. Click OK in the lower right corner of the page.
Parent topic: Procedure