Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

About the Log Parsers Page

To access this page, click Configure > Insights > Log Parsers.

Use the flexible log parser to define how the system log data must be parsed. The flexible parser enables you to provide a sample of your logs to create a new parser, parse the logs, normalize the fields, filter logs based on your configured criteria, and assign severity and semantics to various fields. You can create multiple parsers for different log sources. You can also import the parsers from a file or export the parsers to a standard file that can be saved and shared.

Security Director Insights includes prepackaged parsers for SRX Series device logs. You can export a prepackaged parser to a file and save a copy of that parser. This is a sample parser. You can add any logs to it, change the filter criteria, or modify the conditions for severity settings according to your environment and Security Operation Center (SOC) process. Before modifying a prepackaged log parser, it’s good to export it to a file and save a copy of the default parser. You can always import it back to the SRX Series device if you need it later.

Tasks You Can Perform

You can perform the following tasks from the Log Parsers page:

Field Descriptions

Table 1 provides guidelines to configure the Log Parsers.

Table 1: Fields on the Log Parsers Page

Field

Description

Name

Specifies the name of the log parser that you have created.

Description

Specifies the corresponding description provided for the log parser.