Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[STRM] How to parse events from a payload and display them in customized columns

0

0

Article ID: KB25288 KB Last Updated: 25 Aug 2014Version: 2.0
Summary:

This article provides information on how to parse events from a payload and display them in customized columns.

Symptoms:

Display the parsed data from the payload in logs or columns for easy reference.

Cause:

Solution:

Use RegEx to parse the required data to filter and view in STRM.

The example procedure below shows a way to filter the column name in the data payload and display the name in the Log Activity window.

A Regular Expression is used to parse the required data from the payload.

Parse the Events

1. Select an event in the event viewer, which has the policy name in the payload.

2. Double-click the event to open its details.

3. Select Extract Property from the menu bar. The Custom Event Properties window opens.

4. Select Policy from the Existing Property drop-down menu.

5. Select the Optimize parsing for rules, reports and searches check box.

6. Type a description in the Description text field.

7. Verify the Log Source Type and ensure that All is selected for Log Source.

8. Select the Category radio button and set the High and Low Level Category to Any.

9. Add the Policy-Name="(.*?)" RegEx string.

10. Click Save.


Add the Policy Column to the Event Search

1. From the Log Activity window, select Edit Search from the menu bar.

2. Scroll down to the bottom of the page, find the Policy column from the Available Columns list, and add it to the displayed columns.

3. Move the policy to the required position in the output.


View the Parsed Information


Note: This procedure can also be used to parse and filter other fields in the payload with RegEx operators.


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search