Skip to content

Commit 899b27f

Browse files
authored
Separated parser support block into snippet (#58)
Fixes: #56 A sentence regarding contacting Support is separated into snippet for the sake of reusability. Only existing instances are modified, might include to other parser pages as well. 'parser' property must be defined in page front matter for this to work properly, e.g. \--- title: Fortigate parser parser: fortigate ... \---
2 parents 7e41d07 + 3fff3e6 commit 899b27f

File tree

5 files changed

+7
-12
lines changed

5 files changed

+7
-12
lines changed
Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
If you find a message that the {{ page.parser }}-parser() cannot properly parse,
2+
contact Support, so we can improve the parser.

doc/_admin-guide/120_Parser/013_netskope_parser.md

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,7 @@ For example:
1616

1717
><134>{"count": 1, "supporting_data": {"data_values": ["x.x.x.x", "[email protected]"], "data_type": "user"}, "organization_unit": "domain/domain/Domain Users/Enterprise Users", "severity_level": 2, "category": null, "timestamp": 1547421943, "_insertion_epoch_timestamp": 1547421943, "ccl": "unknown", "user": "[email protected]", "audit_log_event": "Login Successful", "ur_normalized": "[email protected]", "_id": "936289", "type": "admin_audit_logs", "appcategory": null}
1818
19-
If you find a message that the netskope-parser() cannot properly parse,
20-
contact Support, so we can improve
21-
the parser.
19+
{% include doc/admin-guide/parser-support.md %}
2220

2321
The syslog-ng OSE application sets the ${PROGRAM} field to Netskope.
2422

doc/_admin-guide/120_Parser/018_websense_parser.md

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,7 @@ For example:
1717

1818
><159>Dec 19 10:48:57 EST 192.168.1.1 vendor=Websense product=Security product_version=7.7.0 action=permitted severity=1 category=153 user=- src_host=192.168.2.1 src_port=62189 dst_host=example.com dst_ip=192.168.3.1 dst_port=443 bytes_out=197 bytes_in=76 http_response=200 http_method=CONNECT http_content_type=- http_user_agent=Mozilla/5.0_(Windows;_U;_Windows_NT_6.1;_enUS;_rv:1.9.2.23)_Gecko/20110920_Firefox/3.6.23 http_proxy_status_code=200 reason=- disposition=1034 policy=- role=8 duration=0 url=https://example.com
1919
20-
If you find a message that the websense-parser() cannot properly parse,
21-
contact Support, so we can improve
22-
the parser.
20+
{% include doc/admin-guide/parser-support.md %}
2321

2422
The syslog-ng OSE application sets the ${PROGRAM} field to Websense.
2523

doc/_admin-guide/120_Parser/020_Fortigate_parser/README.md

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
---
22
title: Fortigate parser
33
id: adm-parser-fortigate
4+
parser: fortigate
45
description: >-
56
The Fortigate parser can parse the log messages of FortiGate/FortiOS
67
(Fortigate Next-Generation Firewall (NGFW)).
@@ -16,9 +17,7 @@ For example:
1617

1718
><189>date=2021-01-15 time=12:58:59 devname="FORTI_111" devid="FG100D3G12801312" logid="0001000014" type="traffic" subtype="local" level="notice" vd="root" eventtime=1610704739683510055 tz="+0300" srcip=91.234.154.139 srcname="91.234.154.139" srcport=45295 srcintf="wan1" srcintfrole="wan" dstip=213.59.243.9 dstname="213.59.243.9" dstport=46730 dstintf="unknown0" dstintfrole="undefined" sessionid=2364413215 proto=17 action="deny" policyid=0 policytype="local-in-policy" service="udp/46730" dstcountry="Russian Federation" srccountry="Russian Federation" trandisp="noop" app="udp/46730" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat="unscanned" crscore=5 craction=262144 crlevel="low"
1819
19-
If you find a message that the fortigate-parser() cannot properly parse,
20-
contact Support, so we can improve
21-
the parser.
20+
{% include doc/admin-guide/parser-support.md %}
2221

2322
By default, the Fortigate-specific fields are extracted into name-value
2423
pairs prefixed with .fortigate. For example, the devname in the previous

doc/_admin-guide/120_Parser/021_Checkpoint_parser.md

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,9 +20,7 @@ Splunk format:
2020

2121
>time=1557767758|hostname=r80test|product=Firewall|layer_name=Network|layer_uuid=c0264a80-1832-4fce-8a90-d0849dc4ba33|match_id=1|parent_rule=0|rule_action=Accept|rule_uid=4420bdc0-19f3-4a3e-8954-03b742cd3aee|action=Accept|ifdir=inbound|ifname=eth0|logid=0|loguid={0x5cd9a64e,0x0,0x5060a8c0,0xc0000001}|origin=192.168.96.80|originsicname=cn\=cp_mgmt,o\=r80test..ymydp2|sequencenum=1|time=1557767758|version=5|dst=192.168.96.80|inzone=Internal|outzone=Local|proto=6|s_port=63945|service=443|service_id=https|src=192.168.96.27|
2222
23-
If you find a message that the checkpoint-parser() cannot properly
24-
parse, contact Support, so we can
25-
improve the parser.
23+
{% include doc/admin-guide/parser-support.md %}
2624

2725
By default, the Check Point-specific fields are extracted into
2826
name-value pairs prefixed with **.checkpoint**. For example, the

0 commit comments

Comments
 (0)