Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - EventsManager Section
  3. Articles

Adding a New Syslog Parsing Schema with Custom Regex Code in GFI EventsManager

Overview

This article provides a step-by-step process on adding a new Syslog Parsing Schema with Custom Regex code in the GFI EventsManager.

Process

  1. Stop the GFI EventsManager service and the GFI EventsManager Monitor service.
  2. Make a backup copy of ...\GFI\EventsManager2012\Data\toolcfg_syslogSchemas.xml.
  3. Open toolcfg_syslogSchemas.xml in a text editor.
  4. Before </Schemas>, add the following section: 
    <SyslogParseSchema>
    <SchemaName>RENAME</SchemaName>
    <Formats>
    <Format>
    <PriorityRegex>.*</PriorityRegex>
    <Regex>CUSTOMREGEX</Regex>
    </Format>
    </Formats>
    <Fields>
    </Fields>
    </SyslogParseSchema>
  5. Change RENAME to the desired name.
  6. Enter your custom REGEX between <Regex> and </Regex> replacing CUSTOMREGEX.
  7. Save and close the file.
  8. Start the GFI EventsManager service and the GFI EventsManager Monitor service.
  9. From the Console, choose Configuration > Event Sources. Right-click on Event Source Group and select Properties.
  10. Select the Syslog tab.
  11. From the Syslog Parsing Schema dropdown, select New Schema. Click OK.

Note: For an example and more information from the machine hosting GFI EventsManager, go to C:\Program Files (x86)\GFI\EventsManager2012\Data\Templates\Syslog Parsing Schema.mht.

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments