Post Processing

The Post Processing action allows you to re-parse a message after it has been processed e.g. Tab Delimited format.

Such re-parsing is useful if you either have a non-standard Syslog format or if you would like to extract specific properties from the message.

The post process action takes the received message and parses it according to a parse map. The parse map specifies which properties of which type are present at which position in the message. If the message actually matches the parse map, all properties are extracted and are set as part of the event. If the parse map does not match the message, parsing stops at the first-non matching entry.

Templates

Parse maps can be quite complex. In order to facilitate exchange for parse maps, they can be persisted to XML files. Adiscon also plans to provide parse maps for some common devices.

We know that creating a parse map is often not a trivial task. If you are in doubt how to proceed, please contact us via the Customer Service System - we will happily assist you with your needs. In this case, you will probably receive a parse map file that you can import here.

The Parse Map Editor

In this dialog, you can edit only in the text boxes above the data grid. When you select an entry in the grid, its values are updated in the textboxes. Any edits made there will automatically be reflected to the grid. Pressing Insert or Delete will create a new entry or delete the currently selected one.

Property Name

File Configuration field:
szProperty_[n]
Description:

The property name that is to be parsed. The list box is pre-populated with standard and event properties. However, you can add any property name you like. If you create your own properties, we highly recommend prefixing their name with “u-” so that there will be no duplicates with standard properties. Adiscon will never prefix any properties with “u-“. For example, if you would like to create a custom property “MyProperty”, we highly suggest that you use the property name “u-MyProperty” instead.

The property name “Filler” is reserved. Any values assigned to the Filler-property will be discarded. This is the way to get rid of fill-characters that you do not really need.

Type

File Configuration field:
nCount
Description:

nSyntax_[n]

  • Integer = 101
  • IPV4Addr = 102
  • CharMatch = 201
  • RestOfMessage = 202
  • Word = 203
  • UpTo = 204
  • TimeStampISO = 301
  • TimeStampUNIX = 302

Delay between Plays

File Configuration field:
nDelay
Description:
If multiple repeats are specified, this is the amount of time that is to be waited for between each individual play.