Skip to main content
McAfee Enterprise MVISION Cloud

Config Log Processing Sub Configuration - Ingest Log from Syslog

Ingest Log From Syslog

Files read from Syslog are written to a folder or directory. You can use a log file from Syslog to create the Log Parser configuration. Select any file from the 10 most recent files. The file is truncated to the first 1000 lines to create the parser configuration.

To configure Log Parser for a log file from Syslog, perform the following steps:

  1. Go to Infrastructure > Cloud Connector.
  2. Select the Cloud Connector instance you want to configure. 
  3. Click the Log Processing tab.
  4. Click Add new Sub-Configuration.
  5. Click Ingest Log From Syslog.

NOTE: If Syslog is NOT enabled for the Cloud Connector instance, you see an error message.
5.png

  1. Click Configure Syslog. (For instructions, see Cloud Connector Config Syslog.)
    6.png
  2. Once uploaded, a preview of the default Log Parser settings displays. You can customize the Log Parser settings based on your log format. For details, see Settings to Parse the Log file.
  3. Click Next.
  4. On the Evaluate Parsed Result page, verify the parsed result. To modify any column, select the edit icon. For details, see Evaluate Parsed Result.
    9.png
  5. On the Map Required Log Fields page, review the list of attributes and make sure that the required fields are mapped to corresponding fields from the log file. To add or change the mapping of attributes, see Mapping Log Fields. Later, you can view the mapped log fields in the Preview section.
    10.png
  6. On the Validate Format page, review mapped formats for accuracy. Items in red must be mapped manually. For details, see Validate Mapped Formats.
    11.png

NOTE: The Date Format is auto-populated based on the Date or Timestamp Fields mapped on the previous page.

  1. On the Sub-Configuration page, you can edit, review, and save your configuration. For details, see Sub-Configuration.
  • Was this article helpful?