Uploaded image for project: 'Metron (Retired)'
  1. Metron (Retired)
  2. METRON-150

Create WebSphere Parser

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Done
    • Minor
    • Resolution: Done
    • None
    • None

    Description

      Create a parser for the IBM WebSphere telemetry source. This data source has four formats that should be parsed as specified below.

      LOGIN

      <133>Apr 15 17:47:28 ABCXML1413 [rojOut][0x81000033][auth][notice] user(rick007): [120.43.200.6]: User logged into 'cohlOut'.
      ...

      {"severity":"notice","hostname":"ABCXML1413","event_type":"auth","original_string":"<133>Apr 15 17:47:28 ABCXML1413 [rojOut][0x81000033][auth][notice] user(rick007): [120.43.200.6]: User logged into 'cohlOut'.","event_code":"0x81000033","security_domain":"rojOut","event_subtype":"login","priority":133,"ip_src_addr":"120.43.200.6","timestamp":1460742448000,"username":"rick007"}

      LOGOUT

      <134>Apr 15 18:02:27 PHIXML3RWD [0x81000019][auth][info] [14.122.2.201]: User 'hjpotter' logged out from 'default'.
      ...

      {"severity":"info","hostname":"PHIXML3RWD","event_type":"auth","original_string":"<134>Apr 15 18:02:27 PHIXML3RWD [0x81000019][auth][info] [14.122.2.201]: User 'hjpotter' logged out from 'default'.","event_code":"0x81000019","security_domain":"default","event_subtype":"logout","priority":134,"ip_src_addr":"14.122.2.201","timestamp":1460743347000,"username":"hjpotter"}

      RBM

      <131>Apr 15 17:36:35 ROBXML3QRS [0x80800018][auth][error] rbm(RBM-Settings): trans(3502888135)[request] gtid(3502888135): RBM: Resource access denied.
      ...

      {"severity":"error","hostname":"ROBXML3QRS","process":"rbm","event_type":"auth","original_string":"<131>Apr 15 17:36:35 ROBXML3QRS [0x80800018][auth][error] rbm(RBM-Settings): trans(3502888135)[request] gtid(3502888135): RBM: Resource access denied.","event_code":"0x80800018","security_domain":null,"message":"trans(3502888135)[request] gtid(3502888135): RBM: Resource access denied.","priority":131,"timestamp":1460741795000}

      OTHER

      <134>Apr 15 17:17:34 SAGPXMLQA333 [0x8240001c][audit][info] trans(191): (admin:default:system:*): ntp-service 'NTP Service' - Operational state down
      ...

      {"severity":"info","hostname":"SAGPXMLQA333","process":"trans","event_type":"audit","original_string":"<134>Apr 15 17:17:34 SAGPXMLQA333 [0x8240001c][audit][info] trans(191): (admin:default:system:*): ntp-service 'NTP Service' - Operational state down","event_code":"0x8240001c","security_domain":null,"message":"(admin:default:system:*): ntp-service 'NTP Service' - Operational state down","priority":134,"timestamp":1460740654000}

      Attachments

        Activity

          People

            otto Otto Fowler
            DomenicPuzio Domenic Puzio
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 24h
                24h
                Remaining:
                Remaining Estimate - 24h
                24h
                Logged:
                Time Spent - Not Specified
                Not Specified