Highlighted
Established Member.. anwarrhce1
Established Member..
1699 views

Squid Syslog Subagent Flex Connector Parser

This is a map to my Documents from my old post to Connectors space.

Dear Community,

I have recently accomplished developing a Squid Syslog Subagent parser and this made my life easier to not to install seprate squid connector, sharing log files over the network and lot many issues.

Now I have a Syslog Parser which parses logs from different Squid Versions:

Squid Version Tested:

2.6.STABLE21

2.6.STABLE22

Version 3.1.14 ( Current and latest stable ) This version was not supported with Squid SmartConnector.

Field Mappings are same as Squid SmartConnector with some little changes.

It also takes care of mapping device address field which is not in the case of Squid SmartConnector.

I'm attaching a RAR file which contains Squid.subagent.sdkrfilereader.properties file along with categorization file.

Place the parser in $ARCSIGHT_HOME\user\agent\flexagent\syslog\

and place the categorization squid folder in $ARCSIGHT_HOME\user\agent\acp\categorizer\current\

I'm also attaching screenshot for your information.

https://protect724.hp.com/servlet/JiveServlet/download/3194-1-8099/12-4-2012%206-29-40%20PM.png

https://protect724.hp.com/servlet/JiveServlet/download/3194-1-8100/Squid%20Subagent%20Parser.rar

Thanks,

Anwar

0 Likes
Reply
4 Replies
Established Member.. anwarrhce1
Established Member..

Re: Squid Syslog Subagent Flex Connector Parser

This post is just a mapping of my older post in connector space.

0 Likes
Reply
hmahesh1 Absent Member.
Absent Member.

Re: Squid Syslog Subagent Flex Connector Parser

Hello Anwar,

Good Day,

Currently, I have to build a custom connector for Array VPN syslog messages which is in Squid and WELF format.

We are using Logger Software(v5.3.1) on Linux. We have smart connector(V5.1) for windows syslogs.

Can you plz help o configure/devolp smart connector for Array VPN syslogs.

Thanks

Mahesh

0 Likes
Reply
dbs-neumann Absent Member.
Absent Member.

Re: Squid Syslog Subagent Flex Connector Parser

Hi Anwar,

thanks for developing the Squid Syslog Subagent parser. I installed the parser on our Connector Appliance in the folder as described but the parser didn't work. Do you have an idea or solution for me to setup the parser properly ?

Regards

Markus

0 Likes
Reply
es_melnikov
New Member.

Re: Squid Syslog Subagent Flex Connector Parser

To correctly determine the field "Request Protocol" is necessary to make the following change in Squid.subagent.sdkrfilereader.properties file line:

event.requestUrl=RequestURL

Replace the following line:

event.requestUrl=__ifThenElse(RequestMethod,"CONNECT",__concatenateDeleting("https://",RequestURL,":443"),RequestURL)

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.