Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.
Highlighted
dengxg Valued Contributor.
Valued Contributor.
778 views

Localization Symantec Endpoint Protection 11.0 in Simplified Chinese

SmartConnector Ver-4.6.6.5158.0 support Symantec Endpoint Protection 11.0,but it can't work whith SEP-11.0 (Simplified Chinese Version), So I ask arcsight support team, they give me regex parser file for SEP 11.0(English Version), I modified them following 'ArcSight SmartConnectors and Localization.pdf' and 'FlexConnectorDevConfig.pdf', The SmartConnector can work now, Following is steps. 1.research SEP raw log and regex parser file for SEP 11.0(English Version); 2.translate English word to chinese in regex parser file, it's very simple, for example,regex in english is 'Site:\\s*([^,]*),Server:\\s*([^,]*),(.*)',I change them to '站点{Site in chinese}:\\s*([^,]*),服务器{Server in chinese}:\\s*([^,]*),(.*)' 3.because chinese syntax is diffent from english, so I modified this type regex, for example, regex in english is 'Traffic from IP address (\\d+\\.\\d+\\.\\d+\\.\\d+) is blocked from (\\d+/\\d+/\\d+ \\d+:\\d+:\\d+ [AP]M) to (\\d+/\\d+/\\d+ \\d+:\\d+:\\d+ [AP]M).', I change them to '在{from in chinese} (\\d+-\\d+-\\d+ \\d+:\\d+:\\d+) 到{to in chinese} (\\d+-\\d+-\\d+ \\d+:\\d+:\\d+) 这段时间内禁止来自 IP 地址{is blocked from IP address in chinese} (\\d+\\.\\d+\\.\\d+\\.\\d+) 的通信。{Traffic in chinese}',because token numbers was changed, so I modified token types and mappings and timestamp formats. 4.in some regex, I need add more token. 5.download JDK, run native2ascii.exe in $JDK_HOME/jdk/bin, conver regex parser file, for example, native2ascii.exe symantecendpointprotection_regex.sdkrfilereader.properties symantecendpointprotection_regex.sdkrfilereader.properties.out 6.Place 2 modified and converted regex parser file in $ARCSIGHT_SMARTCONNECTOR/user/agent/fcp/symantecendpointprotection_syslog, restart connector, mapping can work. 6.beacuse many deviceEventClassId content are chinese, so standard category csv file can't work, maybe I need create them one by one. 7.I upload 2 regex parser file for SEP 11.0(English Version) , 2 modified regex parser file by me, 'ArcSight SmartConnectors and Localization.pdf'.
Labels (2)
0 Likes
3 Replies
jbur Absent Member.
Absent Member.

RE: Localization Symantec Endpoint Protection 11.0 in Simplified Chinese

Thank you for posting this valuable information!
0 Likes
rgottumu Absent Member.
Absent Member.

RE: Localization Symantec Endpoint Protection 11.0 in Simplified Chinese

This is pretty cool. I never dealt with this so it's always good to learn new things. Thanks for posting this.
0 Likes
aneeshpskadavil1 Honored Contributor.
Honored Contributor.

Re: RE: Localization Symantec Endpoint Protection 11.0 in Simplified Chinese

Dear All,

Can any body help me in findng out what is the event id for virus definition update failed in SEP

Any help would be appreciated

Thanks and regards,

Aneesh Salimkumar

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.