Overview
This article provides a step-by-step process on adding a new Syslog Parsing Schema with Custom Regex code in the GFI EventsManager.
Process
- Stop the GFI EventsManager service and the GFI EventsManager Monitor service.
- Make a backup copy of ...\GFI\EventsManager2012\Data\toolcfg_syslogSchemas.xml.
- Open toolcfg_syslogSchemas.xml in a text editor.
- Before
</Schemas>
, add the following section:<SyslogParseSchema>
<SchemaName>RENAME</SchemaName>
<Formats>
<Format>
<PriorityRegex>.*</PriorityRegex>
<Regex>CUSTOMREGEX</Regex>
</Format>
</Formats>
<Fields>
</Fields>
</SyslogParseSchema> - Change
RENAME
to the desired name. - Enter your custom REGEX between
<Regex>
and</Regex>
replacingCUSTOMREGEX
. - Save and close the file.
- Start the GFI EventsManager service and the GFI EventsManager Monitor service.
- From the Console, choose Configuration > Event Sources. Right-click on Event Source Group and select Properties.
- Select the Syslog tab.
- From the Syslog Parsing Schema dropdown, select New Schema. Click OK.
Note: For an example and more information from the machine hosting GFI EventsManager, go to C:\Program Files (x86)\GFI\EventsManager2012\Data\Templates\Syslog Parsing Schema.mht.