Custom Pattern Configuration Window

---

This window lets you create a pattern used to interpret information from a non-standard syslog file. A sample line is shown un-parsed in the Sample Log Line. The Pattern line contains Fields and Delimiters that determine how each data element in the sample line is parsed and placed in a column in the Event View. The Parsed table shows how the results presented in the Event View panel.

You can access this window from the Config button in the Log Manager Parameters window or the Log Manager Parameters - New window.

Click areas of the window for more information.

Name

This is the Pattern name. You can select one of the standard patterns or a previously defined pattern, or click New and type a name for a new pattern. The following standard patterns are available:

• KIWI Pattern - Parses a basic KIWI Syslog Server file format
• NetSight Syslog Pattern Parses files generated by the Extreme Management Center Syslog Service
• NetSight Trap Log Pattern - Parses files generated by the snmpTrapd Service
• UNIX Syslog Pattern - Parses files generated by the built in UNIX/LINUX Syslog Service
• Console 1.x Pattern - Parses files generated by Console 1.x
• NetSight Log Pattern - Parses files generated by Console and the other Management Center applications
• 1X Plugin Pattern - Parses files generated by other Management Center applications
• Red Hat LINUX Syslog Pattern - Parses files generated by the built in UNIX/LINUX Syslog Service
• Ubuntu LINUX Syslog Pattern - Parses files generated by the built-in UNIX/LINUX Syslog Service

Fields

This table lists the field types that identify the column in which a particular element of parsed information should be placed. You can double-click a field type to add it to the pattern (or use the arrow button) or you can type field types directly into the pattern. Selecting a field type full pattern is enclosed within angle brackets (< , >) to signify beginning and end. A newline (\n) is assumed at the end in this case, but could be made required using a delimiter character. Field types within percentage symbols represent the column in which a piece of parsed information should be put. The following field types are available:

• %pri% = Priority string
• %pdate% - Parsed Date - Console is capable of interpreting several date formats. Use this field with %ptime% for most standard date/time formats. If this does not present the date correctly, use the following fields to parse the individual elements in the date.
• %date% - parses date elements and places the parsed information into the Date/Time column.
• %month%, %day%, %year% - separately parsed date elements. The parsed results are placed in the Date/Time column.
• %ptime% - Parsed Time - Console is capable of interpreting several time formats. Use this field with %pdate% for most standard date/time formats. If this does not present the time correctly, use separate fields to parse the individual elements in the time.
• %time% - parses the time elements and places the parsed information into the Date/Time column.
• %hour%, %min%, %sec%, %ampm% - separately parsed time elements. The parsed results are placed in the Date/Time column.
• %cat% - Category provides a means for sorting events (e.g., Poller, Application, Error)
• %sev% - Severity
• %user% - Username associated with the event.
• %ip% - Host IP Address associated with the event.
• %type% - Type (Event or Trap)
• %event% - a more specific keyword/phrase (i.e. "Contact Lost", "Contact Established")
• %info% - The information string.
• %discard% - information that is not used. This is information that is skipped over to parse the next piece.

Delimiters

This table lists the characters that are used in the selected file to separate information types. You can double-click a delimiter to add it to the pattern (or use the arrow button) or you can type a delimiter directly into the pattern. The list contains two types of whitespace delimiters (\w for whitespace and \t for tab). Use the \t when a single tab separates elements in the sample line. Whitespace can be used when the separator in the sample line is a tab, a series of tabs or series of spaces. Reserved characters must be preceded by a backslash (\)., The following delimiters are available:

• \r - return
• \t - tab
• \n - new line
• \w - whitespace
• , - comma
• . - period
• : = colon
• ; - semicolon
• - - dash

Pattern

Displays the selected Fields and Delimiters that determine how each data element in the sample line will be parsed and placed in a column in the Event View.

Sample Log Line

This is a sample of raw log information.

Parsed

This table shows how the information will be presented in the Events tab. Cells are filled with the sample line information as field types are selected and delimited.

New Button

This button places a default name into the name field and clears the Pattern field, allowing you to define a new pattern. You can swipe the default name and type a name of your own choosing.

Delete Button

This button removes the currently selected pattern.

Apply Button

Applies the current pattern to the Pattern Name, but leaves the window open to allow creating/modifying another pattern.

OK Button

Applies the current pattern to the Pattern Name and closes the window.

---

Related Information

For information on related windows:

• Event Manager Window
• Log Manager Parameters Window
• New Log Manager Window

For information on related tasks:

• How to Configure Events