Skip to content
Home » SIEM Tuning Insights » Devo Parsers : Simply get logs into the cloud

Devo Parsers : Simply get logs into the cloud

Devo Parsers

Devo Parser Introduction:

Devo parsers are tools used to extract and structure data from various sources, such as log files, network packets, and system events. Devo offers a range of parsers that can be used to process different types of data, each with their own set of associated tags that are used to identify and classify the data. Here is a comprehensive list of devo parsers and the associated tags:

  1. Apache log parser: This parser is used to extract data from Apache web server log files. Associated tags include: clientip, clientuser, timestamp, request, response, bytes, referrer, and agent.
  2. Cisco ASA firewall parser: This parser is used to extract data from Cisco ASA firewall logs. Associated tags include: date, time, action, src, dst, protocol, sport, dport, and msg.
  3. Windows event log parser: This devo parser is used to extract data from Windows event logs. Associated tags include: timestamp, eventid, level, source, task, opcode, keywords, and message.
  4. Netflow parser: This parser is used to extract data from Netflow records, which are used to track network traffic. Associated tags include: timestamp, srcip, dstip, srcport, dstport, protocol, packets, bytes, and flags.
  5. SNMP trap parser: This parser is used to extract data from Simple Network Management Protocol (SNMP) trap messages. Associated tags include: timestamp, community, enterprise, agent, trap, and variables.
  6. Syslog parser: This parser is used to extract data from syslog messages, which are used to log system events. Associated tags include: timestamp, hostname, facility, level, and message.
  7. RADIUS parser: This devo parser is used to extract data from Remote Authentication Dial-In User Service (RADIUS) logs. Associated tags include: timestamp, event, nasip, nasport, username, clientip, and status.
  8. JSON parser: This parser is used to extract data from JSON-formatted logs. Associated tags include the keys and values of the JSON object.
  9. CSV parser: This parser is used to extract data from Comma Separated Values (CSV) files. Associated tags include the column names of the CSV file.
  10. Regex parser: This parser is used to extract data from logs using regular expressions. Associated tags are defined by the user in the regular expression.
  11. Custom parser: This devo parser allows users to define their own parsing logic using a combination of regular expressions and custom code. Associated tags are defined by the user.

In addition to these parsers, Devo also offers a range of pre-built parsers for specific log sources, such as AWS CloudTrail, Azure Activity Logs, and Google Cloud Platform. These parsers are designed to extract data from the specific log format of each platform, and come with a set of associated tags that are tailored to the data contained in those logs.

Conclusion

Using these devo parsers, businesses can extract and structure data from a wide range of sources and use the associated tags to classify and analyze the data. This enables businesses to gain insights into their operations, identify trends and patterns, and make more informed decisions.

Check out the devo parser documentation, or read about devo tagging.

Leave a Reply

Your email address will not be published. Required fields are marked *