Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series Controller AOS

371

372

373

374

375

376

377

378

379

380

esi parser rule-test

esiparserrule-test

[file<filename>]|

[msg<msg>]

Description

This command allows you to test all of the enabled parser rules.

Syntax

Parameter Description

file

Tests against a specified file containing more than one syslog message.

msg

Tests against a syslog message, where <msg> is the message text.

Usage Guidelines

You can test the enabled parser rules against a syslog message input, or run the expression through a file

system composed of syslog messages. The command shows the match result as well as the user name parsed

for each message.

Example

The following command tests against a specified single syslog message.

(host) (config) #esiparser rule-test msg "2618:30:02log_

id=0100030101type=virussubtype=infectedsrc=1.2.3.4"

<2618:30:02log_id=0100030101type=virussubtype=infectedsrc=1.2.3.4>

=====

Condition:Matchedwithrule"forti_rule"

User:ipaddr=1.2.3.4

=====

The following command tests against a file named test.log, which contains several syslog messages.

esiparserrule-testfiletest.log

<Sep2618:30:02log_id=0100030101type=virussubtype=infectedsrc=1.2.3.4>

==========

Condition:Matchedwithrule"forti_rule"

User:ipaddr=1.2.3.4

==========

<Oct1810:43:40cli[627]:PAPI_Send:To:7f000001:8372Type:0x4Timedout.>

==========

Condition:Nomatchingruleconditionfound

==========

<Oct1810:05:32mobileip[499]:<500300><DBUG>|mobileip|Station00:40:96:a6:a1:a4,

10.0.100.103:DHCPFSMreceivedevent:RECEIVE_BOOTP_REPLYcurrent:PROXY_DHCP_NO_PROXY,

next:PROXY_DHCP_NO_PROXY>

==========

Condition:Nomatchingruleconditionfound

Dell Networking W-Series ArubaOS 6.4.x | User Guide esi parser rule-test | 380