Dell 6.2 Server User Manual


  Open as PDF
of 869
 
first block is the matched expression; the second block contains the value inside the parentheses. For username
matching, the focus is on the second block, as it contains the username.
Condition Pattern Matching
The following description uses the Fortigate virus syslog message format as an example to describe condition pattern
matching. The Fortigate virus syslog message takes the form:
Sep2618:30:02log_id=0100030101type=virussubtype=infectedsrc=1.2.3.4
This message example contains the Fortigate virus log ID number 0100030101 (“log_id=0100030101”), which can
be used as the condition—the pattern that uniquely identifies this syslog message.
The parser expression that matches this condition is “log_id=0100030101”. This is a narrow match on the specific
log ID number shown in the message, or “log_id=[0–9]{10}[]” ,which is a regular expression that matches any
Fortigate log entry with a ten-digit log ID followed by a space.
User Pattern Matching
To extract the user identifier in the example Fortigate virus message shown above (“src=1.2.3.4”), use the following
expression, “src=(.*)[]” to parse the user information contained between the parentheses. The () block specifies
where the username will be extracted. Only the first block will be processed.
More examples:
Given a message wherein the username is a MAC address:
Sep2618:30:02log_id=0100030101type=virussubtype=infectedmac00:aa:bb:cc:dd:00
The expression “mac[](.{17})” will match “mac00:aa:bb:cc:dd:00” in the example message.
Given a message wherein the username is a user name:
Sep2618:30:02log_id=0100030101type=virussubtype=infecteduser<johndoe>
The expression “user<(.*)>” will match “user<johndoe>” in the example message.
Configuring ESI
You can use the following interfaces to configure and manage ESI and ESI syslog parser behavior:
l The Web user interface (WebUI), which is accessible through a standard Web browser from a remote
management console or workstation.
l The command line interface (CLI), which is accessible from a local console device connected to the serial port
on the controller or through a Telnet or Secure Shell (SSH) connection from a remote management console or
workstation.
NOTE: By default, you can access the CLI only from the serial port or from an SSH session. To use the CLI in a Telnet session, you
must explicitly enable Telnet on the controller. The general configuration descriptions in the following sections include both the
WebUI pages and the CLI configuration commands. The configuration overview section is followed by several examples that
show specific configuration procedures.
In general, there are three ESI configuration “phases” on the controller as a part of the solution:
l The first phase configures the ESI
ping health-check method
,
servers
, and
server groups
.The term
server
here refers
to external server devices, for example, an AVF.
DellPowerConnectW-SeriesArubaOS6.2 | User Guide ExternalServicesInterface | 752
 previous next