I need to create an extend parser for this type of data since my log is not parsing correctly. It would be the fields
TripwireEnterpriseElementName=C:\\\\SubtechBnxDll\\\\LogServiceDllBnx.log
and
Type 'Write'.\\n\\nApplication: 'C:\\\\SubtechBnxDll\\\\ServiceCardBnx.exe'\\n
Since I requested the parsing with the support team, but this data does not come in UDM data.
<134>1 2025-05-19T19:25:32.000Z HABCZTW01.abchospital.net TE - - - CEF:0|Tripwire, Inc.|Tripwire
Enterprise|9.1.0|1|Audit Event|1|TripwireEnterpriseElementId=-1y2p0ij32e8c9:-1y2p0ij30jw2e TripwireEnterpriseElementName=C:\\\\SubtechBnxDll\\\\LogServiceDllBnx.log TripwireEnterpriseIds=-1y2p0ij32e8c3:-1y2p0ij31589x,-1y2p0ij32e8c9:-1y2p0ij30jw2e,-1y2p0ij32e8ce:-1y2p0ij2dy0vo TripwireEnterpriseLogLevel=Information TripwireEnterpriseNodeId=-1y2p0ij32e8bl:-1y2p0ij31589x TripwireEnterpriseVersionId=-1y2p0ij32e8ce:-1y2p0ij2dy0vo TripwireEnterpriseVersionTimestamp=May 19 2025 19:25:44 GMT cat=Audit Event deviceExternalId=-53e3aff4:18ceb0bc2b8:-7fff deviceFacility=16 dtz=CDT dvc=172.28.80.12 dvchost=HABCZTW01 externalId=-1y2p0ij32e8cw:-1y2p0ij2dy0vk msg='C:\\\\SubtechBnxDll\\\\LogServiceDllBnx.log' accessed by 'DOMABC_1\\\\abcclinica'. Type 'Write'.\\n\\nApplication: 'C:\\\\SubtechBnxDll\\\\ServiceCardBnx.exe'\\n rt=1747682732000 shost=clin1obe01.abchospital.net src=172.16.4.166 suser=DOMABC_1\\\\abcclinica
Page 1 / 1
There is a parser for Tripwire log files. Did you take a look at that already?
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.