Advertisement
Solving Specific
Parsing Issues
<pattern id="Protocol" case-insensitive="true"
xmlns=""><![CDATA[\b(tcp|udp|icmp|gre)\b]]> </pattern>
<matcher field="Protocol" order="1" pattern-id="Protocol" capture-group="1" />
<pattern id="SourceIp_AuthenOK" xmlns="">
<![CDATA[SrcAddress=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}),]]></pattern
<matcher field="SourceIp" order="1" pattern-id="SourceIp_AuthenOK"
capture-group="100.100.100.100" enable-substitutions="true"/>
<pattern id="SourceMACWithDashes"
xmlns=""><![CDATA[SourceMAC=([0-9a-fA-F]{2})-([0-9a-fA-F]{2})-([0-9a-fA-F]{2})-([0-9
a-fA-F]{2})-([0-9a-fA-F]{2})-([0-9a-fA-F]{2})]]></pattern>
<matcher field="SourceMAC" order="1" pattern-id=" SourceMACWithDashes"
capture-group="\1:\2:\3:\4:\5:\6" />
This section provides you with XML examples that can be used when resolving
specific parsing issues that may arise:
Converting a Protocol
•
Making a Single Substitution
•
•
Generating Colon-Separated MAC Address
Combining IP Address and Port
•
Modifying an Event Category
•
•
Modifying Multiple Event Categories
Suppressing Identity Change Events
•
Converting a Protocol
The following example shows a typical protocol conversion that searches for TCP,
UDP, ICMP or GRE anywhere in the payload, surrounded by any word boundary
(for example, tab, space, end-of-line). Also, character case is ignored:
Making a Single Substitution
The following is an example of a straight substitution that parses the source IP
address, and then overrides the result and sets the IP address to 10.100.100.100,
ignoring the IP address in the payload. The example assumes that the source IP
address matches something similar to SrcAddress=10.3.111.33 followed by a
comma:
Generating Colon-Separated MAC Address
STRM detects MAC addresses in a colon-separated form. Since all devices do not
use this form, the following example shows how to correct that situation:
In the above example
address of
12:34:56:78:90:AB
SourceMAC=12-34-56-78-90-AB
.
Creating Extension Documents
>
is converted to a MAC
Release 2008.2
11
Advertisement
Related Manuals for Juniper JUNIPER NETWORKS STRM - TECHNICAL NOTE REV 6-2008
Related Products for Juniper JUNIPER NETWORKS STRM - TECHNICAL NOTE REV 6-2008
- Juniper JUNOS - NETWORK OPERATION GUIDE REV1
- Juniper JUNOSE 11.1.0 - REV 4-29-2010
- Juniper MEDIA FLOW CONTROLLER 2.0.5 - S REV 15-11-2010
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - REV1
- Juniper E SERIES BROADBAND SERVICES ROUTERS 11.3.X - E120 AND E320 MODULE GUIDE REV 01-10-2010
- Juniper E SERIES BROADBAND SERVICES ROUTERS 11.3.X - E120 AND E320 HARDWARE GUIDE REV 9-29-2010
- Juniper E SERIES BROADBAND SERVICES ROUTERS 11.3.X - ERX MODULE GUIDE REV 27-9-2010
- Juniper E SERIES BROADBAND SERVICES ROUTERS 11.3.X - ERX HARDWARE GUIDE REV 26-9-2010
Need help?
Do you have a question about the JUNIPER NETWORKS STRM - TECHNICAL NOTE REV 6-2008 and is the answer not in the manual?
Questions and answers