We have updated our Terms of Service, Code of Conduct, and Addendum.

CRIBL - Parser Libraries

Draco3
Draco3 Posts: 6
in General Discussions

Hi all, this is my first post on this forum, so hello. We have just begun to use CRIBL and I am still in a learning phase. I am wondering if there are more parsers that can be added to the library or whether you have to create them yourself? As an example I have a CRIBL instance that is receiving json data from another CRIBL instance (with the data having been prebaked SPLUNK) for a Cisco ASA log. The content of the log entry is in either the raw or Message field and I would like to extract into key value pairs. I have tried the some functions but it looks like I have to do custom regex (and I am not good with regex).

Best Answer

  • Kyle McCririe
    Kyle McCririe Posts: 29 ✭✭
    Answer ✓

    Hi Draco3,

    You can certainly add your own parsers under Knowledge. You would have to create them yourself based on the format of the logs.

    For more prebuilt content I would check out our Packs! https://packs.cribl.io/
    There is a pack for Cisco ASA that has some regexes already made.

    If youd like I can also help you write a regex to extract whatever youd like.

Answers

  • Kyle McCririe
    Kyle McCririe Posts: 29 ✭✭
    Answer ✓

    Hi Draco3,

    You can certainly add your own parsers under Knowledge. You would have to create them yourself based on the format of the logs.

    For more prebuilt content I would check out our Packs! https://packs.cribl.io/
    There is a pack for Cisco ASA that has some regexes already made.

    If youd like I can also help you write a regex to extract whatever youd like.

  • Kyle McCririe
    Kyle McCririe Posts: 29 ✭✭

    If you paste an example of the log I can take a look at options of parsing it!

Categories