When creating a new normalization request, please include the following information. This will accelerate the normalization package fabrication procedure:
- Name and version of the log source
- Logging documentation for the version of the log source(can be obtained from the device vendor)
- Sample logs from the device(The sample logs can be anonymized before being provided on the request)
Notes: You can use the following query to extract the un-normalized sample logs from the UI of LogPoint
device_ip='xx.xx.xx.xx' -norm_id=* | norm <ALL:.*> | fields ALL
I need to be able to write my own normalizer.
You can write your own normalization package. The information for this can be found on the following link:
https://docs.logpoint.com/docs/data-integration-guide/en/latest/Configuration/Signatures.html#
Do let us know if this was helpful for you.
Thank you, very helpful :)