Reparsing Unsuccessfully Parsed Event Data in a Security Information and Event Management System

Reparsing Unsuccessfully Parsed Event Data in a Security Information and Event Management System

A mechanism is provided for reparsing unsuccessfully parsed event data. Responsive to determining that one or more unsuccessfully parsed event data items exist for a log source, each unsuccessfully parsed event data item of the one or more unsuccessfully parsed event data items is reparsing using an...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Bray, Rory F, Hume, Michael S, LeMesurier, Christopher A, Wheaton, Jamie A. R
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A mechanism is provided for reparsing unsuccessfully parsed event data. Responsive to determining that one or more unsuccessfully parsed event data items exist for a log source, each unsuccessfully parsed event data item of the one or more unsuccessfully parsed event data items is reparsing using an updated device support module associated with the log source. Responsive to the device support module successfully reparsing the unsuccessfully parsed event data item thereby forming a successfully parsed event data item, the successfully parsed event data item is added to a historical record of events associated with the log source. Responsive to the device support module failing to successfully reparse the unsuccessfully parsed event data item, the unsuccessfully parsed event data item is retained in an unsuccessfully parsed event data item data structure.