Event log Tune-Up variables

Kris · Post by **Kris** » Fri Apr 23, 2021 2:00 am

We use HM to detect Windows events, i.e. OWA login failures.
It would be nice to be able to extract relevant items from the event, like:

Example:
%Account Name%
%Failure Reason%
%Source Network Address%

Or maybe even create your own library of variables.

KS-Soft · Post by **KS-Soft** » Fri Apr 23, 2021 2:18 pm

There are thousand different formats (messages) in Windows event log, how to create variables for each event?
We can add some operators for processing..

Where do you want to use such data?
- Optional status processing?
- Expression to start "advanced" action?
- parameters of some action (e.g. e-mail template)?

Regards
Alex

Kris · Post by **Kris** » Sun Apr 25, 2021 10:10 am

Hi Alex,

The data I mentioned would be handy to tune up the reply, so the quick-log shows these fields instead of the normal reply.

KS-Soft · Post by **KS-Soft** » Mon Apr 26, 2021 1:13 pm

We added new operators:
- getlinewith
- getlinestarts
- getlineends
- gettagval

So you may use expression like ["%SuggestedReply%" getlinewith "Account Name:"]

If you are using version 12.84, contact support@ks-soft.net, we will provide update.

Regards
Alex

Kris · Post by **Kris** » Wed Apr 28, 2021 2:40 am

Thanks Alex!

Email sent

Kris · Post by **Kris** » Wed Apr 28, 2021 4:26 am

Hi Alex,

The following operators won't help in my specific case.
- getlinewith
- getlinestarts
because the line I'm looking for (containing "Account Name:") appears multiple times. I need the second occurrance....

Not sure on how to use the 'gettagval' operator?
Is this the XML tag?
Something like:
["%SuggestedReply%" gettagval "<Data Name='TargetUserName'>"]
But that doesn't seem to work...

Thanks!

KS-Soft · Post by **KS-Soft** » Wed Apr 28, 2021 6:59 am

You can use several commands in expression.
Please send to support example of text you want to parse and field you need to get.

Regards
Alex

Kris · Post by **Kris** » Wed Apr 28, 2021 7:57 am

Email sent