I used the SDK to create a new collector but will do with some help....

I want to build a collector with multiple map files so lets say below is
an example log:

01/03/13 14:33:22 NOTICE access_out

Regex for the log would appear something like this:

Finally, below are the RegEx groups and what they extract:

RegExp.$1 = date
RegExp.$2 = time
RegExp.$3 = severity (need a map to convert to numbers)
RegExp.$4 = source IP
RegExp.$5 = source port
RegExp.$6 = target IP
RegExp.$7 = target port
RegExp.$8 = vendor message (need a map to covnert to a descriptive
RegExp.$9 = Initiating username

Here is my problem.....

How do I create a new map file (containing "name" and "value" fields)
and link the respective regex values extracted from the log? In our
example I need one for severity where say "NOTICE" will be given a
severity value of 1; "WARNING" given a severity value of 4 and so on.

I also need a second map file for vendor message where "access_out" will
have a description value of "Successful connection established" or
something like this.

Now I need the collector to use the values from the map file and not the
one that are present in the log. Obviously I want to build such a
collector so I can add/remove/edit descriptions from a map file rather
than messing with a code.

Can someone guide me on how do I do this within the SDK please? If such
a collector is already build (i.e. mapping), could someone please send
me the development build?

Any help is much appreciated.


pimpalp's Profile: https://forums.netiq.com/member.php?userid=5587
View this thread: https://forums.netiq.com/showthread.php?t=50191