top of page

Interpreter Syslog

The window displays a list of default Syslog patterns.

image.png

This form is used to configure and manage the acquisition of Syslog logs from non-Windows devices through the Syslog server integrated into BusinessLog.

​

Its main functions are:

  • Activation of the Syslog server: Enables devices to send their syslogs to the IP address of the machine hosting BusinessLog.

  • Port configuration: Allows you to specify the default port (UDP 514) or a custom port for receiving logs.

  • Log filtering: Makes it possible to record only the syslogs related to specified administrator users, reducing log volume.

  • Use of complex filters: Complex filters can be introduced manually, or an AI-based generator can be used to facilitate filter creation.

Clicking [New] will open the following screen:

image.png

You can enter the desired strings in two ways:

​

  • Direct copy-paste from a string generated by the system log (Syslog)

  • Automatic selection via the [Syslist] button, which automatically acquires and inserts the existing entries

image.png

When the window opens, the last 100 lines of the RegSysList.LOG file are automatically displayed.

By selecting a row and clicking [Select Syslog], the entry will be applied.

image.png

The full message string is automatically reported in the Syslog String field.

To start the automatic parameter analysis, click the [Automatic Pattern Splitting] button. The system sends the string contained in the Syslog String box to an artificial intelligence engine that analyzes its structure and automatically recognizes relevant patterns.

The purpose of the analysis is to identify the “style” of the Syslog message and map the main fields of interest, including:

​

  • Device Identifier

  • Type Identifier

  • User

  • Origin

  • Event ID

  • Brand

  • Event Description

​

​

​

Key Fields:

 

 

The two most relevant fields for pattern generation are:

​

  • Device Identifier: This must be present in text form within the Syslog message. It usually corresponds to the device name (devname), but it can also be a unique portion of text that allows the device to be identified without ambiguity. This field is crucial for correctly associating the event with a specific device.

​

  • Type Identifier : Indicates the nature of the event (e.g., login, logout, fail, login successful). This value must also be contained in the string. It is important to avoid ambiguous terms: for example, if the text contains expressions such as logon successfully or logon failed, it is preferable to insert a complete and clear type, such as login successful or login failed, manually modifying the field if necessary.

​

​

When ready, click [Generate Pattern]:

image.png

The system, through an AI call, generates the regex and immediately verifies whether the data is extracted correctly.

If everything is correct, the fields turn green; at that point, simply click [Save].

In case of an error (e.g., an incorrect username), the box turns red, and the actual extracted value is shown below, compared with the expected one.

image.png

Once you click [Save], the pattern is added to the main list.

In this screen, each row displays the pattern details (device, type, brand, regex, etc.) and its “Locked” status.

image.png

If the icon is unlocked, the pattern can be freely edited and deleted.

image.png
bottom of page