MonitorWare Knowledge Base

Has anyone written any sql scripts to parse the Message field in SQL?

I'd like to be able to parse out the src outside IP address and port as well as the src inside ip address and port.

Hi,

if you provide me a syslog message sample, I may can help you.
In which script language do you want it to be parsed?

Sep 16 2003 16:12:54: %PIX-4-106023: Deny tcp src outside:146.186.136.190/4795 dst inside:146.186.156.136/135 by access-group "all-outside"
Sep 16 2003 16:12:54: %PIX-4-106023: Deny tcp src outside:146.186.136.190/4799 dst inside:146.186.156.140/135 by access-group "all-outside"
Sep 16 2003 16:12:54: %PIX-4-106023: Deny tcp src outside:146.186.136.190/4800 dst inside:146.186.156.141/135 by access-group "all-outside"
Sep 16 2003 16:12:54: %PIX-3-305006: Dst IP is network/broadcast IP, translation creation failed for icmp src outside:128.120.187.246 dst inside:128.118.25.32 (type 8, code 0)
Sep 16 2003 16:12:54: %PIX-3-305005: No translation group found for icmp src outside:128.120.187.246 dst inside:128.118.25.32 (type 8, code 0)
Sep 16 2003 16:12:54: %PIX-4-106023: Deny tcp src outside:146.186.136.190/4802 dst inside:146.186.156.151/135 by access-group "all-outside"
Sep 16 2003 16:12:54: %PIX-4-106023: Deny tcp src outside:146.186.136.190/4805 dst inside:146.186.156.156/135 by access-group "all-outside"
Sep 16 2003 16:12:54: %PIX-4-106023: Deny tcp src outside:146.186.136.190/4808 dst inside:146.186.156.160/135 by access-group "all-outside"


As you can see, some have valid inside and outside IP's and Ports. Some messages such as the ICMP message has no port information.

Id like to see the sample code in MS SQL.

Thanks.

Hi,

MS SQL is not a script language, but I get the Idea what you want.

You want to have the message parsed and splitted into fields in the database. Am I right?

I have to check what is possible first. I will post a reply on monday next week if nobody else has a solution then.

That is correct.

I look forward to your response.