top of page

Syslog Interpreter

The window displays the default Syslog "Pattern list".

syslog interpreter.png

This form allows Syslog log acquisition from non-Windows devices to be configured and managed through the Syslog server integrated in BusinessLog.

The main functions are:

  • Activation of the Syslog server: routes Syslog messages to the IP address of the BusinessLog server.

  • Port configuration: allows you to specify the default port (UDP 514) or a custom port for receiving logs.

  • Log filtering: records only the syslogs related to specified administrator users, reducing log volume.

  • Advanced filters: allows manual entry of RegEx expressions or AI-based automatic generation to create complex filtering rules.

By clicking [Add], the following screen appears:

Syslog Interpreter 1 EN.png

You can enter the desired strings in two ways:

  • Direct copy-paste from a string generated by the system log (Syslog)

  • Automatic selection via the [Syslist] button, which automatically acquires and inserts the existing entries

Immagine3.png

When the window opens, the last 100 lines of the RegSysList.LOG file are automatically displayed.

Select a row and click [Select Syslog] to apply the entry:

Syslog Interpreter 2 EN.png

The full message string is automatically reported in the "Syslog String" field.

To start the automatic parameter analysis, click the [Automatic Pattern Splitting] button. The system sends the string contained in the Syslog String box to an artificial intelligence engine that analyzes its structure and automatically recognizes relevant patterns.

The purpose of the analysis is to identify the “style” of the Syslog message and map the main fields of interest, including:​

  • Device Identifier

  • Type Identifier

  • User

  • Origin

  • Event ID

  • Brand

  • Event Description

Required key fields

  • Device identifier: this must be present in text form within the Syslog message. It usually corresponds to the device name (devname), but it can also be a unique portion of text that allows the device to be identified without ambiguity.

  • Type identifier: defines the type of event, for example "login", "logout", "login failed", or "login successful". This value must also be present in the log string. To avoid ambiguity, generic or unclear terms should not be used. For example, if the text contains expressions such as "logon successfully" or "logon failed", it is preferable to specify a clear and explicit event type, such as "login successful" or "login failed", by manually adjusting the field if necessary.

Once the analysis produces correct results, indicated by green highlighted fields, click [Generate Pattern] to save the new pattern.

Syslog Interpreter 3 EN.png

The system, through an AI call, generates the regex and immediately verifies whether the data is extracted correctly.

  • If everything is correct, the fields turn green: at that point, simply click [Save].

  • In case of an error (for example an incorrect username), the box turns red, and the actual extracted value is shown below, compared with the expected one.

Syslog Interpreter 4 EN.png

Once you click [Save], the pattern is added to the main list.

In this screen, each row displays:

  • Device

  • Type

  • []

  • Regex

  • Other pattern details

  • Locked status, which indicates whether the pattern is locked and therefore cannot be modified or deleted.

syslog interpreter 2.png

NOTE: If the icon is unlocked, the pattern can be freely edited and deleted.

Tools

bottom of page