Header Only - DO NOT REMOVE - Extreme Networks

Help with LSX XML File - Fortiweb 400C UDSM

  • 24 February 2015
  • 1 reply
  • 387 views

  • New Member
  • 0 replies
Hi,

I'm in the process of defining a LSX for FortiWeb device, which are current shown as unknown (UDSM) by Qradar.

Fortiweb 400C

Serial Number FV400C3M13000193

Firmware Version FortiWeb-400C 5.06,build0091,140212

Here is the XML file:













EventName[/b]" xmlns="">

SourceIp[/b]" xmlns="">

SourcePort[/b]" xmlns="">

DestinationIp[/b]" xmlns="">

DestinationPort[/b]" xmlns="">

Protocol[/b]" case-insensitive="true" xmlns="">























It does not work. What am I doing wrong?

Thanks,

1 reply

Hi cos, I am working on something similar.
All I did was looked for a unique pattern for the EVENT NAME field. If that matches correctly, all other fields are parsed as expected.

Reply