Release 2008.2
2
The extension document allows you to parse a device’s payload. Within the
extension document you can include statements of varying degrees of complexity,
as required to parse the desired information.
Understanding
Extension
Document
Elements
This section explains the two main divisions of the extension document:
•
Patterns
•
Match Groups
Patterns
Rather than associating a regular expression directly with a particular field name,
patterns (
patterns
) are declared separately at the top of the extension document
and can be subsequently referenced multiple times within the file.
Match Groups
A match group (
match-group
) is a set of patterns used for parsing or modifying
one or more types of events. A matcher is an entity within a match group that is
parsed (for example, EventName) and is paired with the appropriate pattern and
group for parsing. Any number of match groups may appear in the extension
document.
Table 1
Pattern Parameters
Parameter
Description
id
(Required)
Specify a regular string that is unique within the extension
document.
case-insensitive
(Optional)
Specify if you wish the pattern to ignore character case when
doing a match, for example
abc
is the same as
ABC
.
If not specified, this parameter defaults to false.
trim-whitespace
(Optional)
Specify if you wish the pattern to ignore white space and
carriage returns. If the CDATA sections are split onto different
lines, this parameter ensures that any extra spaces and
carriage returns are not interpreted as part of the pattern.
If not specified, this parameter defaults to false.
Table 2
Match Group Parameters
Parameter
Description
order
(Required)
Specify an integer greater than zero to specify the order in which
the match groups are executed. It must be unique within the
extension document.
description
(Optional)
Specify a description for the match group, which can be any string.
This information may appear in the logs.
If not specified, this parameter defaults to empty.
