How can I configure newline mark in custom log format?

Reply
Highlighted
L4 Transporter

How can I configure newline mark in custom log format?

I'm trying to configure newline in custom log format.

For example, if I configure "aaa<newline>bbb", and set it as mail alert.

I receive email with "aaabbb".

Does anyone know how to configure it? or is it impossible?

Two picture shows configuration screen and my mailbox.

Regards,


Accepted Solutions
Highlighted
L4 Transporter

Re: How can I configure newline mark in custom log format?

Replication was performed in-house on 4.1.x.

Following was the custom system log format in the email server profile :-

1) With white spaces

syntax:- $domain \n$id \n$actionflags \n$severity \n$time_generated \n$object \n$severity

2) Without white spaces

syntax:- $domain\n$id\n$actionflags\n$severity\n$time_generated\n$object\n$severity

3)

$domain

$id

$actionflags

$severity

$time_generated

$object

$severity

Email Alert Logs that appear in my email-address

Alert 1:-

1 \n0 \n0x0 \ninformational \n2012/07/27 20:48:00 \n \ninformational

Alert 2:-

1 \n0 \n0x0 \ninformational \n2012/07/27 20:50:58 \n \ninformational

A similar issue has been filed as a bug to engineering and the targeted release is 5.0. This issue might not be resolved in 4.1.x branch

Let me know if this is helpful.

Regards

Parth

View solution in original post


All Replies
L4 Transporter

Re: How can I configure newline mark in custom log format?

To add a line break, add \n where a new line should be started

Highlighted
L4 Transporter

Re: How can I configure newline mark in custom log format?

Hi Benjamin

Thanks for your reply.

I tested with '\n' and '\r\n', but both didn't work as expected.

Does it work on your device?

If it works, I also want to know that you are configuring something in escaping characters field.

Regards,

Highlighted
L4 Transporter

Re: How can I configure newline mark in custom log format?

Replication was performed in-house on 4.1.x.

Following was the custom system log format in the email server profile :-

1) With white spaces

syntax:- $domain \n$id \n$actionflags \n$severity \n$time_generated \n$object \n$severity

2) Without white spaces

syntax:- $domain\n$id\n$actionflags\n$severity\n$time_generated\n$object\n$severity

3)

$domain

$id

$actionflags

$severity

$time_generated

$object

$severity

Email Alert Logs that appear in my email-address

Alert 1:-

1 \n0 \n0x0 \ninformational \n2012/07/27 20:48:00 \n \ninformational

Alert 2:-

1 \n0 \n0x0 \ninformational \n2012/07/27 20:50:58 \n \ninformational

A similar issue has been filed as a bug to engineering and the targeted release is 5.0. This issue might not be resolved in 4.1.x branch

Let me know if this is helpful.

Regards

Parth

View solution in original post

Highlighted
L4 Transporter

Re: How can I configure newline mark in custom log format?

Hi Parth,

I confirmed it works on my PA-200 v5.0.0.

I was trying on PA-200 v4.1.9 before and did not work.

Thanks a lot.

Regard,

Emr

Highlighted
Not applicable

Re: How can I configure newline mark in custom log format?

I have upgraded to 6.02 and this is no longer effective for my logs... I have omitted some sensitive information, but as you can see the \n is very visible.

Thoughts?

* Beta Alert in Draft - some fields may not be necessary * * Version .91 -  IT Security * --------------------------------------------------------------------------- Source Machine: xxx.xxx.xxx.xxx \n ------------------ \n Source User: username \n ------------------ \n Received_Time: 2014/06/12 09:24:02 \n ------------------ \n Time_Received: 2014/06/12 09:24:02 \n ------------------ \n Severity: medium \n ------------------ \n Action Taken: reset-both \n ------------------ \n Rule: Default Web Access \n ------------------ \n To: Outside \n ------------------ \n App: web-browsing \n Threat: Microsoft ASP.NET Path Validation Security Bypass Vulnerability(30133) \n ------------------ \n Threat ID: Microsoft ASP.NET Path Validation Security Bypass Vulnerability(30133) \n Category: any \n ------------------ \n Destination Country Code: GB \n ------------------ \n Source Port: 60065 \n ------------------ \n Destination Port: 80 \n

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!