11-27-2012 06:35 AM
I'm trying to configure newline in custom log format.
For example, if I configure "aaa<newline>bbb", and set it as mail alert.
I receive email with "aaabbb".
Does anyone know how to configure it? or is it impossible?
Two picture shows configuration screen and my mailbox.
Regards,
11-27-2012 04:44 PM
Replication was performed in-house on 4.1.x.
Following was the custom system log format in the email server profile :-
1) With white spaces
syntax:- $domain \n$id \n$actionflags \n$severity \n$time_generated \n$object \n$severity
2) Without white spaces
syntax:- $domain\n$id\n$actionflags\n$severity\n$time_generated\n$object\n$severity
3)
$domain
$id
$actionflags
$severity
$time_generated
$object
$severity
Email Alert Logs that appear in my email-address
Alert 1:-
1 \n0 \n0x0 \ninformational \n2012/07/27 20:48:00 \n \ninformational
Alert 2:-
1 \n0 \n0x0 \ninformational \n2012/07/27 20:50:58 \n \ninformational
A similar issue has been filed as a bug to engineering and the targeted release is 5.0. This issue might not be resolved in 4.1.x branch
Let me know if this is helpful.
Regards
Parth
11-27-2012 11:15 AM
To add a line break, add \n where a new line should be started
11-27-2012 04:12 PM
Hi Benjamin
Thanks for your reply.
I tested with '\n' and '\r\n', but both didn't work as expected.
Does it work on your device?
If it works, I also want to know that you are configuring something in escaping characters field.
Regards,
11-27-2012 04:44 PM
Replication was performed in-house on 4.1.x.
Following was the custom system log format in the email server profile :-
1) With white spaces
syntax:- $domain \n$id \n$actionflags \n$severity \n$time_generated \n$object \n$severity
2) Without white spaces
syntax:- $domain\n$id\n$actionflags\n$severity\n$time_generated\n$object\n$severity
3)
$domain
$id
$actionflags
$severity
$time_generated
$object
$severity
Email Alert Logs that appear in my email-address
Alert 1:-
1 \n0 \n0x0 \ninformational \n2012/07/27 20:48:00 \n \ninformational
Alert 2:-
1 \n0 \n0x0 \ninformational \n2012/07/27 20:50:58 \n \ninformational
A similar issue has been filed as a bug to engineering and the targeted release is 5.0. This issue might not be resolved in 4.1.x branch
Let me know if this is helpful.
Regards
Parth
11-27-2012 06:00 PM
Hi Parth,
I confirmed it works on my PA-200 v5.0.0.
I was trying on PA-200 v4.1.9 before and did not work.
Thanks a lot.
Regard,
Emr
06-13-2014 08:00 PM
I have upgraded to 6.02 and this is no longer effective for my logs... I have omitted some sensitive information, but as you can see the \n is very visible.
Thoughts?
* Beta Alert in Draft - some fields may not be necessary * * Version .91 - IT Security * --------------------------------------------------------------------------- Source Machine: xxx.xxx.xxx.xxx \n ------------------ \n Source User: username \n ------------------ \n Received_Time: 2014/06/12 09:24:02 \n ------------------ \n Time_Received: 2014/06/12 09:24:02 \n ------------------ \n Severity: medium \n ------------------ \n Action Taken: reset-both \n ------------------ \n Rule: Default Web Access \n ------------------ \n To: Outside \n ------------------ \n App: web-browsing \n Threat: Microsoft ASP.NET Path Validation Security Bypass Vulnerability(30133) \n ------------------ \n Threat ID: Microsoft ASP.NET Path Validation Security Bypass Vulnerability(30133) \n Category: any \n ------------------ \n Destination Country Code: GB \n ------------------ \n Source Port: 60065 \n ------------------ \n Destination Port: 80 \n
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
