Standard Parsers¶
The punch comes with a set of standard log parsers, together with a development environment to make it easy to write, test and deliver new parsers.
Technically speaking, a parser is made of one or several punchlets, i.e. functions written using the punch language.
A parser is however broader than just one or a few punchlets. Parsers must take care of enrichment, normalisation, enforcing a defined database schema expected by your database (typically Elasticsearch). The data model must also allow to design alerting or correlation rules, and not just search and ook at the logs in dashboard.
This overall log management guide cover these topics in details.
Here is a quick informal list of the existing parsers. These are available to any project starting on top of the punch. Get in touch with the punchplatform team for each parser detailed documentation.
- alcatel_switch
- apache_httpd
- arkoon]
- aruba_7200
- bluecoat_proxysg
- ca_siteminder
- checkpoint_firewall
- checkpoint_security_gateways
- cisco_asa
- cisco_firepower
- cisco_ironport
- cisco_wlc
- denyall_probe
- denyall_security
- f5
- f5_waf
- fireeye_axseries
- Forcepoint_Web_Security
- forcepoint_FW
- fortinet_fortianalyzer
- fortinet_fortigate
- handover
- IBM_Datapower
- infoblox_trinzic
- ironmail
- juniper_junos
- juniper_netscreen
- juniper_RSA
- juniper_security_manager
- juniper_srx
- linux_isc_dhcp
- mcafee_epo
- microsoft_exchange
- microsoft_iis
- microsoft_windows
- nginx
- nokia_vitalqip
- paloalto
- paloalto_FW
- postfix
- radius
- Sogo_webmail
- sophos
- sophos_pure_message
- sourcefire_ips
- squid
- stonesoft
- stormshield_networksecurity
- sun_solaris
- suricata
- symantec_endpointprotection
- thales_mistral
- unix
- wallix_admin_bastion
- websense