This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

AutoSplit value based on Policy name

My goal is to have diferent log files which names are unique for each policy name. Is this possible?

Path and filename of log file:

D:\KIWI\Logs\Syslog-%PolicyName.txt

Syslog message:

source-address="10.18.100.100" source-port="62394" destination-address="10.17.200.100" destination-port="443" policy-name="263" source-zone-name="Trust" destination-zone-name="Untrust"

How should I define  %PolicyName?

  • If you know the policy names, and there aren't a lot, you can write a rule for each that writes to a log.

    Or

    USe one rule and create a script that looks for a string match of the policy names then writes to that filename.

    Or

    To be fully dynamic you will have to parse the message(split on the spaces, take the 5th element, split that again on the "="), save the policy name to a custom variable(VarCustom0X) then use the Variable as the split value.