MARS raw messages & text parser?

ttrevino1 · ‎02-11-2008

Is there a recommended text parser to use with the raw text log files output by the MARS? I'm trying to troubleshoot an issue with a VPN user, but am having to search through tons of log files from yesterday. Is there a simplier way to use MARS to find this data?

Thanks, T

mhellman · ‎02-12-2008

I'm not exactly sure what you're asking. Are you using the GUI interface to query for information or are you looking through archived data?

ttrevino1 · ‎02-12-2008

I'm using the "view raw messages" option under the system maintenance tab, to download the firewall logs. Then I'm needing to find within the logs a particular user ID. Of course, this log is huge, so it's difficult to segregate out the data I need. I did find a program called Windows Grep yesterday after I posted this, which did what I needed. I'll go through any file, and pull out the entire message with the search string you've entered, pretty nice, and it's free.

Thanks for the response, I think I found what I need.

Although it would be nice to know if there is something within MARS that will do the same thing?

mhellman · ‎02-12-2008

I see. yeah, the "retrieve raw message" functionality in Mars is less than impressive. Is there a reason you can't search using the normal Mars queries and the keyword functionality?

grep is about as good as it gets. Are you doing archiving? If you are, the same data is also available in the archived data. The filename contains a date range so it's easy to search through a date range of files.

ttrevino1 · ‎02-12-2008

I did run a query on that IP/user name I was looking for, but it only showed a couple of entries, which I'm assuming were current connections. The data I was looking for was from the previous day.

We haven't got archiving set up yet, but that's something I need to work on.

Thanks for the help.