Skip to main content
Skip table of contents

Manage Replay Logs

To configure a Signal Replay collector in Axon, the first step is to add new replay logs, or edit existing ones. Once the collector has been configured, these logs are repeatedly sent to Axon in order to trigger or test any existing Axon Rules.

Add New Replay Logs

To add new Replay logs, from the Axon Dashboard:

  1. In the lower-left corner of the main screen, click the Administration cog.
    The Administration menu appears on the left side.

  2. Under Integrations, click Collectors.
    The Collectors page appears.

  3. In the upper-right corner, click + Add Collector.
    The Add Collector Wizard appears.

  4. Select Signal Replay from the list of collector types.

  5. In the right-hand panel, click Manage Replay Logs.
    The Replay Log Management window appears.

  6. In the top-right corner, click Add Replay Logs.
    The Add Replay Logs pop-up appears.

  7. Enter a unique Name for this set of Replay logs.

  8. Enter a more detailed Description for the set of Replay logs.

  9. Click Save.
    The new Replay logs are saved, and the log details screen opens.

  10. At the top-right corner, click the Add Replay Logs button.

The maximum number of data rows allowed in a single Replay logs set is 10,000.

  1. Choose from one of the following options:

Option

Description

Paste a log to add to replay logs

This option allows you to copy and paste a single log into Axon. Follow the steps below to paste a log:

  1. Click Paste a log to add to replay logs.
    The Paste Replay Log pop-up appears.

  2. Copy and paste your existing log into the box provided.

  3. Click Add.
    The log is successfully added to the newly created Replay logs set.

From File

This option allows you to import pre-existing logs in the form of a .CSV file. Follow the steps below to import logs from a file:

  1. Click From File.
    The Import Replay Logs pop-up appears.

  2. Click Browse Files to locate the file on your local machine, or drag the file into the pop-up to automatically upload it.

The logs file should only contain a single column, with the header value of “message”.

  1. Click Import.
    The logs are successfully added to the newly created Replay logs set.

Modify Replay Logs

Once the Replay logs have been added to Axon, they appear in a list format that can be edited using the following available actions:

Option

Description

Delete

Check each log in the list that you wish to delete, and then click the Actions drop-down. Select Delete, and confirm the action by clicking Yes, Delete.

Export

Check each log in the list that you wish to export, and then click the Actions drop-down. Select Export. The selected logs are exported as a .CSV file.

Inspect

Click on a single log to open the Inspector panel for that log. To edit the data contained in the log, click the Edit button at the bottom of the Inspector panel. Once you have made changes to the log as desired, click Save.

Edit Existing Replay Logs

To edit existing Replay logs, you must access the Replay Log Management screen and use the available actions.

To open the Replay Log Management screen, from the Axon Dashboard:

  1. In the lower-left corner of the main screen, click the Administration cog.
    The Administration menu appears on the left side.

  2. Under Integrations, click Collectors.
    The Collectors page appears.

  3. In the upper-right corner, click + Add Collector.
    The Add Collector Wizard appears.

  4. Select Signal Replay from the list of collector types.

  5. In the right-hand panel, click Manage Replay Logs.
    The Replay Log Management window appears.

Replay Logs Actions

To edit any existing set of Replay logs, click the three-dot menu to the left of the name of the Replay logs set you wish to edit. The following options appear:

Option

Description

View Replay Logs

Click to view the logs that have been added to this Replay logs set.

These logs can be edited or modified using the options described in the Modify Replay Logs section.

Edit Details

Click to change the name and/or description of this Replay logs set.

Delete

Click to remove this Replay logs set from Axon. To confirm the action, click Yes, Delete.

Export

Click to export this Replay logs set as a .CSV file.

Variables

A variable can be used to insert the time into the log at processing time. Replace the time in the log with {currentTime}. Currently, this functionality only supports ISO8601 format. A variable can also be used to generate random values for emails, IP addresses, host names, and user names with {email}, {IPv4}, {hostname}, and {user}, respectively.

CODE 
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='MSSQLSERVER'/><EventID Qualifiers='49152'>18456</EventID><Level>Information</Level><Task>Logon</Task><Keywords>Audit Failure</Keywords><TimeCreated SystemTime='{currentTime}'/><EventRecordID>66817177</EventRecordID><Channel>Application</Channel><Computer>{hostname}</Computer><Security/></System><EventData><Data>LogRhythmWebUI</Data><Data> Reason: Password did not match that for the login provided.</Data><Data> [CLIENT: &lt;local machine&gt;]</Data><Binary>184800000E0000000D0000005500530042004F0031005300450050004D002D00300031000000070000006D00610073007400650072000000</Binary></EventData></Event>

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close