Stand-Alone NetMon Syslog Parsing

If you are using NetMon as a stand-alone system, you can still route network data through Syslog. To integrate NetMon’s Syslog with your system, you need to parse the Syslog format. This appendix describes the regular expressions that LogRhythm Enterprise uses to interpret NetMon Syslog data. The Syslog output contains two normalized fields—one defines the event type (Syslog Event Type), and the other defines the Application ID or Application Code. Each Event Type has a slightly different set of fields.