Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
mbenvenuti
Staff
Staff

Created on ‎04-12-2024 05:50 AM

Article Id 309080

Technical Tip: How to extract customized parsers into XML files

Description This article describes how to extract customized parsers into XML files.
Scope FortiSIEM.
Solution

For the FortiSIEM to comply with devices, it is sometimes necessary to modify or create parsers in Admin -> Devices -> Parsers. FortiSIEM saves the parsers by default in its database. It can be required to save those parsers in other locations for backup/versioning purposes or import them on another FortiSIEM.

 

Here are the steps and the scripts to proceed with this extraction:

  1. Download the attached extract_parser_to_xml.sh file and put it in /tmp in super FortiSIEM.
  2. From super CLI as root:

 

chmod +x /tmp/extract_parsers_to_xml.sh

/tmp/extract_parsers_to_xml.sh

 

2024_04_12_14_29_17_mRemoteNG_confCons.xml_7.1.4.png

 

 

  • /tmp/extracted_parsers.tar.gz is generated with all the customized parsers.
  • Those parsers can now be stored for backup/versioning or used while creating or cloning a parser in GUI at Admin -> Device -> Parsers.

 

2024-04-12 14_32_25-FortiSIEM.png

 

extract_parsers_to_xml.zip
Labels:
557
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.