syslog config nsa 5650
i have difficulties with SYSLOG data in my SIEM. the SIEM export makes a file as CSV. the formatting of the file is really had to read. the first column is MESSAGE and the data within the column is relevant. It is hard to read and impossible to sort.
" id=firewall sn=REDACTED time=""2022-08-31 06:41:22"" fw=REDACTED pri=6 c=1024 gcat=2 m=97 msg=""Web site hit"" srcMac=REDACTED src=10.2.0.17:50051:X0 srcZone=Trusted natSrc=REDACTED:6332 dstMac=REDACTED dst=REDACTED9:80:X1 dstZone=Untrusted natDst=REDACTED:80 proto=tcp/http sent=769 rcvd=844 app=9 op=1 dstname=ctldl.windowsupdate.com arg=/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2a7d3da783fe97b4 code=27 Category=""Information Technology/Computers"" note=""Policy: CFS Default Policy, Info: 6148 "" n=4907509 fw_action=""NA"" dpi=0"
any suggestions how to parse the MESSAGE column? also how would i get a similar native log from SonicWALL? i could see how it is parsed and perhaps the SIEM is the offender.
i have read that some users run scripts on the output.