I need a solution
Is there a way to map a custom log's flag to symantec values? I collect them through the generic syslog collector.
For example I have this log:
Description = date=2013-04-20 time=21:00:48 devname=papatza device_id=87979 log_id=0038000007 type=traffic subtype=other pri=warning vd=root src=x.x.x.x srcname=hostname.example.com src_port=4565 src_int="internal" dst=127.0.0.1 dstname=x.x.x.jp dst_port=445 dst_int="wan1" SN=774772249 status=deny policyid=0 dst_country="Japan" src_country="United States" service=SMB proto=6 duration=0 sent=0 rcvd=0 msg="Denied by forward policy check"
How can I tell SSIM to map for example "service=SMB" to the SSIM's flag in order to parse these custom logs?
FYI this is a fortigate log.