Release 2008.2
J
UNIPER
N
ETWORKS
STRM
T
ECHNICAL
N
OTE
U
SING
E
XTENSION
D
OCUMENTS
J
UNE
2008
Device extensions allow you to modify how a DSM parses logs, which is useful for
resolving parsing issues. However, before you define a device extension, you must
build an extension document. This document provides information on defining an
extension document including:
•
About Extension Documents
•
Understanding Extension Document Elements
•
Creating Extension Documents
•
Device Type IDs
This document assumes an advanced knowledge of XML coding.
About Extension
Documents
The extension document is specified in Extensible Markup Language (XML)
format. You can create and edit the document using any common word processing
application. You can create multiple extension documents and associate an
extension document to various device types. Using an extension document, you
can resolve parsing issues, such as:
•
Fixing an event that has missing or incorrect fields (for example, if the
username is not being parsed).
•
Completing the parsing of an event when the DSM to which it is attached fails to
produce a result. Any new events produced by the device extension are
associated to the device that failed to parse the original payload. This action
prevents these events from appearing as un-parsed in the STRM interface.
XML format allows for a simplification of the extension document’s organization,
and verifies the extension document’s contents. Using this format requires that all
regular expressions be contained in character data (CDATA) sections to prevent
the special characters that are needed by regular expressions from interfering with
the markup format. For example:
<pattern id="Protocol" case-insensitive="true" xmlns="">
<![CDATA[(tcp|udp|icmp|gre)]]></pattern>
Where
(tcp|udp|icmp|gre)
is the actual regular expression pattern.
