Home » Dell Manuals » Wireless » Dell W-Series 304 » Manual Viewer

Dell W-Series 304 Instant 6.5.1.0-4.3.1.0 CLI Reference Guide - Page 363

External Services Interface, Dell Networking W, Series ArubaOS 6.5.x User Guide, show esi parser rules

Add to My Manuals
Save this manual to your list of manuals

Page 363 highlights

Usage Guidelines The user creates an ESI rule by using characters and special operators to specify a pattern that uniquely identifies a syslog message. This "condition" defines the type of message and the ESI domain to which this message pertains. The rule contains three major fields: l Condition: The pattern that uniquely identifies the syslog message type. l User: The username identifier. It can be in the form of a name, MAC address, or IP address. l Action: The action to take when a rule match occurs. Once a condition match occurs, no further rule-matching will be made. For the matching rule, only one action can be defined. For more details on the character-matching operators, repetition operators, and expression anchors used to defined the search or match target, refer to the External Services Interfacechapter in the Dell Networking WSeries ArubaOS 6.5.x User Guide . Use the show esi parser rules command to show ESI parser rule information. Use the show esi parser stats command to show ESI parser rule statistical information Examples The following command sets up the Fortigate virus rule named "forti_rule." This rule parses the virus detection syslog scanning for a condition match on the log_id value (log_id=) and a match on the IP address (src=). (host) (config) #esi parser rule forti_rule condition "log_id=[0-9]{10}[ ]" match ipaddr "src=(.*)[ ]" set blacklist domain fortinet enable In this example, the corresponding ESI expression is: < Sep 26 18:30:02 log_id=0100030101 type=virus subtype=infected src=1.2.3.4 > The following example of the test command tests a rule against a specified single syslog message. test msg "26 18:30:02 log_id=0100030101 type=virus subtype=infected src=1.2.3.4" < 26 18:30:02 log_id=0100030101 type=virus subtype=infected src=1.2.3.4 > ===== Condition: Matched with rule "forti_rule" User: ipaddr = 1.2.3.4 ===== The following example of the test command tests a rule against a file named test.log, which contains several syslog messages. test file test.log < Sep 26 18:30:02 log_id=0100030101 type=virus subtype=infected src=1.2.3.4 > ========== Condition: Matched with rule "forti_rule" User: ipaddr = 1.2.3.4 ========== < Oct 18 10:43:40 cli[627]: PAPI_Send: To: 7f000001:8372 Type:0x4 Timed out. > ========== Condition: No matching rule condition found ========== 363| esi parser rule Dell Networking W-Series ArubaOS 6.5.x | Reference Guide

Section	Page
Revision History	3
The ArubaOS Command-Line Interface	4
What’s New in ArubaOS 6.5.x	4
About this Guide	8
Connecting to the Controller	9
CLI Access	9
Saving Configuration Changes	11
Typographic Conventions	12
Command Line Editing	13
Specifying Addresses and Identifiers in Commands	14
Contacting Dell	16
aaa auth-survivability	17
aaa authentication captive-portal	19
aaa authentication dot1x	25
aaa authentication mac	34
aaa authentication mgmt	36
aaa authentication-server internal	38
aaa authentication-server ldap	39
aaa authentication-server radius	42
aaa authentication-server tacacs	47
aaa authentication-server windows	49
aaa authentication stateful-dot1x	50
aaa authentication stateful-dot1x clear	52
aaa authentication stateful-kerberos	53
aaa authentication stateful-ntlm	54
aaa authentication via auth-profile	56
aaa authentication via connection-profile	59
aaa authentication via global-config	68
aaa authentication via web-auth	69
aaa authentication vpn	70
aaa authentication wired	74
aaa authentication wispr	75
aaa bandwidth-contract	78
aaa derivation-rules	80
aaa dns-query-interval	85
aaa inservice	86
aaa ipv6 user add	87
aaa ipv6 user clear-sessions	89
aaa ipv6 user delete	90
aaa ipv6 user logout	91
aaa log	92
aaa password-policy mgmt	93
aaa profile	96
aaa query-user	102
aaa radius-attributes	104
aaa rfc-3576-server	105
aaa server-group	107
aaa tacacs-accounting	111
aaa test-server	113
aaa timers	114
aaa trusted-ap	116
aaa user add	117
aaa user clear-sessions	119
aaa user delete	120
aaa user fast-age	121
aaa user logout	122
aaa user monitor	123
aaa user purge-log	124
aaa user stats-poll	125
aaa xml-api	126
activate	128
activate-service-whitelist	130
add ap arm client-match unsupported	132
adp	133
airgroup	134
airgroupservice	140
airgroup static mdns-record	142
am	148
amon msg-buffer-size	150
ap authorization-profile	151
ap consolidated-provision info	153
ap-crash-transfer	154
ap debug advanced-stats	155
ap debug client-trace start	156
ap debug client-trace stop	157
ap debug dot 11r remove-key	158
ap debug radio-event-log	159
ap debug radio-registers dump	161
ap enet-link-profile	162
ap flush-r1-on-new-r0	164
ap image-preload	165
ap-lacp-striping-ip	167
ap lldp med-network-policy-profile	169
ap lldp profile	172
ap mesh-cluster-profile	175
ap mesh-ht-ssid-profile	177
ap mesh-radio-profile	183
ap provisioning-profile	189
ap packet-capture	195
ap process restart	200
ap regulatory activate	201
ap regulatory-domain-profile	202
ap regulatory reset	206
ap spectrum clear-webui-view-settings	207
ap spectrum local-override	208
ap system-profile	210
ap wipe out flash	224
ap wired-ap-profile	225
ap wired-port-profile	228
apboot	230
apconnect	232
apdisconnect	233
apflash [deprecated]	234
ap-group	235
ap-leds	239
ap-move	241
ap-name	242
ap-regroup	246
ap-rename	248
app skype4b traffic-control	250
arm move-sta	252
arp	253
audit-trail	254
backup	255
banner motd	256
block-redirect-url	258
boot	259
cellular profile	261
cfgm	263
clear	265
clear aaa auth-survivability-cache	273
clear wms wired-mac	274
clock append	275
clock set	276
clock summer-time recurring	277
clock timezone	279
cluster-member-custom-cert	280
cluster-member-factory-cert	282
cluster-member-ip	284
cluster-root-ip	286
configure terminal	289
control-plane-security	290
controller-ip	292
controller-ipv6	293
copy	294
cp-bandwidth-contract	298
crypto-local ipsec sa-cleanup	299
crypto dynamic-map	300
crypto ipsec	303
crypto isakmp	305
crypto isakmp block-aruba-ca	308
crypto isakmp policy	309
crypto-local ipsec-map	313
crypto-local isakmp allow-via-subnet-routes	321
crypto-local isakmp ca-certificate	322
crypto-local isakmp certificate-group	323
crypto-local isakmp disable-aggressive-mode	324
crypto_local isakmp disable-ipcomp	325
crypto-local isakmp dpd	326
crypto-local isakmp key	327
crypto-local isakmp permit-invalid-cert	329
crypto-local isakmp sa-cleanup	330
crypto-local isakmp server-certificate	331
crypto-local isakmp xauth	332
crypto-local pki	333
crypto-local pki rcp	336
crypto map global-map	339
crypto	340
crypto	340
crypto pki-import	342
database synchronize	344
delete	345
destination	346
dialer group	347
dir	348
disable-whitelist-sync	350
dot1x	351
dpi	352
dynamic-ip	354
eject usb	355
enable	356
enable bypass	357
enable secret	358
encrypt	359
esi group	360
esi parser domain	361
esi parser rule	362
esi parser rule‑test	365
esi ping	367
esi server	368
exit	370
export	371
file syncing profile	372
fips	373
firewall	374
firewall cp	383
firewall cp-bandwidth-contract	386
firewall-visibility	388
gateway health-check disable	389
guest-access-email	390
ha	392
halt	395
help	396
hostname	397
iap del branch-key	398
iap trusted-branch-db	399
ids ap-classification-rule change	401
ids ap-rule-matching	404
ids dos-profile	405
ids general-profile	414
ids impersonation-profile	420
ids management-profile	423
ids profile	424
ids rate-thresholds-profile	426
ids signature-matching-profile	428
ids signature-profile	430
ids unauthorized-device-profile	433
ids wms-general-profile	441
ids wms-local system-profile	444
ifmap	446
Interface cellular	448
interface fastethernet \| gigabitethernet	449
interface loopback	458
interface port-channel	460
interface-profile voip-profile	464
interface range	466
interface tunnel	469
interface vlan	475
interface vlan ipv6	480
interface vlan ip igmp proxy	483
ip access-list eth	485
ip access-list extended	487
ip access-list ip-geolocation	489
ip access-list mac	491
ip access-list route	493
ip access-list session	496
ip access-list standard	501
ip cp-redirect-address	503
ip default-gateway	504
ip dhcp excluded-address	505
ip dhcp pool	506
ip domain lookup	508
ip domain-name	509
ip igmp	510
ip local	512
ip mobile active-domain	513
ip mobile domain	514
ip mobile foreign-agent	516
ip mobile home-agent	517
ip mobile packet-trace	518
ip mobile proxy	519
ip mobile revocation	522
ip name-server	523
ip nat	524
ip nexthop-list	525
ip ospf	527
ip probe default	529
ip probe health-check	531
ip radius	533
ids rap-wml-server-profile	535
ids rap‑wml-table-profile	537
ip reputation	539
ip route	540
ipv6 cp-redirect-address	542
ipv6 default-gateway	543
ipv6 dhcp excluded-address	544
ipv6 dhcp pool	545
ipv6 enable	547
ipv6 firewall	548
ipv6 neighbor	551
ipv6 mld	552
ipv6 proxy-ra	554
ipv6 radius	555
ipv6 route	556
kernel coredump	558
lacp group	559
lacp port-priority	561
lacp system-priority	562
lacp timeout	563
lcd-menu	564
license	566
local-custom-cert	570
local-factory-cert	572
localip	573
local-userdb add	574
local-userdb-ap del	577
local-userdb-branch	579
local-userdb del	582
local-userdb export	583
local-userdb fix-database	584
local-userdb-guest add	585
local-userdb-guest del	588
local-userdb-guest modify	589
local-userdb-guest send-email	591
local-userdb import	592
local-userdb maximum-expiration	593
local-userdb modify	594
local-userdb-branch	596
local-userdb send-to-guest	599
local-userdb send-to-sponsor	600
location	601
location-server-feed	602
logging	603
logging facility	605
logging level	606
loginsession	611
logout	612
mac-address-table	613
master-redundancy master-vrrp	614
masterip	616
master-redundancy peer-ip	619
mgmt-server profile	621
mgmt-server type	624
mgmt-user	625
mobility-manager	628
netdestination	630
netdestination6	632
netexthdr	634
netservice	636
ntp authenticate	638
ntp authentication-key	639
ntp server	640
ntp standalone	641
ntp trusted-key	642
packet-capture	643
packet-capture-defaults	646
page	649
paging	650
pan active-profile	651
pan profile	652
panic	654
pan-options	655
papi-security	658
perf-test	660
pcap (deprecated)	662
phonehome	665
ping	666
pkt-trace	668
pkt-trace-global	669
pptp ip local pool	670
priority-map	671
process monitor	672
prompt	674
provision-ap	675
reload	706
rename	708
restore	709
rf am-scan-profile	710
rft	712
rf arm-rf-domain-profile	713
rf arm-profile	714
rf dot11a-radio-profile	733
rf dot11g-radio-profile	744
rf event-thresholds-profile	758
rf ht-radio-profile	761
rf optimization-profile	764
rf spectrum-profile	766
router mobile	770
router ospf	771
routing-policy-map	774
service	776
show aaa accounting tacacs	778
show aaa authentication all	780
show aaa authentication captive-portal	781
show aaa authentication captive-portal customization	786
show aaa authentication dot1x	788
show aaa authentication mac	796
show aaa authentication mgmt	798
show aaa authentication stateful-dot1x	800
show aaa authentication stateful-ntlm	802
show aaa authentication via auth-profile	804
show aaa authentication via connection-profile	806
show aaa authentication via web-auth	812
show aaa authentication vpn	814
show aaa authentication wired	816
show aaa authentication wispr	817
show aaa authentication-server all	820
show aaa authentication-server internal	822
show aaa authentication-server ldap	825
show aaa authentication-server radius	827
show aaa authentication-server tacacs	833
show aaa authentication-server windows	835
show aaa bandwidth-contracts	837
show aaa debug	838
show aaa derivation-rules	840
show aaa dns-query-interval	844
show aaa fqdn-server-names	845
show aaa load-balance statistics	846
show aaa main-profile	849
show aaa password-policy mgmt	851
show aaa profile	854
show aaa radius-attributes	858
show aaa rfc-3576-server	860
show aaa server-group	863
show aaa state ap-group	867
show aaa state configuration	868
show aaa state debug-statistics	872
show aaa state log	876
show aaa state messages	878
show aaa state station	880
show aaa state user	881
show aaa tacacs-accounting	882
show aaa timers	883
show aaa web admin-port	884
show aaa xml-api server	885
show aaa xml-api statistics	886
show acl ace-table	889
show acl acl-table	890
show acl hits	893
show activate-service-whitelist	896
show adp config	897
show adp counters	898
show airgroup	899
show airgroup active-domains	904
show airgroup blocked-queries	905
show airgroup blocked-service-id	907
show airgroup cache entries	909
show airgroup cppm	911
show airgroup cppm-server	913
show airgroup domain	916
show airgroup internal-state statistics	918
show airgroup global-credits	921
show airgroup multi-controller-table	923
show airgroup servers	925
show airgroup status	928
show airgroup users	931
show airgroup vlan	933
show airgroupservice	934
show ap active	937
show ap-group	941
show ap-name	944
show ap allowed-channels	947
show ap ap-group	949
show ap arm client-match history	951
show ap arm client-match neighbors	955
show ap arm client-match Pending	957
show ap arm client-match probe-report	960
show ap arm client-match restriction-table	962
show ap arm client-match summary	965
show ap arm client-match unsupported	969
show ap arm history	971
show ap arm neighbors	974
show ap arm rf-summary	976
show ap arm scan-times	979
show ap arm split-scan-history	982
show ap arm state	984
show ap arm status	986
show ap arm virtual-beacon-report	987
show ap association	990
show ap association remote	993
show ap authorization-profile	995
show ap blacklist-clients	997
show ap bss-table	999
show ap bw-report	1003
show ap client status	1005
show ap client trail-info	1007
show ap config	1009
show ap consolidated-provision info	1041
show ap-crash-transfer	1044
show ap database	1045
show ap database-summary	1049
show ap debug bandwidth-management	1051
show ap debug ble-config	1055
show ap debug ble-counters	1057
show ap debug ble-log	1059
show ap debug ble-table	1061
show ap debug ble-update-status	1063
show ap debug bss-config	1065
show ap debug bss-stats	1068
show ap debug client-deauth-reason-counters	1074
show ap debug client-mgmt-counters	1075
show ap debug client-stats	1078
show ap debug client-table	1082
show ap debug client-trace	1086
show ap debug counters	1087
show ap debug crash-info	1089
show ap debug crypto	1091
show ap debug datapath	1093
show ap debug dot11r	1095
show ap debug dot11r state	1097
show ap debug driver-log	1098
show ap debug gre-tun-stats	1099
show ap debug gsm-counters	1100
show ap debug ipc forwarding-statistics	1101
show ap debug lacp	1102
show ap debug lldp	1105
show ap debug log	1106
show ap debug config-msg-history	1107
show ap debug dot11r state	1108
show ap debug port status	1109
show ap debug radar-logs	1111
show ap debug radio-event-log status	1114
show ap debug radio-info	1116
show ap debug radio-registers	1118
show ap debug radio-stats	1119
show ap debug received-config	1134
show ap debug shaping-table	1141
show ap debug spanning-tree	1144
show ap debug switching	1145
show ap debug system-status	1146
show ap debug trace-addr	1149
show ap debug usb	1150
show ap details	1152
show ap enet-link-profile	1159
show ap essid	1161
show ap ht-rates	1162
show ap image-preload-status (deprecated)	1164
show ap image-preload status	1165
show ap image version	1168
show ap-lacp-striping-ip	1170

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1,000
1,001
1,002
1,003
1,004
1,005
1,006
1,007
1,008
1,009
1,010
1,011
1,012
1,013
1,014
1,015
1,016
1,017
1,018
1,019
1,020
1,021
1,022
1,023
1,024
1,025
1,026
1,027
1,028
1,029
1,030
1,031
1,032
1,033
1,034
1,035
1,036
1,037
1,038
1,039
1,040
1,041
1,042
1,043
1,044
1,045
1,046
1,047
1,048
1,049
1,050
1,051
1,052
1,053
1,054
1,055
1,056
1,057
1,058
1,059
1,060
1,061
1,062
1,063
1,064
1,065
1,066
1,067
1,068
1,069
1,070
1,071
1,072
1,073
1,074
1,075
1,076
1,077
1,078
1,079
1,080
1,081
1,082
1,083
1,084
1,085
1,086
1,087
1,088
1,089
1,090
1,091
1,092
1,093
1,094
1,095
1,096
1,097
1,098
1,099
1,100
1,101
1,102
1,103
1,104
1,105
1,106
1,107
1,108
1,109
1,110
1,111
1,112
1,113
1,114
1,115
1,116
1,117
1,118
1,119
1,120
1,121
1,122
1,123
1,124
1,125
1,126
1,127
1,128
1,129
1,130
1,131
1,132
1,133
1,134
1,135
1,136
1,137
1,138
1,139
1,140
1,141
1,142
1,143
1,144
1,145
1,146
1,147
1,148
1,149
1,150
1,151
1,152
1,153
1,154
1,155
1,156
1,157
1,158
1,159
1,160
1,161
1,162
1,163
1,164
1,165
1,166
1,167
1,168
1,169
1,170
1,171
1,172
1,173
1,174
1,175
1,176
1,177
1,178
1,179
1,180
1,181
1,182
1,183
1,184
1,185
1,186
1,187
1,188
1,189
1,190
1,191
1,192
1,193
1,194
1,195
1,196
1,197
1,198
1,199
1,200
1,201
1,202
1,203
1,204
1,205
1,206
1,207
1,208
1,209
1,210
1,211
1,212
1,213
1,214
1,215
1,216
1,217
1,218
1,219
1,220
1,221
1,222
1,223
1,224
1,225
1,226
1,227
1,228
1,229
1,230
1,231
1,232
1,233
1,234
1,235
1,236
1,237
1,238
1,239
1,240
1,241
1,242
1,243
1,244
1,245
1,246
1,247
1,248
1,249
1,250
1,251
1,252
1,253
1,254
1,255
1,256
1,257
1,258
1,259
1,260
1,261
1,262
1,263
1,264
1,265
1,266
1,267
1,268
1,269
1,270
1,271
1,272
1,273
1,274
1,275
1,276
1,277
1,278
1,279
1,280
1,281
1,282
1,283
1,284
1,285
1,286
1,287
1,288
1,289
1,290
1,291
1,292
1,293
1,294
1,295
1,296
1,297
1,298
1,299
1,300
1,301
1,302
1,303
1,304
1,305
1,306
1,307
1,308
1,309
1,310
1,311
1,312
1,313
1,314
1,315
1,316
1,317
1,318
1,319
1,320
1,321
1,322
1,323
1,324
1,325
1,326
1,327
1,328
1,329
1,330
1,331
1,332
1,333
1,334
1,335
1,336
1,337
1,338
1,339
1,340
1,341
1,342
1,343
1,344
1,345
1,346
1,347
1,348
1,349
1,350
1,351
1,352
1,353
1,354
1,355
1,356
1,357
1,358
1,359
1,360
1,361
1,362
1,363
1,364
1,365
1,366
1,367
1,368
1,369
1,370
1,371
1,372
1,373
1,374
1,375
1,376
1,377
1,378
1,379
1,380
1,381
1,382
1,383
1,384
1,385
1,386
1,387
1,388
1,389
1,390
1,391
1,392
1,393
1,394
1,395
1,396
1,397
1,398
1,399
1,400
1,401
1,402
1,403
1,404
1,405
1,406
1,407
1,408
1,409
1,410
1,411
1,412
1,413
1,414
1,415
1,416
1,417
1,418
1,419
1,420
1,421
1,422
1,423
1,424
1,425
1,426
1,427
1,428
1,429
1,430
1,431
1,432
1,433
1,434
1,435
1,436
1,437
1,438
1,439
1,440
1,441
1,442
1,443
1,444
1,445
1,446
1,447
1,448
1,449
1,450
1,451
1,452
1,453
1,454
1,455
1,456
1,457
1,458
1,459
1,460
1,461
1,462
1,463
1,464
1,465
1,466
1,467
1,468
1,469
1,470
1,471
1,472
1,473
1,474
1,475
1,476
1,477
1,478
1,479
1,480
1,481
1,482
1,483
1,484
1,485
1,486
1,487
1,488
1,489
1,490
1,491
1,492
1,493
1,494
1,495
1,496
1,497
1,498
1,499
1,500
1,501
1,502
1,503
1,504
1,505
1,506
1,507
1,508
1,509
1,510
1,511
1,512
1,513
1,514
1,515
1,516
1,517
1,518
1,519
1,520
1,521
1,522
1,523
1,524
1,525
1,526
1,527
1,528
1,529
1,530
1,531
1,532
1,533
1,534
1,535
1,536
1,537
1,538
1,539
1,540
1,541
1,542
1,543
1,544
1,545
1,546
1,547
1,548
1,549
1,550
1,551
1,552
1,553
1,554
1,555
1,556
1,557
1,558
1,559
1,560
1,561
1,562
1,563
1,564
1,565
1,566
1,567
1,568
1,569
1,570
1,571
1,572
1,573
1,574
1,575
1,576
1,577
1,578
1,579
1,580
1,581
1,582
1,583
1,584
1,585
1,586
1,587
1,588
1,589
1,590
1,591
1,592
1,593
1,594
1,595
1,596
1,597
1,598
1,599
1,600
1,601
1,602
1,603
1,604
1,605
1,606
1,607
1,608
1,609
1,610
1,611
1,612
1,613
1,614
1,615
1,616
1,617
1,618
1,619
1,620
1,621
1,622
1,623
1,624
1,625
1,626
1,627
1,628
1,629
1,630
1,631
1,632
1,633
1,634
1,635
1,636
1,637
1,638
1,639
1,640
1,641
1,642
1,643
1,644
1,645
1,646
1,647
1,648
1,649
1,650
1,651
1,652
1,653
1,654
1,655
1,656
1,657
1,658
1,659
1,660
1,661
1,662
1,663
1,664
1,665
1,666
1,667
1,668
1,669
1,670
1,671
1,672
1,673
1,674
1,675
1,676
1,677
1,678
1,679
1,680
1,681
1,682
1,683
1,684
1,685
1,686
1,687
1,688
1,689
1,690
1,691
1,692
1,693
1,694
1,695
1,696
1,697
1,698
1,699
1,700
1,701
1,702
1,703
1,704
1,705
1,706
1,707
1,708
1,709
1,710
1,711
1,712
1,713
1,714
1,715
1,716
1,717
1,718
1,719
1,720
1,721
1,722
1,723
1,724
1,725
1,726
1,727
1,728
1,729
1,730
1,731
1,732
1,733
1,734
1,735
1,736
1,737
1,738
1,739
1,740
1,741
1,742
1,743
1,744
1,745
1,746
1,747
1,748
1,749
1,750
1,751
1,752
1,753
1,754
1,755
1,756
1,757
1,758
1,759
1,760
1,761
1,762
1,763
1,764
1,765
1,766
1,767
1,768
1,769
1,770
1,771
1,772
1,773
1,774
1,775
1,776
1,777
1,778
1,779
1,780
1,781
1,782
1,783
1,784
1,785
1,786
1,787
1,788
1,789
1,790
1,791
1,792
1,793
1,794
1,795
1,796
1,797
1,798
1,799
1,800
1,801
1,802
1,803
1,804
1,805
1,806
1,807
1,808
1,809
1,810
1,811
1,812
1,813
1,814
1,815
1,816
1,817
1,818
1,819
1,820
1,821
1,822
1,823
1,824
1,825
1,826
1,827
1,828
1,829
1,830
1,831
1,832
1,833
1,834
1,835
1,836
1,837
1,838
1,839
1,840
1,841
1,842
1,843
1,844
1,845
1,846
1,847
1,848
1,849
1,850
1,851
1,852
1,853
1,854
1,855
1,856
1,857
1,858
1,859
1,860
1,861
1,862
1,863
1,864
1,865
1,866
1,867
1,868
1,869
1,870
1,871
1,872
1,873
1,874
1,875
1,876
1,877
1,878
1,879
1,880
1,881
1,882
1,883
1,884
1,885
1,886
1,887
1,888
1,889
1,890
1,891
1,892
1,893
1,894
1,895
1,896
1,897
1,898
1,899
1,900
1,901
1,902
1,903
1,904
1,905
1,906
1,907
1,908
1,909
1,910
1,911
1,912
1,913
1,914
1,915
1,916
1,917
1,918
1,919
1,920
1,921
1,922
1,923
1,924
1,925
1,926
1,927
1,928
1,929
1,930
1,931
1,932
1,933
1,934
1,935
1,936
1,937
1,938
1,939
1,940
1,941
1,942
1,943
1,944
1,945
1,946
1,947
1,948
1,949
1,950
1,951
1,952
1,953
1,954
1,955
1,956
1,957
1,958
1,959
1,960
1,961
1,962
1,963
1,964
1,965
1,966
1,967
1,968
1,969
1,970
1,971
1,972
1,973
1,974
1,975
1,976
1,977
1,978
1,979
1,980
1,981
1,982
1,983
1,984
1,985
1,986
1,987
1,988
1,989
1,990
1,991
1,992
1,993
1,994
1,995
1,996
1,997
1,998
1,999
2,000
2,001
2,002
2,003
2,004
2,005
2,006
2,007
2,008
2,009
2,010
2,011
2,012
2,013
2,014
2,015
2,016
2,017
2,018
2,019
2,020
2,021
2,022
2,023
2,024
2,025
2,026
2,027
2,028
2,029
2,030
2,031
2,032
2,033
2,034
2,035
2,036
2,037
2,038
2,039
2,040
2,041
2,042
2,043
2,044
2,045
2,046
2,047
2,048
2,049
2,050
2,051
2,052
2,053
2,054
2,055
2,056
2,057
2,058
2,059
2,060
2,061
2,062
2,063
2,064
2,065
2,066
2,067
2,068
2,069
2,070
2,071
2,072
2,073
2,074
2,075
2,076
2,077
2,078
2,079
2,080
2,081
2,082
2,083
2,084
2,085
2,086
2,087
2,088
2,089
2,090
2,091
2,092
2,093
2,094
2,095
2,096
2,097
2,098
2,099
2,100
2,101
2,102
2,103
2,104
2,105
2,106
2,107
2,108
2,109
2,110
2,111
2,112
2,113
2,114
2,115
2,116
2,117
2,118
2,119
2,120
2,121
2,122
2,123
2,124
2,125
2,126
2,127
2,128
2,129
2,130
2,131
2,132
2,133
2,134
2,135
2,136
2,137
2,138
2,139
2,140
2,141
2,142
2,143
2,144
2,145
2,146
2,147
2,148
2,149
2,150
2,151
2,152
2,153
2,154
2,155
2,156
2,157
2,158
2,159
2,160
2,161
2,162
2,163
2,164
2,165
2,166
2,167
2,168
2,169
2,170
2,171
2,172
2,173
2,174
2,175
2,176
2,177
2,178
2,179
2,180
2,181
2,182
2,183
2,184
2,185
2,186
2,187
2,188
2,189
2,190
2,191
2,192
2,193
2,194
2,195
2,196
2,197
2,198
2,199
2,200
2,201
2,202
2,203
2,204
2,205
2,206
2,207
2,208
2,209
2,210
2,211
2,212
2,213
2,214
2,215
2,216
2,217
2,218
2,219
2,220
2,221
2,222
2,223
2,224
2,225
2,226
2,227
2,228
2,229
2,230
2,231
2,232
2,233
2,234
2,235
2,236
2,237
2,238
2,239
2,240
2,241
2,242
2,243
2,244
2,245
2,246
2,247
2,248
2,249
2,250
2,251
2,252
2,253
2,254
2,255
2,256
2,257
2,258
2,259
2,260
2,261
2,262
2,263
2,264
2,265
2,266
2,267
2,268
2,269
2,270
2,271
2,272
2,273
2,274
2,275
2,276
2,277
2,278
2,279
2,280
2,281
2,282
2,283
2,284
2,285
2,286
2,287
2,288
2,289
2,290
2,291
2,292
2,293
2,294
2,295
2,296
2,297
2,298
2,299
2,300
2,301
2,302
2,303
2,304
2,305
2,306
2,307
2,308
2,309
2,310
2,311
2,312
2,313
2,314
2,315
2,316
2,317
2,318
2,319
2,320
2,321
2,322
2,323
2,324
2,325
2,326
2,327
2,328
2,329
2,330
2,331
2,332
2,333
2,334
2,335
2,336
2,337
2,338
2,339
2,340
2,341
2,342
2,343
2,344
2,345
2,346
2,347
2,348
2,349
2,350
2,351
2,352
2,353
2,354
2,355
2,356
2,357
2,358
2,359
2,360
2,361
2,362
2,363
2,364
2,365
2,366
2,367
2,368
2,369
2,370
2,371
2,372
2,373
2,374
2,375
2,376
2,377
2,378
2,379
2,380
2,381
2,382
2,383
2,384
2,385
2,386
2,387
2,388
2,389
2,390

Match case Limit results 1 per page

363

| esi parser rule

Dell Networking W-Series ArubaOS 6.5.x | Reference Guide

Usage Guidelines

The user creates an ESI rule by using characters and special operators to specify a pattern that uniquely

identifies a syslog message. This “condition” defines the type of message and the ESI domain to which this

message pertains. The rule contains three major fields:

Condition: The pattern that uniquely identifies the syslog message type.

User: The username identifier. It can be in the form of a name, MAC address, or IP address.

Action: The action to take when a rule match occurs.

Once a condition match occurs, no further rule-matching will be made. For the matching rule, only one action

can be defined.

For more details on the character-matching operators, repetition operators, and expression anchors used to

defined the search or match target, refer to the

External Services Interface

chapter in the

Dell Networking W-

Series ArubaOS 6.5.x User Guide

Use the

show esi parser rules

command to show ESI parser rule information. Use the

show esi parser stats

command to show ESI parser rule statistical information

Examples

The following command sets up the Fortigate virus rule named “forti_rule.” This rule parses the virus detection

syslog scanning for a condition match on the log_id value (log_id=) and a match on the IP address (src=).

(host) (config) #esi parser rule forti_rule

condition “log_id=[0-9]{10}[ ]”

match ipaddr “src=(.*)[ ]”

set blacklist

domain fortinet

enable

In this example, the corresponding ESI expression is:

< Sep 26 18:30:02 log_id=0100030101 type=virus subtype=infected src=1.2.3.4 >

The following example of the test command tests a rule against a specified single syslog message.

test msg "26 18:30:02 log_id=0100030101 type=virus subtype=infected src=1.2.3.4"

< 26 18:30:02 log_id=0100030101 type=virus subtype=infected src=1.2.3.4 >

=====

Condition:

Matched with rule "forti_rule"

User:

ipaddr = 1.2.3.4

=====

The following example of the test command tests a rule against a file named test.log, which contains several

syslog messages.

test file test.log

< Sep 26 18:30:02 log_id=0100030101 type=virus subtype=infected src=1.2.3.4 >

==========

Condition:

Matched with rule "forti_rule"

User:

ipaddr = 1.2.3.4

==========

< Oct 18 10:43:40

cli[627]: PAPI_Send: To: 7f000001:8372 Type:0x4 Timed out. >

==========

Condition:

No matching rule condition found

==========