Users Guide
1. Click Add in the SyslogParser Domains tab (Advanced Services > External Services > Syslog Parser
Domain).
The system displays the new domain view.
2. In the Domain Name text box, type the name of the domain to be added.
3. In the Server (IP Address) text box, type a valid IP address.
You must ensure that you type a valid IP address, because the IP address you type is not automatically validated
against the list of external servers that has been configured.
4. Click <<Add.
5. Click Apply.
Adding a New Parser Rule
To add a new syslog parser rule for the route-mode example:
1. Click Add in the SyslogParserRules tab (Advanced Services > External Services > Syslog Parser
Rule).
The system displays the new rule view.
2. In the Rule Name text box, type the name of the rule to be added (in this example, “forti_virus”).
3. Click the Enable checkbox to enable the rule.
4. In the Condition Pattern text box, type the regular expression to be used as the condition pattern. (In this
example, the expression “log_id=[0–9]{10}[]” searches for and matches a 10-digit string preceded by “log_
id=” and followed by one space.)
5. In the drop-down Match list, use the drop-down menu to select the match type (in this example, ipaddr).
6. In the Match Pattern text box, type the regular expression to be used as the match pattern (in this
example, “src=(.*)[]”).
7. In the drop-down Set list, select the set type (in this example, blacklist).
8. In the drop-down Parser Group list, select one of the configured parser domain names (in this example,
“forti_domain”).
9. Click Apply.
In the CLI
Use these CLI commands to define a syslog parser domain and the rule to be applied in the route-mode
example shown in Figure 234
esiparserdomainname
peerpeer-ip
serveripaddr
esiparserrulerule-name
conditionexpression
domainname
enable
match{ipaddrexpression|macexpression|userexpression}
positionposition
set{blacklist|rolerole}
Sample NAT-mode ESI Topology
This section describes the configuration for a sample NAT-mode topology using the controller and three
external captive-portal servers. NAT mode uses a trusted interface for each external captive-portal server and a
Dell Networking W-Series ArubaOS 6.4.x | User Guide External Services Interface | 1102