Before you request for a new log to be parsed, Alert Logic recommends you confirm parsed logs in the Threat Intelligence Center, within the Alert Logic console at > Investigate> Threat Intel Center > Log Parsers. Here, you can confirm which of your logs are already being parsed.
If you could not find the log you want parsed in the Threat Intelligence Center, you can request new parsers for unparsed logs by creating a ticket in the Alert Logic Support Center. Within your ticket, it is important to include one or more links to unparsed messages on the Alert Logic console. If you do not, Alert Logic Support will not be able to create your parser.
Note: We cannot accept product documents in place of links.
You should also include any preferences for parsing that you have (e.g. important fields, preferred formats, irrelevant fields, etc). A Support agent may contact you to clarify these details or request further information.
This process normally takes 10-15 business days to complete, but varies depending on request complexity. Once the log parsing is complete, you will receive an email confirming that the requested logs are now being parsed.
Note: Alert Logic focuses on logs from known third-party software, servers, and services. We do not support parsers for custom software.