Documentation forLog Analyzer

Run external program variables

The Run an external program rule actions allow you to set command line arguments for your executed program or script. As a parameter, you can use variables which will translate to a corresponding string before the program/script is executed.

List of available variables

General variable definition Description

${IpAddress} 

The IP address of the source device 

${DateTime}

The current date and time - String format MM/dd/yyyy hh:mm

${Date}

The current date - String format MM/dd/yyyy

${LongDate}

The current date - Example: "Tuesday, August 25, 2020"

${LongTime}

The current time - Example: 12:23:19 PM

${DayOfWeek}

The current day of the week - Example: "Tuesday"

${Year}

The current year

${Hour}

The current hour

${Minute}

The current minute

${Second}

The current second

${NodeID}

The node ID of the source device

${Message}

The message attached to this entry

${Hostname}

The node caption of the source device

${Level}

The severity level of the message

${SourceType}

The message source type (Syslog, Traps, WindowsEvents,VMwareEvents, FlatFiles)

${Vendor}

The vendor of the source device

${MachineType}

The machine type of the source device

Trap variable definition Description

${TrapType}

The message trap type

${TrapOid}

The corresponding trap oid to trap type

${Community}

The SNMP trap community string for message entry

${VarBindingNames}

Dot notation (see chapter below)

${VarBindingValues}

Dot notation (see chapter below)

Syslog variable definition Description

${FacilityName}

The Syslog facility name of this entry

Window event variable definition Description

${LogName}

The name of the Windows log

${ProviderName}

The source of the software that logs the event

${User}

The Windows username for the corresponding message. Can be "N/A"

${EventData}

Dot notation (see chapter below)

Log files variable definition Description

${Filename}

The name of the file to which the message belongs

Accessing fields using Dot notation

Dot notation is available for following fields:

  • EventData (Windows Events)

  • VarBindingNames (Traps) - Returns human readable (oid converted to its string represantation, values converted to times, ...) varbinding values

  • VarBindingValues (Traps) - Returns raw varbinding values

Variables from these mentioned fields can be accessed using RootField.name of the variable

Examples:

Variable Example output

${EventData.SubjectDomainName}

WORKGROUP

${EventData.ProcessName}

C:\Windows\System32\services.exe

${VarBindingNames.sysUpTime}

42 days 0 hours 34 minutes 15,25 seconds

${VarBindingValues.1.3.6.1.2.1.1.3.0}

363085525

${VarBindingNames.snmpTrapEnterprise}

SNMPv2-SMI:enterprises.2854

${VarBindingValues.1.3.6.1.2.1.1.3.0}

1.3.6.1.4.1.2854