first block is the matched expression;the second block contains the value inside the parentheses. For username
matching,t hefocus is on the second block,as i t contains the username.

Condition Pattern Matchi ng

The followingdescription uses the Fortigate vi russyslog message format as an example to describe condition pattern
matching.The Forti gate virus syslog message takes the form:
Sep2618:30:02log_id=0100030101type=virussubtype=infectedsrc=1.2.3.4
This message examplecontains the Fortigate vi ruslog ID number 01000 30101 (“log_id=010003 0101”), which can
be usedas the condition—the pattern that uniquelyidentifies t his syslog message.
The parserexpression that matches this condition is “log_id=01 00030101”. This is a narrow match on the specific
log ID number shown in the message, or “log_id=[0–9]{10}[]” ,which is a regular expression that matches any
Fortigate log entry with a ten-digit log ID followed by a space.

User Pattern Matching

To extract the useri dentifieri n theexample Fortigate virus message shown above (“src=1.2.3.4”), use the following
expression,“src=(.*)[]” to parse the user information contained betweent heparentheses. The () block specifies
wheret he usernamewill be extracted. Only the first block will be processed.
More examples:
Given a messagewherein the username is a MAC address:
Sep2618:30:02log_id=0100030101type=virussubtype=infectedmac00:aa:bb:cc:dd:00
The expression “mac[](.{17})”will match “mac00:aa:bb:cc:dd:00”i n the examplemessage.
Given a messagewherein the username is a user name:
Sep2618:30:02log_id=0100030101type=virussubtype=infecteduser<johndoe>
The expression “user<(.*)>”wi llmatch “user<johndoe>”in theexample message.
Configuring ESI
You can use the followinginterfaces to co nfigureand manage ESI and ESI syslog parser behavior:
lThe Webuser interface (WebUI), which is accessible through a standard Web browserfrom a remote
managementconsole or wo rkstation.
lThe command linei nterface(CLI ), which is accessible from a local console device connected to the serial port
on the controllero r througha Telnet or Secure Shell (SSH) connection from a remote management console or
workstation.
NOTE:By default, you can access the CLI only from the serial port or from an SSH session. To usethe CLI in a Telnet session, you
mustexplici tlyenabl e Telnet on thecontroll er. The general configuration descriptions in the following sections include both the
WebUIpages and the CLI configuration commands. The configuration overview section is followed by several examples that
showspecific configuration procedures.
In general,there are three ESI configuration “phases” on the controlleras a part of t heso lution:
lThe first phaseco nfiguresthe ESI

ping health-checkmethod

,

servers

, and

servergroups

.Thet erm

server

hererefers
to external serverdevices, for example, an AVF.
DellPowerConnect W- Series ArubaOS 6.2 | UserGuide ExternalServicesInter face |752