- Introduction
- Deployment
- Configuration
- OS Support
- Integration
- Troubleshooting
- Enterprise Edition Reference Manual
- 127. Man Pages
- 128. Configuration
- 129. Language
- 130. Extension Modules
- 130.1. Remote Management (xm_admin)
- 130.2. AIX Auditing (xm_aixaudit)
- 130.3. Apple System Logs (xm_asl)
- 130.4. Basic Security Module Auditing (xm_bsm)
- 130.5. Common Event Format (xm_cef)
- 130.6. Character Set Conversion (xm_charconv)
- 130.7. Delimiter-Separated Values (xm_csv)
- 130.8. Encryption (xm_crypto)
- 130.9. External Programs (xm_exec)
- 130.10. File Lists (xm_filelist)
- 130.11. File Operations (xm_fileop)
- 130.12. GELF (xm_gelf)
- 130.13. Go (xm_go)
- 130.14. Grok (xm_grok)
- 130.15. Java (xm_java)
- 130.16. JSON (xm_json)
- 130.17. Key-Value Pairs (xm_kvp)
- 130.18. LEEF (xm_leef)
- 130.19. Microsoft DNS Server (xm_msdns)
- 130.20. Multiline Parser (xm_multiline)
- 130.21. NetFlow (xm_netflow)
- 130.22. Microsoft Network Policy Server (xm_nps)
- 130.23. Pattern Matcher (xm_pattern)
- 130.24. Perl (xm_perl)
- 130.25. Python (xm_python)
- 130.26. Resolver (xm_resolver)
- 130.27. Rewrite (xm_rewrite)
- 130.28. Ruby (xm_ruby)
- 130.29. SNMP Traps (xm_snmp)
- 130.30. Remote Management (xm_soapadmin)
- 130.31. Syslog (xm_syslog)
- 130.32. W3C (xm_w3c)
- 130.33. WTMP (xm_wtmp)
- 130.34. XML (xm_xml)
- 130.35. Compression (xm_zlib)
- 131. Input Modules
- 132. Processor Modules
- 133. Output Modules
- NXLog Manager
- NXLog Add-Ons
130.22. Microsoft Network Policy Server (xm_nps)
This module provides functions and procedures for processing data in the Network Policy Server (NPS) format. NPS is Microsoft’s implementation of a RADIUS server and proxy, and is formerly known as Internet Authentication Service (IAS). This module is capable of parsing both IAS and NPS-formatted data.
Note
|
To examine the supported platforms, see the list of installer packages in the Available Modules chapter. |
NPS-formatted data typically resembles the sample below.
"RasBox","RAS",10/22/2006,09:13:09,1,"DOMAIN\user","DOMAIN\user",,,,,,"192.168.132.45",12,,"192.168.132.45",,,,0,"CONNECT 24000",1,2,4,,0,"311 1 192.168.132.45 07/31/2006 21:35:14 749",,,,,,,,,,,,,,,,,,,,,,,,,,,,"MSRASV5.00",311,,,,
"RasBox","RAS",10/22/2006,09:13:09,3,,"DOMAIN\user",,,,,,,,,,,,,,,,,4,,36,"311 1 192.168.132.45 07/31/2006 21:35:14 749",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"0x00453D36393120523D3020563D33",,,
"RasBox","RAS",10/22/2006,09:13:13,1,"DOMAIN\user","DOMAIN\user",,,,,,"192.168.132.45",12,,"192.168.132.45",,,,0,"CONNECT 24000",1,2,4,,0,"311 1 192.168.132.45 07/31/2006 21:35:14 750",,,,,,,,,,,,,,,,,,,,,,,,,,,,"MSRASV5.00",311,,,,
For more information about the Microsoft NPS format, see the Interpret NPS Database Format Log Files article on Microsoft TechNet.
130.22.1. Configuration
The xm_nps module accepts only the common module directives.
130.22.2. Procedures
The following procedures are exported by xm_nps.
parse_nps();
-
Parse the
$raw_event
field as NPS input. parse_nps(string source);
-
Parse the given string as NPS format.
130.22.3. Examples
The following configuration reads NPS-formatted files and converts the parsed data into JSON.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
<Extension nps>
Module xm_nps
</Extension>
<Extension json>
Module xm_json
</Extension>
<Input filein>
Module im_file
File 'C:\logs\IAS.log'
Exec parse_nps();
</Input>
<Output fileout>
Module om_file
File 'C:\out.json'
Exec to_json();
</Output>
<Route nps_to_json>
Path filein => fileout
</Route>