By BonWierBR549 - 29 Mar 2020
Greetings,
Has anyone been successful in making a parser for the odd AuditData field in the download of UnifiedAuditLog from Office365?
Thanks in advance,
BR549
|
By LogViewPlus Support - 29 Mar 2020
Hi,
I can probably help you with this configuration. Do you think you can send me a few sample log entries so I can better understand the problem?
Thanks,
Toby
|
By BonWierBR549 - 29 Mar 2020
Greetings thank you for your reply - let me speak to my friend and see if she will allow me to share some lines from her O365. Thank you BR549
|
By BonWierBR549 - 30 Mar 2020
Greetings - still speaking to my friend about sharing data from her log files - - BUT in the mean time - -here is a webpage that explains the potential variance in the types of entries that might be in a log file - - https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-schema - - - as you can see there are a LOT of possibilities and after thinking (and doing other research) I am not sure if ANY solution will fit the bill. Thanks for you information and stay safe, BR549
|
By LogViewPlus Support - 30 Mar 2020
Thanks for the update.
A wide range of logging possibilities is actually pretty common with log file formats. Frequently though, a customer is using only a small subset of the possibilities. That's why LogViewPlus puts the emphasis on configuration rather than supporting "The Office 365 Management Activity API schema". Supporting the schema as a whole wouldn't necessarily be difficult, but it is just one of many. Also, parsing a log file tends to be more straight-forward than supporting a format.
I am confident that LogViewPlus can parse your log files.
I understand that not all logs can be shared. There are four options here:
1. Scrub the log entries to remove any confidential information. We can generally give you a good parse if we can see just 2 - 3 log entries. We don't need the data, just the structure.
2. Contact us directly. This makes it a bit easier to share data.
3. Review the documentation and see if you can crack it. We are happy to help if you have any questions.
4. If all else fails - you can always write your own parser.
Hope that helps,
Toby
|