Skip to content
  • There are no suggestions because the search field is empty.

Mapping System Parsers to Lua Parsers

This applies to only customers with Network Decoders deployed.  Mapping of system parsers to Lua parsers.  System parsers are typically better performance, however, Lua parsers typically extract more metadata.

  • System Parser:

    AIM

  • Lua Parser Equivalent:

    AIM_lua

  • Notes:

    AIM system parser was removed in favor of the AIM_lua Lua parser.


  • System Parser:

    ALERTS

  • Lua Parser Equivalent:

    None

  • Notes:

    This parser enables or disables the application rules. If you disable it entirely, the rules are not evaluated at all. If you disable the keys, they are evaluated, but the that key won’t be registered.


  • System Parser:

    DHCP

  • Lua Parser Equivalent:

    DHCP_lua

  • Notes:

  • System Parser:

    DNS

  • Lua Parser Equivalent:

    DNS_verbose_lua

  • Notes:

  • System Parser:

    FeedParser

  • Lua Parser Equivalent:

    None

  • Notes:

    This parser enables or disables the feeds.  If you disable it entirely, feeds are not evaluated at all.  If you disable a key, feeds are evaluated, but meta going to that key from a feed won't be registered. 


  • System Parser:

    FTP

  • Lua Parser Equivalent:

    FTP_lua

  • Notes:

  • System Parser:

    GeoIP

  • Lua Parser Equivalent:

    None

  • Notes:

    Geographic data based on source and destination information (ip.src, ip.dst, country.src, country.dst, city.src, city.dst) that may be helpful during investigations and writing content for alerting.


  • System Parser:

    Gtalk

  • Lua Parser Equivalent:

    None

  • Notes:

  • System Parser:

    H323

  • Lua Parser Equivalent:

    None

  • Notes:

  • System Parser:

    HTTP

  • Lua Parser Equivalent:

    HTTP_lua

  • Notes:

  • System Parser:

    HTTPS

  • Lua Parser Equivalent:

    TLS_lua

  • Notes:

  • System Parser:

    IRC

  • Lua Parser Equivalent:

    IRC_verbose_lua

  • Notes:

  • System Parser:

    LotusNotes

  • Lua Parser Equivalent:

    None

  • Notes:

    Obsolete


  • System Parser:

    MAIL

  • Lua Parser Equivalent:

    MAIL_lua

  • Notes:

  • System Parser:

    MSN

  • Lua Parser Equivalent:

    None

  • Notes:

    Obsolete


  • System Parser:

    Net2Phone

  • Lua Parser Equivalent:

    None

  • Notes:

    Obsolete


  • System Parser:

    NETBIOS

  • Lua Parser Equivalent:

    NetBIOS_lua

  • Notes:

  • System Parser:

    NETWORK

  • Lua Parser Equivalent:

    None

  • Notes:

    Network Layer parser is required to extract basic information about the session such as the service, IPs, ports and payload


  • System Parser:

    NFS

  • Lua Parser Equivalent:

    NFS_lua

  • Notes:

  • System Parser:

    NNTP

  • Lua Parser Equivalent:

    None

  • Notes:

  • System Parser:

    PGP

  • Lua Parser Equivalent:

    None

  • Notes:

  • System Parser:

    POP3

  • Lua Parser Equivalent:

    POP3_lua

  • Notes:

  • System Parser:

    RIP

  • Lua Parser Equivalent:

    ripng_lua

  • Notes:

  • System Parser:

    RTP

  • Lua Parser Equivalent:

    None

  • Notes:

  • System Parser:

    SAMETIME

  • Lua Parser Equivalent:

    None

  • Notes:

    Obsolete


  • System Parser:

    SCCP

  • Lua Parser Equivalent:

    SCCP_lua

  • Notes:

  • System Parser:

    SEARCH

  • Lua Parser Equivalent:

    None

  • Notes:

    Enables search.ini. If you disable it entirely, regular expressions in search.ini will not be evaluated nor generate meta.


  • System Parser:

    SIP

  • Lua Parser Equivalent:

    SIP_lua

  • Notes:

  • System Parser:

    SMB

  • Lua Parser Equivalent:

    SMB_lua

  • Notes:

  • System Parser:

    SMIME

  • Lua Parser Equivalent:

    None

  • Notes:

  • System Parser:

    SMTP

  • Lua Parser Equivalent:

    SMTP_lua

  • Notes:

  • System Parser:

    SNMP

  • Lua Parser Equivalent:

    SNMP_lua

  • Notes:

  • System Parser:

    Snort

  • Lua Parser Equivalent:

    None

  • Notes:

    Enables evaluation of snort signatures. If you disable this entirely, snort signatures will not be evaluated nor generate meta.


  • System Parser:

    SSH

  • Lua Parser Equivalent:

    SSH_lua

  • Notes:

  • System Parser:

    TDS

  • Lua Parser Equivalent:

    TDS_lua

  • Notes:

  • System Parser:

    TELNET

  • Lua Parser Equivalent:

    None

  • Notes:

  • System Parser:

    TFTP

  • Lua Parser Equivalent:

    TFTP_lua

  • Notes:

  • System Parser:

    TNS

  • Lua Parser Equivalent:

    None

  • Notes:

  • System Parser:

    VCARD

  • Lua Parser Equivalent:

    vCard_lua

  • Notes:

  • System Parser:

    VlanGre

  • Lua Parser Equivalent:

    None

  • Notes:

    This is an extension of the NETWORK parser. It is required to extract information about VLAN tags and GRE endpoints.


  • System Parser:

    WEBMAIL

  • Lua Parser Equivalent:

    None

  • Notes:

    Obsolete


  • System Parser:

    WLAN

  • Lua Parser Equivalent:

    None

  • Notes:

    This is an extension of the NETWORK parser. It is required to extract information about WiFi networks.


  • System Parser:

    YCHAT

  • Lua Parser Equivalent:

    None

  • Notes:

    Obsolete


  • System Parser:

    YMSG

  • Lua Parser Equivalent:

    None

  • Notes:

    Obsolete


docFeedback.png

You are here
Table of Contents > Mapping System Parsers to Lua Parsers