search
    search
      19 Jul, 2018

      Here's the steps you'll need to follow to initiate a fork of the RSA NetWitness Log Parsers Repository

      • Create a fork (your copy of the full repo) from the link on top right corner of page https://github.com/netwitness/nwlogparsers
      • Create a new branch in your repo for your work and add your new parser work under community folderpastedImage_2.png
      • Each new parser should be kept in a new folder with its name
        • only add the parser.xml file (not zip or .envision file)
      • Create a new folder for your parser by clicking new file button, when the box shows up add the folder name then a slash and then the file name (this creates a folder for your file which isn’t obvious from the UI)pastedImage_4.pngpastedImage_5.png
      • Copy and paste the text of your parser into the editor
      • Only include the .xml and .ini file and nothing else (no .envision or .zip)
      • Add data to the Commit description at the bottom and click commit new filepastedImage_6.png
      • Raise a pull request to merge your changes to the RSA NetWitness repo
        • Open your repo page on github.com
        • Click create pull request
        • Name the pull request
        • Request will go to the RSA content team for review and merging into the parser(s)

      How to Update your forked log-parsers repository to get latest version

      • Log into your github account
      • Locate the forked nw-logparsers repository in your account

      pastedImage_13.png

      • Click on compare (right side)

      pastedImage_14.png

      You will get a notification like this if it’s the first time for comparing

      There isn't anything to compare.
      someone:master is up to date with all commits from me:master. Try switching the base for your comparison.

      Click on switching the base

      pastedImage_15.png

      Or you will see this if you have compared before:

      pastedImage_16.png

      *** important  ***

      Github defaults to sync your changes to the upstream fork, in this case we want the opposite.

      Chagne the base fork (left option) to be your fork (not the netwitness/nw-logparsers)

      pastedImage_17.png

      Now you will see a different comparing changes screen and a note about comparing the same two things:

      pastedImage_18.png

      Click the compare across forks:

      pastedImage_19.png

      pastedImage_20.png

      Click the head fork and change to the netwitness/ fork:

      pastedImage_21.png

      Now you see the commits since the repository was forked:

      pastedImage_22.png

      Click on Create pull request:

      pastedImage_23.png

      Give it a title and if required a description

      On the next page click Create pull request

      pastedImage_24.png

      pastedImage_25.png

      pastedImage_26.png

      Click confirm merge:

      pastedImage_27.png

      Your copy of the RSA Netwitness nw-logparsers repo is now updated

      pastedImage_28.png

      You can review the latest code and also submit new parsers or updates to your already submitted parsers using the above process.

      The resource I used which helped me along with this was the following very helpful GitHub link:

      https://github.com/KirstieJane/STEMMRoleModels/wiki/Syncing-your-fork-to-the-original-repository-via-the-browser
      Topic:
      0 Comment
        CATEGORIES
        RECENT POST
        Amazon Cloudwatch Event Source Log Configuration Guide
        3 Dec, 2025
        F5 Source Code Breach: Hunting UNC5221's BRICKSTORM with NetWitness
        31 Oct, 2025
        MSAzureGraph Universal Plugin for Microsoft Graph API
        17 Oct, 2025