You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@metron.apache.org by rm...@apache.org on 2016/05/02 19:26:43 UTC
[2/3] incubator-metron git commit: METRON-122 Create generic unit
test framework for testing grok statements (merrimanr) closes
apache/incubator-metron#96
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-integration-test/src/main/resources/sample/data/SampleParsed/BluecoatParsed
----------------------------------------------------------------------
diff --git a/metron-platform/metron-integration-test/src/main/resources/sample/data/SampleParsed/BluecoatParsed b/metron-platform/metron-integration-test/src/main/resources/sample/data/SampleParsed/BluecoatParsed
new file mode 100644
index 0000000..201c972
--- /dev/null
+++ b/metron-platform/metron-integration-test/src/main/resources/sample/data/SampleParsed/BluecoatParsed
@@ -0,0 +1,144 @@
+{"eid":"WJS310","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.29.36: user 'WJS310' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.29.36","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.29.36: user 'WJS310' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"yaw983","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.216.222: user 'yaw983' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.216.222","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.216.222: user 'yaw983' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"yaw983","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.216.222: user 'yaw983' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.216.222","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.216.222: user 'yaw983' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"yaw983","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.216.222: user 'yaw983' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.216.222","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.216.222: user 'yaw983' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ags432","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.114.217.29: user 'ags432' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.114.217.29","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.114.217.29: user 'ags432' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"u62206","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.113.216.196: user 'u62206' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.113.216.196","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.113.216.196: user 'u62206' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"CXI886","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.127.221.164: user 'CXI886' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.127.221.164","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.127.221.164: user 'CXI886' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"CXI886","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.127.221.164: user 'CXI886' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.127.221.164","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.127.221.164: user 'CXI886' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ags432","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.114.217.29: user 'ags432' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.114.217.29","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.114.217.29: user 'ags432' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"fjl928","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.218.165.248: user 'fjl928' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.218.165.248","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.218.165.248: user 'fjl928' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\uzl193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'LOCAL\\uzl193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'LOCAL\\uzl193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ugs662","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.152.102.72: user 'ugs662' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.152.102.72","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.152.102.72: user 'ugs662' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"XGZ521","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.119.223.52: user 'XGZ521' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.119.223.52","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.119.223.52: user 'XGZ521' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"original_string":"<29>Apr 14 20:31:07 ProxySG: 250018 LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=FJL928,OU=Developers,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","event_type":"authentication failure","event_code":"250018","realm":"AD_ldap","priority":"29","message":" LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=FJL928,OU=Developers,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"fjl928","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.218.165.248: user 'fjl928' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.218.165.248","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.218.165.248: user 'fjl928' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"original_string":"<29>Apr 14 20:31:07 ProxySG: 250018 LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=UZL193,OU=User Lock Policy 00,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","event_type":"authentication failure","event_code":"250018","realm":"0,OU=Al","priority":"29","message":" LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=UZL193,OU=User Lock Policy 00,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"XGZ521","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.119.223.52: user 'XGZ521' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.119.223.52","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.119.223.52: user 'XGZ521' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ugs662","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.152.102.72: user 'ugs662' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.152.102.72","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.152.102.72: user 'ugs662' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"original_string":"<29>Apr 14 20:31:07 ProxySG: 250018 LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=EPL857,OU=User Lock Policy 05,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","event_type":"authentication failure","event_code":"250018","realm":"5,OU=Al","priority":"29","message":" LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=EPL857,OU=User Lock Policy 05,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"epl857","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.210.223.65: user 'epl857' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.210.223.65","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.210.223.65: user 'epl857' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"epl857","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.210.223.65: user 'epl857' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.210.223.65","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.210.223.65: user 'epl857' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\sdq302","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.127.216.106: user 'LOCAL\\sdq302' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.127.216.106","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.127.216.106: user 'LOCAL\\sdq302' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'LOCAL\\kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.219.15.104: user 'LOCAL\\kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"original_string":"<29>Apr 14 20:31:07 ProxySG: 250018 LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=SDQ302,OU=Developers,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","event_type":"authentication failure","event_code":"250018","realm":"AD_ldap","priority":"29","message":" LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=SDQ302,OU=Developers,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"sdq302","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.127.216.106: user 'sdq302' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.127.216.106","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.127.216.106: user 'sdq302' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\dkg773","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.120.144.20: user 'LOCAL\\dkg773' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.120.144.20","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.120.144.20: user 'LOCAL\\dkg773' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"dkg773","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.120.144.20: user 'dkg773' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.120.144.20","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.120.144.20: user 'dkg773' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"dkg773","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.120.144.20: user 'dkg773' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.120.144.20","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.120.144.20: user 'dkg773' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ugs662","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.152.102.72: user 'ugs662' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.152.102.72","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.152.102.72: user 'ugs662' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\uua398","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.219.193: user 'LOCAL\\uua398' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.219.193","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.219.193: user 'LOCAL\\uua398' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ugs662","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.152.102.72: user 'ugs662' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.152.102.72","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.152.102.72: user 'ugs662' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:06 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683866000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:06 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683866000,"source.type":"bluecoat"}
+{"eid":"XGZ521","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.119.223.52: user 'XGZ521' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.119.223.52","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.119.223.52: user 'XGZ521' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\wjs310","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.29.36: user 'LOCAL\\wjs310' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.29.36","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.29.36: user 'LOCAL\\wjs310' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"original_string":"<29>Apr 14 20:31:07 ProxySG: 250018 LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=WJS310,OU=Developers,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","event_type":"authentication failure","event_code":"250018","realm":"AD_ldap","priority":"29","message":" LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=WJS310,OU=Developers,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"WJS310","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.29.36: user 'WJS310' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.29.36","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.29.36: user 'WJS310' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"WJS310","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.29.36: user 'WJS310' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.29.36","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.29.36: user 'WJS310' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\yaw983","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.216.222: user 'LOCAL\\yaw983' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.216.222","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.216.222: user 'LOCAL\\yaw983' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"yaw983","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.216.222: user 'yaw983' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.216.222","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.216.222: user 'yaw983' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"yaw983","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.216.222: user 'yaw983' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.216.222","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.216.222: user 'yaw983' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ags432","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.114.217.29: user 'ags432' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.114.217.29","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.114.217.29: user 'ags432' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\u62206","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.113.216.196: user 'LOCAL\\u62206' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.113.216.196","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.113.216.196: user 'LOCAL\\u62206' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"original_string":"<29>Apr 14 20:31:07 ProxySG: 250001 LDAP: Authentication failed from 10.113.216.196: no such user in realm 'AD_ldap'(102089) NORMAL_EVENT realm_ldap.cpp 2634","event_type":"authentication failure","event_code":"250001","designated_host":"10.113.216.196","realm":"AD_ldap","priority":"29","message":" LDAP: Authentication failed from 10.113.216.196: no such user in realm 'AD_ldap'(102089) NORMAL_EVENT realm_ldap.cpp 2634","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ags432","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.114.217.29: user 'ags432' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.114.217.29","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.114.217.29: user 'ags432' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\fjl928","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.218.165.248: user 'LOCAL\\fjl928' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.218.165.248","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.218.165.248: user 'LOCAL\\fjl928' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"fjl928","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.218.165.248: user 'fjl928' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.218.165.248","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.218.165.248: user 'fjl928' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ugs662","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.152.102.72: user 'ugs662' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.152.102.72","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.152.102.72: user 'ugs662' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"XGZ521","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.119.223.52: user 'XGZ521' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.119.223.52","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.119.223.52: user 'XGZ521' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"XGZ521","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.119.223.52: user 'XGZ521' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.119.223.52","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.119.223.52: user 'XGZ521' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"XGZ521","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.119.223.52: user 'XGZ521' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.119.223.52","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.119.223.52: user 'XGZ521' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"fjl928","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.218.165.248: user 'fjl928' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.218.165.248","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.218.165.248: user 'fjl928' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"fjl928","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.218.165.248: user 'fjl928' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.218.165.248","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.218.165.248: user 'fjl928' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\epl857","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.210.223.65: user 'LOCAL\\epl857' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.210.223.65","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.210.223.65: user 'LOCAL\\epl857' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"XGZ521","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.119.223.52: user 'XGZ521' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.119.223.52","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.119.223.52: user 'XGZ521' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ugs662","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.152.102.72: user 'ugs662' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.152.102.72","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.152.102.72: user 'ugs662' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"epl857","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.210.223.65: user 'epl857' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.210.223.65","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.210.223.65: user 'epl857' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"epl857","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.210.223.65: user 'epl857' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.210.223.65","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.210.223.65: user 'epl857' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"epl857","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.210.223.65: user 'epl857' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.210.223.65","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.210.223.65: user 'epl857' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"sdq302","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.127.216.106: user 'sdq302' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.127.216.106","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.127.216.106: user 'sdq302' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"sdq302","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.127.216.106: user 'sdq302' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.127.216.106","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.127.216.106: user 'sdq302' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"original_string":"<29>Apr 14 20:31:07 ProxySG: 250018 LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=UUA398,OU=Developers,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","event_type":"authentication failure","event_code":"250018","realm":"AD_ldap","priority":"29","message":" LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=UUA398,OU=Developers,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"uua398","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.219.193: user 'uua398' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.219.193","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.219.193: user 'uua398' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\uzl193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'LOCAL\\uzl193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'LOCAL\\uzl193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"uua398","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.219.193: user 'uua398' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.219.193","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.219.193: user 'uua398' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"u62206","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.113.216.196: user 'u62206' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.113.216.196","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.113.216.196: user 'u62206' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-integration-test/src/main/resources/sample/data/SampleParsed/SquidExampleParsed
----------------------------------------------------------------------
diff --git a/metron-platform/metron-integration-test/src/main/resources/sample/data/SampleParsed/SquidExampleParsed b/metron-platform/metron-integration-test/src/main/resources/sample/data/SampleParsed/SquidExampleParsed
new file mode 100644
index 0000000..9643c25
--- /dev/null
+++ b/metron-platform/metron-integration-test/src/main/resources/sample/data/SampleParsed/SquidExampleParsed
@@ -0,0 +1,2 @@
+{"elapsed":161,"code":200,"ip_dst_addr":"199.27.79.73","original_string":"1461576382.642 161 127.0.0.1 TCP_MISS\/200 103701 GET http:\/\/www.cnn.com\/ - DIRECT\/199.27.79.73 text\/html","method":"GET","bytes":103701,"action":"TCP_MISS","ip_src_addr":"127.0.0.1","url":"cnn.com","timestamp":1461576382642,"source.type":"squid"}
+{"elapsed":159,"code":200,"ip_dst_addr":"66.210.41.9","original_string":"1461576442.228 159 127.0.0.1 TCP_MISS\/200 137183 GET http:\/\/www.nba.com\/ - DIRECT\/66.210.41.9 text\/html","method":"GET","bytes":137183,"action":"TCP_MISS","ip_src_addr":"127.0.0.1","url":"nba.com","timestamp":1461576442228,"source.type":"squid"}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-integration-test/src/main/resources/sample/patterns/test
----------------------------------------------------------------------
diff --git a/metron-platform/metron-integration-test/src/main/resources/sample/patterns/test b/metron-platform/metron-integration-test/src/main/resources/sample/patterns/test
new file mode 100644
index 0000000..a88a255
--- /dev/null
+++ b/metron-platform/metron-integration-test/src/main/resources/sample/patterns/test
@@ -0,0 +1,2 @@
+YAF_TIME_FORMAT %{YEAR:UNWANTED}-%{MONTHNUM:UNWANTED}-%{MONTHDAY:UNWANTED}[T ]%{HOUR:UNWANTED}:%{MINUTE:UNWANTED}:%{SECOND:UNWANTED}
+YAF_DELIMITED %{NUMBER:start_time}\|%{YAF_TIME_FORMAT:end_time}\|%{SPACE:UNWANTED}%{BASE10NUM:duration}\|%{SPACE:UNWANTED}%{BASE10NUM:rtt}\|%{SPACE:UNWANTED}%{INT:protocol}\|%{SPACE:UNWANTED}%{IP:ip_src_addr}\|%{SPACE:UNWANTED}%{INT:ip_src_port}\|%{SPACE:UNWANTED}%{IP:ip_dst_addr}\|%{SPACE:UNWANTED}%{INT:ip_dst_port}\|%{SPACE:UNWANTED}%{DATA:iflags}\|%{SPACE:UNWANTED}%{DATA:uflags}\|%{SPACE:UNWANTED}%{DATA:riflags}\|%{SPACE:UNWANTED}%{DATA:ruflags}\|%{SPACE:UNWANTED}%{WORD:isn}\|%{SPACE:UNWANTED}%{DATA:risn}\|%{SPACE:UNWANTED}%{DATA:tag}\|%{GREEDYDATA:rtag}\|%{SPACE:UNWANTED}%{INT:pkt}\|%{SPACE:UNWANTED}%{INT:oct}\|%{SPACE:UNWANTED}%{INT:rpkt}\|%{SPACE:UNWANTED}%{INT:roct}\|%{SPACE:UNWANTED}%{INT:app}\|%{GREEDYDATA:end_reason}
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-parsers/pom.xml
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/pom.xml b/metron-platform/metron-parsers/pom.xml
index 0462ba9..2630ef3 100644
--- a/metron-platform/metron-parsers/pom.xml
+++ b/metron-platform/metron-parsers/pom.xml
@@ -48,6 +48,17 @@
</exclusions>
</dependency>
<dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-hdfs</artifactId>
+ <version>${global_hadoop_version}</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>servlet-api</artifactId>
+ <groupId>javax.servlet</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
<groupId>org.apache.hbase</groupId>
<artifactId>hbase-client</artifactId>
<version>${global_hbase_version}</version>
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-parsers/src/main/flux/bluecoat/remote.yaml
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/main/flux/bluecoat/remote.yaml b/metron-platform/metron-parsers/src/main/flux/bluecoat/remote.yaml
new file mode 100644
index 0000000..1f2cd14
--- /dev/null
+++ b/metron-platform/metron-parsers/src/main/flux/bluecoat/remote.yaml
@@ -0,0 +1,71 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "bluecoat"
+config:
+ topology.workers: 1
+
+components:
+ - id: "parser"
+ className: "org.apache.metron.parsers.bluecoat.BasicBluecoatParser"
+ - id: "writer"
+ className: "org.apache.metron.parsers.writer.KafkaWriter"
+ constructorArgs:
+ - "${kafka.broker}"
+ - id: "zkHosts"
+ className: "storm.kafka.ZkHosts"
+ constructorArgs:
+ - "${kafka.zk}"
+ - id: "kafkaConfig"
+ className: "storm.kafka.SpoutConfig"
+ constructorArgs:
+ # zookeeper hosts
+ - ref: "zkHosts"
+ # topic name
+ - "bluecoat"
+ # zk root
+ - ""
+ # id
+ - "bluecoat"
+ properties:
+ - name: "ignoreZkOffsets"
+ value: true
+ - name: "startOffsetTime"
+ value: -1
+ - name: "socketTimeoutMs"
+ value: 1000000
+
+spouts:
+ - id: "kafkaSpout"
+ className: "storm.kafka.KafkaSpout"
+ constructorArgs:
+ - ref: "kafkaConfig"
+
+bolts:
+ - id: "parserBolt"
+ className: "org.apache.metron.parsers.bolt.ParserBolt"
+ constructorArgs:
+ - "${kafka.zk}"
+ - "bluecoat"
+ - ref: "parser"
+ - ref: "writer"
+
+streams:
+ - name: "spout -> bolt"
+ from: "kafkaSpout"
+ to: "parserBolt"
+ grouping:
+ type: SHUFFLE
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-parsers/src/main/flux/bluecoat/test.yaml
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/main/flux/bluecoat/test.yaml b/metron-platform/metron-parsers/src/main/flux/bluecoat/test.yaml
new file mode 100644
index 0000000..f1016e6
--- /dev/null
+++ b/metron-platform/metron-parsers/src/main/flux/bluecoat/test.yaml
@@ -0,0 +1,72 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "bluecoat-test"
+config:
+ topology.workers: 1
+
+
+components:
+ - id: "parser"
+ className: "org.apache.metron.parsers.bluecoat.BasicBluecoatParser"
+ - id: "writer"
+ className: "org.apache.metron.parsers.writer.KafkaWriter"
+ constructorArgs:
+ - "${kafka.broker}"
+ - id: "zkHosts"
+ className: "storm.kafka.ZkHosts"
+ constructorArgs:
+ - "${kafka.zk}"
+ - id: "kafkaConfig"
+ className: "storm.kafka.SpoutConfig"
+ constructorArgs:
+ # zookeeper hosts
+ - ref: "zkHosts"
+ # topic name
+ - "bluecoat"
+ # zk root
+ - ""
+ # id
+ - "bluecoat"
+ properties:
+ - name: "ignoreZkOffsets"
+ value: true
+ - name: "startOffsetTime"
+ value: -2
+ - name: "socketTimeoutMs"
+ value: 1000000
+
+spouts:
+ - id: "kafkaSpout"
+ className: "storm.kafka.KafkaSpout"
+ constructorArgs:
+ - ref: "kafkaConfig"
+
+bolts:
+ - id: "parserBolt"
+ className: "org.apache.metron.parsers.bolt.ParserBolt"
+ constructorArgs:
+ - "${kafka.zk}"
+ - "bluecoat"
+ - ref: "parser"
+ - ref: "writer"
+
+streams:
+ - name: "spout -> bolt"
+ from: "kafkaSpout"
+ to: "parserBolt"
+ grouping:
+ type: SHUFFLE
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-parsers/src/main/flux/squid/remote.yaml
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/main/flux/squid/remote.yaml b/metron-platform/metron-parsers/src/main/flux/squid/remote.yaml
new file mode 100644
index 0000000..119f03e
--- /dev/null
+++ b/metron-platform/metron-parsers/src/main/flux/squid/remote.yaml
@@ -0,0 +1,78 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "squid"
+config:
+ topology.workers: 1
+
+components:
+ - id: "parser"
+ className: "org.apache.metron.parsers.GrokParser"
+ constructorArgs:
+ - "/apps/metron/patterns/squid"
+ - "SQUID_DELIMITED"
+ configMethods:
+ - name: "withTimestampField"
+ args:
+ - "timestamp"
+ - id: "writer"
+ className: "org.apache.metron.parsers.writer.KafkaWriter"
+ constructorArgs:
+ - "${kafka.broker}"
+ - id: "zkHosts"
+ className: "storm.kafka.ZkHosts"
+ constructorArgs:
+ - "${kafka.zk}"
+ - id: "kafkaConfig"
+ className: "storm.kafka.SpoutConfig"
+ constructorArgs:
+ # zookeeper hosts
+ - ref: "zkHosts"
+ # topic name
+ - "squid"
+ # zk root
+ - ""
+ # id
+ - "squid"
+ properties:
+ - name: "ignoreZkOffsets"
+ value: true
+ - name: "startOffsetTime"
+ value: -1
+ - name: "socketTimeoutMs"
+ value: 1000000
+
+spouts:
+ - id: "kafkaSpout"
+ className: "storm.kafka.KafkaSpout"
+ constructorArgs:
+ - ref: "kafkaConfig"
+
+bolts:
+ - id: "parserBolt"
+ className: "org.apache.metron.parsers.bolt.ParserBolt"
+ constructorArgs:
+ - "${kafka.zk}"
+ - "squid"
+ - ref: "parser"
+ - ref: "writer"
+
+streams:
+ - name: "spout -> bolt"
+ from: "kafkaSpout"
+ to: "parserBolt"
+ grouping:
+ type: SHUFFLE
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-parsers/src/main/flux/squid/test.yaml
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/main/flux/squid/test.yaml b/metron-platform/metron-parsers/src/main/flux/squid/test.yaml
new file mode 100644
index 0000000..77893d2
--- /dev/null
+++ b/metron-platform/metron-parsers/src/main/flux/squid/test.yaml
@@ -0,0 +1,78 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "squid"
+config:
+ topology.workers: 1
+
+components:
+ - id: "parser"
+ className: "org.apache.metron.parsers.GrokParser"
+ constructorArgs:
+ - "../metron-parsers/src/main/resources/patterns/squid"
+ - "SQUID_DELIMITED"
+ configMethods:
+ - name: "withTimestampField"
+ args:
+ - "timestamp"
+ - id: "writer"
+ className: "org.apache.metron.parsers.writer.KafkaWriter"
+ constructorArgs:
+ - "${kafka.broker}"
+ - id: "zkHosts"
+ className: "storm.kafka.ZkHosts"
+ constructorArgs:
+ - "${kafka.zk}"
+ - id: "kafkaConfig"
+ className: "storm.kafka.SpoutConfig"
+ constructorArgs:
+ # zookeeper hosts
+ - ref: "zkHosts"
+ # topic name
+ - "squid"
+ # zk root
+ - ""
+ # id
+ - "squid"
+ properties:
+ - name: "ignoreZkOffsets"
+ value: false
+ - name: "startOffsetTime"
+ value: -2
+ - name: "socketTimeoutMs"
+ value: 1000000
+
+spouts:
+ - id: "kafkaSpout"
+ className: "storm.kafka.KafkaSpout"
+ constructorArgs:
+ - ref: "kafkaConfig"
+
+bolts:
+ - id: "parserBolt"
+ className: "org.apache.metron.parsers.bolt.ParserBolt"
+ constructorArgs:
+ - "${kafka.zk}"
+ - "squid"
+ - ref: "parser"
+ - ref: "writer"
+
+streams:
+ - name: "spout -> bolt"
+ from: "kafkaSpout"
+ to: "parserBolt"
+ grouping:
+ type: SHUFFLE
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-parsers/src/main/flux/yaf/test.yaml
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/main/flux/yaf/test.yaml b/metron-platform/metron-parsers/src/main/flux/yaf/test.yaml
index 0f6031c..e2985b8 100644
--- a/metron-platform/metron-parsers/src/main/flux/yaf/test.yaml
+++ b/metron-platform/metron-parsers/src/main/flux/yaf/test.yaml
@@ -35,9 +35,6 @@ components:
- name: "withDateFormat"
args:
- "yyyy-MM-dd HH:mm:ss.S"
- - name: "withMetronHDFSHome"
- args:
- - ""
- id: "writer"
className: "org.apache.metron.parsers.writer.KafkaWriter"
constructorArgs: