You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@metron.apache.org by ed d <ra...@hotmail.com> on 2017/10/17 16:54:20 UTC

CEF parser only finding "Found %d groups"

Apache metron 0.4.1, git cloned.

Applied the CEF parser in the Management UI to ZScalar traffic.


I do see some traffic coming through, but most of the output in the storm log is "Found %d groups"


How do i verify that all the traffic is flowing through and the logs causing the "Found %d groups" message are not being dropped? And how do i correct that message, assuming its an error?

Re: CEF parser only finding "Found %d groups"

Posted by ed d <ra...@hotmail.com>.
https://issues.apache.org/jira/browse/METRON-1256




________________________________
From: Otto Fowler <ot...@gmail.com>
Sent: Tuesday, October 17, 2017 1:16 PM
To: dev@metron.apache.org; ed d
Subject: Re: CEF parser only finding "Found %d groups"

Would it be possible for you to create a jira, which included the ‘raw’ data ( anonymized )?
If this is a problem that we need to fix, it would be good to have a test case for the code etc
to prove it.



On October 17, 2017 at 13:00:42, ed d (ragdelaed@hotmail.com<ma...@hotmail.com>) wrote:

Forgot to add the snippet.


2017-09-26 18:02:49.974 o.a.m.p.c.CEFParser [INFO] Found %d groups





________________________________
From: ed d <ra...@hotmail.com>>
Sent: Tuesday, October 17, 2017 12:54 PM
To: dev@metron.apache.org<ma...@metron.apache.org>
Subject: CEF parser only finding "Found %d groups"

Apache metron 0.4.1, git cloned.

Applied the CEF parser in the Management UI to ZScalar traffic.


I do see some traffic coming through, but most of the output in the storm log is "Found %d groups"


How do i verify that all the traffic is flowing through and the logs causing the "Found %d groups" message are not being dropped? And how do i correct that message, assuming its an error?

Re: CEF parser only finding "Found %d groups"

Posted by Otto Fowler <ot...@gmail.com>.
Would it be possible for you to create a jira, which included the ‘raw’
data ( anonymized )?
If this is a problem that we need to fix, it would be good to have a test
case for the code etc
to prove it.


On October 17, 2017 at 13:00:42, ed d (ragdelaed@hotmail.com) wrote:

Forgot to add the snippet.


2017-09-26 18:02:49.974 o.a.m.p.c.CEFParser [INFO] Found %d groups





________________________________
From: ed d <ra...@hotmail.com>
Sent: Tuesday, October 17, 2017 12:54 PM
To: dev@metron.apache.org
Subject: CEF parser only finding "Found %d groups"

Apache metron 0.4.1, git cloned.

Applied the CEF parser in the Management UI to ZScalar traffic.


I do see some traffic coming through, but most of the output in the storm
log is "Found %d groups"


How do i verify that all the traffic is flowing through and the logs
causing the "Found %d groups" message are not being dropped? And how do i
correct that message, assuming its an error?

Re: CEF parser only finding "Found %d groups"

Posted by ed d <ra...@hotmail.com>.
Forgot to add the snippet.


2017-09-26 18:02:49.974 o.a.m.p.c.CEFParser [INFO] Found %d groups





________________________________
From: ed d <ra...@hotmail.com>
Sent: Tuesday, October 17, 2017 12:54 PM
To: dev@metron.apache.org
Subject: CEF parser only finding "Found %d groups"

Apache metron 0.4.1, git cloned.

Applied the CEF parser in the Management UI to ZScalar traffic.


I do see some traffic coming through, but most of the output in the storm log is "Found %d groups"


How do i verify that all the traffic is flowing through and the logs causing the "Found %d groups" message are not being dropped? And how do i correct that message, assuming its an error?