You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "sagar gaikwad (JIRA)" <ji...@apache.org> on 2016/05/16 16:20:12 UTC
[jira] [Commented] (METRON-159) Create a parser for Ironport
[ https://issues.apache.org/jira/browse/METRON-159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15284786#comment-15284786 ]
sagar gaikwad commented on METRON-159:
--------------------------------------
I will be working on this and expect to contribute something by next week.
Sagar Gaikwad
(Capital One)
> Create a parser for Ironport
> -----------------------------
>
> Key: METRON-159
> URL: https://issues.apache.org/jira/browse/METRON-159
> Project: Metron
> Issue Type: New Feature
> Reporter: sagar gaikwad
> Priority: Minor
> Original Estimate: 1m
> Remaining Estimate: 1m
>
> Create a Metron telemetry to parse Ironport data. Included below is raw data sample and expected parsed output.
> Raw data example 1:
> <22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID 33333333 DKIM: signing with abc_com - matches MicrosoftExchange333333eeeeeeeeee3333333333eeeeee@abc.com
> Parsed data o/p:
> {"original_string":"<22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID 360303162 DKIM: signing with abc_com - matches MicrosoftExchange333333eeeeeeeeee3333333333eeeeee@abc.com","level":"Info","source_type":"Ironport","source":"infosec_OutboundMailLogs","message":"MID 33333333 DKIM: signing with abc_com - matches MicrosoftExchange333333eeeeeeeeee3333333333eeeeee@abc.com","priority":"22","timestamp":1462459287000}
> Raw Data Example 2:
> <22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID 1111111111 close
> Parsed data o/p:
> {"original_string":"<22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID 1111111111 close","level":"Info","source_type":"Ironport","source":"infosec_InboundMailLogs","message":"ICID 1111111111 close","priority":"22","timestamp":1462459316000}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)