You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "James Sirota (JIRA)" <ji...@apache.org> on 2016/06/02 05:34:59 UTC
[jira] [Updated] (METRON-159) Create a parser for Ironport
[ https://issues.apache.org/jira/browse/METRON-159?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Sirota updated METRON-159:
--------------------------------
Labels: ParserExtension (was: )
> Create a parser for Ironport
> -----------------------------
>
> Key: METRON-159
> URL: https://issues.apache.org/jira/browse/METRON-159
> Project: Metron
> Issue Type: New Feature
> Reporter: sagar gaikwad
> Priority: Minor
> Labels: ParserExtension
> Original Estimate: 1m
> Remaining Estimate: 1m
>
> Create a Metron telemetry to parse Ironport data. Included below is raw data sample and expected parsed output.
> Raw data example 1:
> <22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID 33333333 DKIM: signing with abc_com - matches MicrosoftExchange333333eeeeeeeeee3333333333eeeeee@abc.com
> Parsed data o/p:
> {"original_string":"<22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID 360303162 DKIM: signing with abc_com - matches MicrosoftExchange333333eeeeeeeeee3333333333eeeeee@abc.com","level":"Info","source_type":"Ironport","source":"infosec_OutboundMailLogs","message":"MID 33333333 DKIM: signing with abc_com - matches MicrosoftExchange333333eeeeeeeeee3333333333eeeeee@abc.com","priority":"22","timestamp":1462459287000}
> Raw Data Example 2:
> <22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID 1111111111 close
> Parsed data o/p:
> {"original_string":"<22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID 1111111111 close","level":"Info","source_type":"Ironport","source":"infosec_InboundMailLogs","message":"ICID 1111111111 close","priority":"22","timestamp":1462459316000}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)