Apache metron 0.4.1, git cloned. Not sure the version of Sourcefire.
Some logs are not being processed by Storm and the error message is "o.a.m.p.s.BasicSourcefireParser [WARN] Unable to find SID in message:". Do all Sourcefire log messages have to have the keyword "SID" in them, or the equivalent? If they dont, how do we get them processed anyway?
