[
https://issues.apache.org/jira/browse/METRON-1258?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ed de updated METRON-1258:
--------------------------
Description:
Sourcefire logs not being parsed due to "Unable to find SID in message"
log snippet:
2017-09-25 19:57:22.402 o.a.m.p.s.BasicSourcefireParser [WARN] Unable to find
SID in message:
Do all Sourcefire log messages have to have the keyword "SID" in them, or the
equivalent? If they dont, how do we get them processed anyway?
was:
Sourcefire logs not being parsed due to "Unable to find SID in message"
log snippet:
2017-09-25 19:57:22.402 o.a.m.p.s.BasicSourcefireParser [WARN] Unable to find
SID in message:
> Sourcefire logs not being parsed due to "Unable to find SID in message"
> ------------------------------------------------------------------------
>
> Key: METRON-1258
> URL: https://issues.apache.org/jira/browse/METRON-1258
> Project: Metron
> Issue Type: Bug
> Affects Versions: 0.4.1
> Environment: apache 0.4.1 git cloned
> Reporter: ed de
>
> Sourcefire logs not being parsed due to "Unable to find SID in message"
> log snippet:
> 2017-09-25 19:57:22.402 o.a.m.p.s.BasicSourcefireParser [WARN] Unable to find
> SID in message:
> Do all Sourcefire log messages have to have the keyword "SID" in them, or the
> equivalent? If they dont, how do we get them processed anyway?
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
