[jira] [Updated] (METRON-1258) BasicSourcefireParser issue - Sourcefire logs not being parsed due to "Unable to find SID in message"

ed de (JIRA) Tue, 17 Oct 2017 10:36:24 -0700

     [ 
https://issues.apache.org/jira/browse/METRON-1258?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


ed de updated METRON-1258:
--------------------------
    Summary: BasicSourcefireParser  issue - Sourcefire logs not being parsed 
due to "Unable to find SID in message"   (was: Sourcefire logs not being parsed 
due to "Unable to find SID in message" )

> BasicSourcefireParser  issue - Sourcefire logs not being parsed due to 
> "Unable to find SID in message" 
> -------------------------------------------------------------------------------------------------------
>
>                 Key: METRON-1258
>                 URL: https://issues.apache.org/jira/browse/METRON-1258
>             Project: Metron
>          Issue Type: Bug
>    Affects Versions: 0.4.1
>         Environment: apache 0.4.1 git cloned
>            Reporter: ed de
>
> Sourcefire logs not being parsed due to "Unable to find SID in message"
> log snippet:
> 2017-09-25 19:57:22.402 o.a.m.p.s.BasicSourcefireParser [WARN] Unable to find 
> SID in message:
> Do all Sourcefire log messages have to have the keyword "SID" in them, or the 
> equivalent? If they dont, how do we get them processed anyway?



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (METRON-1258) BasicSourcefireParser issue - Sourcefire logs not being parsed due to "Unable to find SID in message"

Reply via email to