[jira] [Commented] (METRON-769) Cisco ASA parser doesn't include syslog wrapper fields

Thu, 16 Mar 2017 11:27:22 -0700 

    [ 
https://issues.apache.org/jira/browse/METRON-769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15928588#comment-15928588
 ] 

ASF GitHub Bot commented on METRON-769:
---------------------------------------

Github user mmiklavc commented on the issue:

    https://github.com/apache/incubator-metron/pull/479
  
    @simonellistonball Looks like the AsaIntegrationTest needs a touch-up. It's 
complaining about syslog_host and syslog_prog. This is the result when I run 
locally:
    ```
    expected: {"original_string":"<167>Jan  5 08:52:35 10.22.8.216 
%ASA-7-609001: Built local-host 
inside:10.22.8.205","ciscotag":"ASA-7-609001","syslog_facility":"local4","syslog_severity":"debug","timestamp":1451983955000,"source.type":"asa"}
    actual: {"syslog_host":"10.22.8.216","original_string":"<167>Jan  5 
08:52:35 10.22.8.216 %ASA-7-609001: Built local-host 
inside:10.22.8.205","ciscotag":"ASA-7-609001","syslog_facility":"local4","syslog_prog":null,"syslog_severity":"debug","timestamp":1483606355000,"source.type":"asa"}
    ```


> Cisco ASA parser doesn't include syslog wrapper fields
> ------------------------------------------------------
>
>                 Key: METRON-769
>                 URL: https://issues.apache.org/jira/browse/METRON-769
>             Project: Metron
>          Issue Type: Bug
>    Affects Versions: 0.3.0
>            Reporter: Simon Elliston Ball
>            Priority: Minor
>
> The ASA parser does not allow the use of syslog app header (found in the wild 
> on some boxes). It also doesn't forward all syslog fields to the final object 
> (just the priority derived ones and timestamp).



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to