[jira] [Commented] (NIFI-2341) Create a processor to parse logs formated using CEF

Tue, 27 Sep 2016 07:49:09 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-2341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15526362#comment-15526362
 ] 

ASF GitHub Bot commented on NIFI-2341:
--------------------------------------

Github user mattyb149 commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/785#discussion_r80709952
  
    --- Diff: 
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml ---
    @@ -254,6 +254,17 @@ language governing permissions and limitations under 
the License. -->
                 <artifactId>org.everit.json.schema</artifactId>
                 <version>1.4.0</version>
             </dependency>
    +        <dependency>
    +            <groupId>com.fluenda</groupId>
    +            <artifactId>ParCEFone</artifactId>
    --- End diff --
    
    Sorry to be overly picky. This library uses javax.el-api which is licensed 
under CDDL 1.1, and its NOTICE has been copied to the NiFi overall NOTICE and 
the assembly's NOTICE. However it is not in the standard-nar's notice 
(nifi/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-nar/src/main/resources/META-INF/NOTICE).
 This should have already been included here since the Jolt UI uses it, but 
since it has not been included, do you mind adding it? Just need to add the 
following line to the CDDL 1.1 section of the aforementioned file:
    
    (CDDL 1.1) (GPL2 w/ CPE) Expression Language 2.2.4 API  
(javax.el:javax.el-api:jar:2.2.4 - http://uel-spec.java.net)
    
    Note that the Jolt UI uses el-api version 3.0.0 but your library is using 
2.2.4. This will cause two different versions (in two different areas once 
unpacked, so no eviction or other issues), but as a NAR we would want either 
two entries (one for each version), or perhaps consider upgrading your library 
to use 3.0.0.
        



> Create a processor to parse logs formated using CEF
> ---------------------------------------------------
>
>                 Key: NIFI-2341
>                 URL: https://issues.apache.org/jira/browse/NIFI-2341
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Andre
>            Assignee: Andre
>             Fix For: 1.1.0
>
>
> As NiFi continue to increase its abilities to complement SIEM, Splunk and ELK 
> deployments, a number of users will be looking to parse CEF formatted 
> logs[1][2].
> CEF is a format specified by Arcsight (now part of HPE) and is described in 
> detail in here:
> https://www.protect724.hpe.com/docs/DOC-1072
> [1] 
> http://apache-nifi.1125220.n5.nabble.com/Suggestion-of-processors-td9795.html
> [2] 
> https://community.hortonworks.com/questions/43185/which-processor-is-used-to-parse-cef-format-logs.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to