Hi,
This profiler is really inconsistent, i’m going crazy right now.
I’ve made a further investigation and this is really bugging my mind:
1. I’m not expecting to receive15 hours old messages. In fact I’m the one
who’s picking the messages from the current time and sending them to Kafka, for
instance, let’s say it’s 15h33 GMT, I would pick a message like this one:
“<182>Jan 28 2020 15:33:14 ######### : %ASA-6-305011: Built dynamic TCP
translation from ###########/48678 to ############/48678” and send it to Kafka.
2. These messages are successfully parsed because I can find them in the
“enrichments” topic in Kafka. And the messages have the right “timestamp” field
when parsed. So the problem is not in the messages themselves. (The syslog
timestamp is the value of the timestamp).
3. The results of the Profile Client are really off.
I ran a test:
· I sent 4 messages at 14h18; and 5 messages at 14h25; All the messages
have the same syslog severity.
If my profiler runs every 15 minutes than the range of 14h15 to 14h30 the
result must be 9:
{period.start=1580220900000, period=1755801,
profile=ClientA_syslog_severety_count, period.end=1580221800000, groups=[],
value=9, entity=info}
Surprisingly it’s right. Than I ran a second test:
· I sent 4 messages at 14h41; and 3 messages at 14h48; all the messages
have the same syslog severity.
With that said the result must be 7. Here’s the result:
{period.start=1580221800000, period=1755802,
profile=ClientA_syslog_severety_count, period.end=1580222700000, groups=[],
value=9, entity=info}
I ran a third test:
· Sent 3 messages at 15h51.
The profiler returned none:
{period.start=1580226300000, period=1755807,
profile=ClientA_syslog_severety_count, period.end=1580227200000, groups=[],
value=0, entity=info}
I checked the Kafka topics to make sure there weren’t more messages than it was
supposed to. Everything is consistent except the profiler. I’m about to nuke
myself.
Thanks
