Hi Ali, There is a grok-based ASA parser included in the Metron code base that you can try out. If you find it's missing patterns or requires modifications, I'd be happy to work with you to improve on it.
You should be able to test it out by creating a new Kafka topic 'asa' and pointing your raw logs there. Let me know if you run into any issues. Thanks, Kyle On Mon, Mar 6, 2017 at 9:51 PM, Ali Nazemian <alinazem...@gmail.com> wrote: > Hi all, > > I am building a customized version of ASA parser using Grok statements. I > have prepared the Grok requirements so far. I am using the following manual > which has been provided for Grok squid parser > <https://cwiki.apache.org/confluence/display/METRON/Adding+a+New+Telemetry+Data+Source>. > I couldn't find anything else as an end-to-end manual for deploying a Grok > parser, and I have some trouble to map this manual with the Hortonworks > Cyber Security release. For example, I couldn't find the step-5 alternative > in Hortonworks one. I would be grateful if somebody can provide a link for > better and more up-to-date manual for deploying a Grok Parser in Meron 0.3. > > Regards, > Ali >
