Hi all, I have trouble with the new CEF parser which has been added to Metron. I am trying to use that for a CEF Paloalto device. It seems messages pass the parsing step and I cannot see any error in Storm topology. I have checked all of the logs related to Parsing nothing there. I have even changed the log level to debug it seems normal. I couldn't find any issue which has been presented in logs! I can see lots of messages comes to "enrichments_error", "parser_error" and "parser_invalid" topics, but It seems the storm enrichment topology doesn't process the CEF messages at all. I am not sure where I can check to find any suspicious error. As far as I understand, there is an issue with the CEF lineage which it seems to be related to Parsing.
Cheers, Ali
