Actually, It was a mismatching pattern with the CEF device, and Simon is working on that.
https://github.com/apache/incubator-metron/pull/519 On Sat, Apr 8, 2017 at 4:26 PM, Ali Nazemian <alinazem...@gmail.com> wrote: > Hi James, > > No, it doesn't give me any detail. It just shows some objects in error > topic. > > Cheers, > Ali > > On Sat, Apr 8, 2017 at 2:12 AM, James Sirota <jsir...@apache.org> wrote: > >> This means that the messages are either failing to parse or failing to >> validate. So they are being sent to error topics instead. When you tail >> these topics do you see any error messages attached to messages that failed >> to parse or validate? >> >> >> 06.04.2017, 22:33, "Ali Nazemian" <alinazem...@gmail.com>: >> >> Hi all, >> >> I have trouble with the new CEF parser which has been added to Metron. I >> am trying to use that for a CEF Paloalto device. It seems messages pass the >> parsing step and I cannot see any error in Storm topology. I have checked >> all of the logs related to Parsing nothing there. I have even changed the >> log level to debug it seems normal. I couldn't find any issue which has >> been presented in logs! I can see lots of messages comes to >> "enrichments_error", "parser_error" and "parser_invalid" topics, but It >> seems the storm enrichment topology doesn't process the CEF messages at >> all. I am not sure where I can check to find any suspicious error. As far >> as I understand, there is an issue with the CEF lineage which it seems to >> be related to Parsing. >> >> Cheers, >> Ali >> >> >> >> ------------------- >> Thank you, >> >> James Sirota >> PPMC- Apache Metron (Incubating) >> jsirota AT apache DOT org >> >> > > > -- > A.Nazemian > -- A.Nazemian
