You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have recently tried the other outputter formats apart from "CEF" as follows, but the connector is unable to convert the logs to the respective formats.
Hi,
I have recently tried the other outputter formats apart from "CEF" as follows, but the connector is unable to convert the logs to the respective formats.
estreamer.conf
"outputters": [
{
"adapter": "cef",
"enabled": true,
"name": "CEF",
"stream": {
"uri": "udp://X.X.X.X:514"
}
},
{
"adapter": "splunk",
"enabled": true,
"name": "Splunk",
"stream": {
"uri": "udp://Y.Y.Y.Y:514"
}
}
],
Here is the syslog output
11:32:08.480955 IP (tos 0x0, ttl 64, id 44150, offset 0, flags [+], proto UDP (17), length 1500)
hostname.42292 > Y.Y.Y.Y.syslog: [|syslog]
11:32:08.480962 IP (tos 0x0, ttl 64, id 44150, offset 1480, flags [+], proto UDP (17), length 1500)
hostname > Y.Y.Y.Y: udp
11:32:08.480963 IP (tos 0x0, ttl 64, id 44150, offset 2960, flags [+], proto UDP (17), length 1500)
hostname > Y.Y.Y.Y: udp
11:32:08.480964 IP (tos 0x0, ttl 64, id 44150, offset 4440, flags [none], proto UDP (17), length 75)
hostname > Y.Y.Y.Y: udp
11:32:08.481012 IP (tos 0x0, ttl 64, id 44151, offset 0, flags [+], proto UDP (17), length 1500)
hostname.42292 > Y.Y.Y.Y.syslog: [|syslog]
11:32:08.481013 IP (tos 0x0, ttl 64, id 44151, offset 1480, flags [+], proto UDP (17), length 1500)
hostname > Y.Y.Y.Y: udp
11:32:08.481014 IP (tos 0x0, ttl 64, id 44151, offset 2960, flags [+], proto UDP (17), length 1500)
hostname > Y.Y.Y.Y: udp
11:32:08.481015 IP (tos 0x0, ttl 64, id 44151, offset 4440, flags [none], proto UDP (17), length 71)
hostname > Y.Y.Y.Y: udp
11:32:08.481074 IP (tos 0x0, ttl 64, id 44152, offset 0, flags [+], proto UDP (17), length 1500)
hostname.42292 > Y.Y.Y.Y.syslog: [|syslog]
11:32:08.481076 IP (tos 0x0, ttl 64, id 44152, offset 1480, flags [+], proto UDP (17), length 1500)
hostname > Y.Y.Y.Y: udp
11:32:08.481077 IP (tos 0x0, ttl 64, id 44152, offset 2960, flags [+], proto UDP (17), length 1500)
hostname > Y.Y.Y.Y: udp
11:32:08.481078 IP (tos 0x0, ttl 64, id 44152, offset 4440, flags [none], proto UDP (17), length 64)
hostname > Y.Y.Y.Y: udp
11:32:08.481129 IP (tos 0x0, ttl 64, id 44153, offset 0, flags [+], proto UDP (17), length 1500)
hostname.42292 > Y.Y.Y.Y.syslog: [|syslog]
11:32:08.481142 IP (tos 0x0, ttl 64, id 44153, offset 1480, flags [+], proto UDP (17), length 1500)
Moreover, there is a continuous WARNING logging in the estreamer.log as well. But this is not related to the above issue as I observed.
Below is a sample log.
2021-04-09 11:50:22,016 estreamer.pipeline WARNING ParsingException: Invalid block length (6). RecordType=95, Field=data
2021-04-09 11:50:22,016 estreamer.pipeline WARNING Additional data: --BASE64 String--
2021-04-09 11:50:22,016 estreamer.pipeline WARNING ParsingException: Invalid block length (6). RecordType=95, Field=data
2021-04-09 11:50:22,016 estreamer.pipeline WARNING Additional data: --BASE64 String--
2021-04-09 11:50:22,067 estreamer.pipeline WARNING ParsingException: Invalid block length (0). RecordType=95, Field=data
2021-04-09 11:50:22,067 estreamer.pipeline WARNING Additional data: --BASE64 String--
The text was updated successfully, but these errors were encountered: