Flex Connector Categorization and Severity mapping not working

Hi All,

I am developing a folder file reader Flex Connector. I have created the regex, did the mapping , created some sub messages.

So far I can see what I want despite few issues which can be sorted easily, However, when it comes to the categorization it does not seem to pick up or get what i have defined under in my categorization file and nothing show in the Arcsight Console UI.

--> Here is a sample of the log:

Tue Aug 18 12:51:48 2015.554 Std 22160 doesn't match with mode [zest], flag [1234].

Tue Aug 18 12:51:48 2015.705 Std 22122 Client 70 failed to get authorization. Name [tata], type [tata], user [jim], address [IP_Address]. Reason : Authentication failed, user name or password is incorrect

Tue Aug 18 12:51:48 2015.705 Std 23500 Device: Fail [88989], object [-0908], task [08937] assignment , user name or password is incorrect

ARCSIGHT_HOME/user/agent/acp/categorizer/current/<device_vendor>/<device_product>.csv 

--> Here is the content of my "device_product.csv":

event.deviceSeverity,set.event.categoryObject,set.event.categoryBehavior,set.event.categoryTechnique,set.event.categoryDeviceGroup,set.event.categorySignificance,set.event.categoryOutcome

22122,/Host/Application/Config,/Authentication/Verify,,/Application/Zeus,/Informational/Warning,/Failure

22160,/Host/Application/Config,/Communicate/Query,,/Application/Zeus,/Informational/Error,/Failure

23500,/Host/Application/Config,/Modify/Configuration,,/Application/Zeus,/Informational/Error,/Failure

7041,/Host/Application/Config,/Modify/Configuration,,/Application/Zeus,/Informational/Error,/Failure

ARCSIGHT_HOME\user\agent\flexagent\log.sdkrfilereader.properties 

--> Here is my Configuration File properties:

# FlexAgent Regex Configuration File

do.unparsed.events=true

comments.start.with=\#

start.at.line=29

trim.tokens=true

contains.empty.token=true

regex=(\\D \\S \\s \\d \\d\\d:\\d\\d:\\d\\d) (\\d .\\d ) Std\ (\\d ) (.*)

token.count=4

token[0].name=Timestamp

token[0].type=TimeStamp

token[0].format=EEE MMM dd HH:mm:ss

token[1].name= Toto

token[1].type=String

token[2].name=SubmessageIdToken

token[2].type=String

token[3].name=SubmessageToken

token[3].type=String

event.deviceReceiptTime=__useCurrentYear(Timestamp)

event.deviceVendor=__getVendor("mydevicevendor")

event.deviceProduct=__stringConstant(mydeviceproduct)

event.deviceCustomString1Label=__stringConstant("Event Description")

event.deviceCustomString1=Toto

event.message=SubmessageToken

event.deviceHostName=__stringConstant("MyDeviceTest")

event.deviceSeverity=SubmessageIdToken

severity.map.high.if.deviceSeverity=22122,23500

severity.map.medium.if.deviceSeverity=22160

severity.map.low.if.deviceSeverity=07041

Can someone tell me what I am doing wrong please? or what I am missing please?

Regards,

Max