ExtraProcessorSample.zip

1 Likes
over 11 years ago

This archive contains sample project that describes usage of extra processors.

Trying to describe one real life problem, I tried also to put some more light on extra processor technique, which is not very well documented in ArcSight's documentation. All needed sample project files can be found at this archive, as well as document that describe everything you should do to re-create the scenario described, so after reading it, you should be able to make your own projects that might use extraprocessors for similar cases.

Comment List
Anonymous
Parents
  • Hi Marcony,

    I am going through this sample project in my lab but i found that it is not working properly.

    There are some logs which are not parsed by the parser. It creates event in .csv with real timestamp (not from log file) and not a single field is populated for this event.

    I am using this method for different log format. However, in my case only first extraprocessor parser is considered by connector and whole file is parsed using that extraprocessor parser.

    Is there any change that we have to do in agent.properties file, so that this issue can be solved.

    Please give me proper solution ASAP!!!!!

Comment
  • Hi Marcony,

    I am going through this sample project in my lab but i found that it is not working properly.

    There are some logs which are not parsed by the parser. It creates event in .csv with real timestamp (not from log file) and not a single field is populated for this event.

    I am using this method for different log format. However, in my case only first extraprocessor parser is considered by connector and whole file is parsed using that extraprocessor parser.

    Is there any change that we have to do in agent.properties file, so that this issue can be solved.

    Please give me proper solution ASAP!!!!!

Children
No Data
Related Discussions
Recommended