Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
trustpipe Absent Member.
Absent Member.

Problem (?) displaying CEF-formatted alerts via TCP in Logger

We recently added some payload data to the event alerts from our product. The alerts are larger than UDP can handle so these are being sent by TCP. The alerts show up in Logger but I cannot figure out how to get the Logger to parse correctly. The RAW data shows that all the alert is making it into Logger with all the expected fields and I have added our specific fields as "Custom" fields but nothing will display in those columns when the alert comes in.  This is what the raw packet looks like in Logger:

This is what it looks like in context with our UDP alerts:

In the above capture, the Interface Reset and Heartbeat deviceActions are diagnostic and sent via UDP. No data would be in the the columns that are empty. The Blocked Actions should show all of the columns at the top (and shows in the RAW file).

I have tried this on both a local copy of Logger and an AWS Marketplace instance and have exactly the same result. Any ideas what I can do to fix this?

Labels (3)
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.