Archives of Support Questions (Read Only)

bharath_phatak · ‎07-27-2017

Hi All,

I am followed the steps mentioned in below link and setup SQUID topology. The logs are getting enriched and indexed and visible in Kibana.

Now i need to add BasicPaloAltoFirewallParser(Paloalto topology). Below is config json file.

{

"parserClassName":"org.apache.metron.parsers.paloalto.BasicPaloAltoFirewallParser",

"sensorTopic":"newPalto",

"parserConfig": { "timestampField": "timestamp" }

}

I dont see any errors, but the logs are not pushed into "enrichments" topic

Any help would be much appreciated.

Thanks

bharath_phatak · ‎08-03-2017

The issue was with logs which i was using. When i injected full logs from Paloalto firewall, the logs were being parsed, enriched and indexed.

Hopefully this will be helpfull for others.

Thanks,

Bharath

bharath_phatak · ‎08-03-2017

The issue was with logs which i was using. When i injected full logs from Paloalto firewall, the logs were being parsed, enriched and indexed.

Hopefully this will be helpfull for others.

Thanks,

Bharath

How to configure BasicPaloAltoFirewallParser/any java parser to Metron Topology