Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How to configure BasicPaloAltoFirewallParser/any java parser to Metron Topology

avatar

Hi All,

I am followed the steps mentioned in below link and setup SQUID topology. The logs are getting enriched and indexed and visible in Kibana.

Now i need to add BasicPaloAltoFirewallParser(Paloalto topology). Below is config json file.

{

"parserClassName":"org.apache.metron.parsers.paloalto.BasicPaloAltoFirewallParser",

"sensorTopic":"newPalto",

"parserConfig": { "timestampField": "timestamp" }

}

I dont see any errors, but the logs are not pushed into "enrichments" topic

Any help would be much appreciated.

Thanks

1 ACCEPTED SOLUTION

avatar

The issue was with logs which i was using. When i injected full logs from Paloalto firewall, the logs were being parsed, enriched and indexed.

Hopefully this will be helpfull for others.

Thanks,

Bharath

View solution in original post

1 REPLY 1

avatar

The issue was with logs which i was using. When i injected full logs from Paloalto firewall, the logs were being parsed, enriched and indexed.

Hopefully this will be helpfull for others.

Thanks,

Bharath