[ https://issues.apache.org/jira/browse/METRON-159?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Sirota updated METRON-159: -------------------------------- Labels: ParserExtension (was: ) > Create a parser for Ironport > ----------------------------- > > Key: METRON-159 > URL: https://issues.apache.org/jira/browse/METRON-159 > Project: Metron > Issue Type: New Feature > Reporter: sagar gaikwad > Priority: Minor > Labels: ParserExtension > Original Estimate: 1m > Remaining Estimate: 1m > > Create a Metron telemetry to parse Ironport data. Included below is raw data > sample and expected parsed output. > Raw data example 1: > <22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID 33333333 DKIM: > signing with abc_com - matches > microsoftexchange333333eeeeeeeeee3333333333eee...@abc.com > Parsed data o/p: > {"original_string":"<22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID > 360303162 DKIM: signing with abc_com - matches > microsoftexchange333333eeeeeeeeee3333333333eee...@abc.com","level":"Info","source_type":"Ironport","source":"infosec_OutboundMailLogs","message":"MID > 33333333 DKIM: signing with abc_com - matches > microsoftexchange333333eeeeeeeeee3333333333eee...@abc.com","priority":"22","timestamp":1462459287000} > Raw Data Example 2: > <22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID 1111111111 close > Parsed data o/p: > {"original_string":"<22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID > 1111111111 > close","level":"Info","source_type":"Ironport","source":"infosec_InboundMailLogs","message":"ICID > 1111111111 close","priority":"22","timestamp":1462459316000} -- This message was sent by Atlassian JIRA (v6.3.4#6332)