[
https://issues.apache.org/jira/browse/METRON-159?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
James Sirota updated METRON-159:
--------------------------------
Assignee: Casey Stella
> Create a parser for Ironport
> -----------------------------
>
> Key: METRON-159
> URL: https://issues.apache.org/jira/browse/METRON-159
> Project: Metron
> Issue Type: New Feature
> Reporter: sagar gaikwad
> Assignee: Casey Stella
> Priority: Minor
> Labels: ParserExtension
> Original Estimate: 1m
> Remaining Estimate: 1m
>
> Create a Metron telemetry to parse Ironport data. Included below is raw data
> sample and expected parsed output.
> Raw data example 1:
> <22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID 33333333 DKIM:
> signing with abc_com - matches
> microsoftexchange333333eeeeeeeeee3333333333eee...@abc.com
> Parsed data o/p:
> {"original_string":"<22>May 05 10:41:27 infosec_OutboundMailLogs: Info: MID
> 360303162 DKIM: signing with abc_com - matches
> microsoftexchange333333eeeeeeeeee3333333333eee...@abc.com","level":"Info","source_type":"Ironport","source":"infosec_OutboundMailLogs","message":"MID
> 33333333 DKIM: signing with abc_com - matches
> microsoftexchange333333eeeeeeeeee3333333333eee...@abc.com","priority":"22","timestamp":1462459287000}
> Raw Data Example 2:
> <22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID 1111111111 close
> Parsed data o/p:
> {"original_string":"<22>May 05 10:41:56 infosec_InboundMailLogs: Info: ICID
> 1111111111
> close","level":"Info","source_type":"Ironport","source":"infosec_InboundMailLogs","message":"ICID
> 1111111111 close","priority":"22","timestamp":1462459316000}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
