Re: streaming rsyslog metron using asa parser
Please look at this recent explanation: http://mail-archives.apache.org/mod_mbox/metron-user/201912.mbox/%3ccamccojq8qwnomevvyih_xwq_c8hgbvbvhynzr6hqcvez4mr...@mail.gmail.com%3e On December 27, 2019 at 00:33:31, updates on tube (abrahamfik...@gmail.com) wrote: On 2019/12/26 14:19:09, Otto Fowler wrote: > You are saying different things that are confusing me. > You seemed to be saying that you couldn’t parse, but now you are saying you > can parse, and see things in kibana but they are not in the alert ui? > yes based on what you suggest me before, i can push sample log from ( https://github.com/apache/metron/blob/master/metron-platform/metron-integration-test/src/main/sample/data/asa/raw/asa_raw) and to kafka topic and storm parsed it and i see it in kibana ui; but can't see it on the metron alart ui that is the problem. parsing is going well.. > > On December 25, 2019 at 10:47:54, updates on tube (abrahamfik...@gmail.com) > wrote: > > On 2019/12/23 11:25:45, Otto Fowler wrote: > > That doesn’t look like ASA data. > > > https://github.com/apache/metron/blob/master/metron-platform/metron-integration-test/src/main/sample/data/asa/raw/asa_raw > > > > Are you trying to do regular syslog, or ASA. > > > > > > > > > > On December 23, 2019 at 01:57:38, updates on tube ( abrahamfik...@gmail.com) > > > wrote: > > > > i was trying to stream rsyslog log data to apache metron using asa > parser. > > the log look like down below > > > > 2019-12-20T07:06:41-05:00 ab TESTING: Fri 20 Dec 2019 07:06:41 AM EST > > the log 2019-12-20T07:06:41-05:00 ab rsyslogd: action > > 'action-13-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.1911.0 try > > https://www.rsyslog.com/e/2359 ] > > 2019-12-20T07:08:04-05:00 ab TESTING: Fri 20 Dec 2019 07:08:04 AM EST > > 2019-12-20T07:08:05-05:00 ab TESTING: Fri 20 Dec 2019 07:08:05 AM EST > > 2019-12-20T07:08:06-05:00 ab TESTING: Fri 20 Dec 2019 07:08:06 AM EST > > 2019-12-20T07:08:06-05:00 ab TESTING: Fri 20 Dec 2019 07:08:06 AM EST > > 2019-12-20T07:08:08-05:00 ab TESTING: Fri 20 Dec 2019 07:08:08 AM EST > > 2019-12-20T07:08:08-05:00 ab TESTING: Fri 20 Dec 2019 07:08:08 AM EST > > 2019-12-20T07:08:09-05:00 ab TESTING: Fri 20 Dec 2019 07:08:09 AM EST > > 2019-12-20T07:08:09-05:00 ab TESTING: Fri 20 Dec 2019 07:08:09 AM EST > > 2019-12-20T07:09:01-05:00 ab CRON[3174]: pam_unix(cron:session): session > > opened for user root by (uid=0) > > 2019-12-20T07:09:01-05:00 ab CRON[3175]: (root) CMD ( [ -x > > /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then > > /usr/lib/php/sessionclean; fi) > > 2019-12-20T07:09:01-05:00 ab CRON[3174]: pam_unix(cron:session): session > > closed for user root > > 2019-12-20T07:09:01-05:00 ab systemd[1]: Starting Clean php session > > files... > > 2019-12-20T07:09:01-05:00 ab systemd[1]: phpsessionclean.service: > > Succeeded. > > 2019-12-20T07:09:01-05:00 ab systemd[1]: Started Clean php session files. > > 2019-12-20T07:10:04-05:00 ab TESTING: Fri 20 Dec 2019 07:10:04 AM EST > > 2019-12-20T07:10:05-05:00 ab TESTING: Fri 20 Dec 2019 07:10:05 AM EST > > 2019-12-20T07:10:05-05:00 ab TESTING: Fri 20 Dec 2019 07:10:05 AM EST > > 2019-12-20T07:10:06-05:00 ab TESTING: Fri 20 Dec 2019 07:10:06 AM EST > > 2019-12-20T07:10:07-05:00 ab TESTING: Fri 20 Dec 2019 07:10:07 AM EST > > 2019-12-20T07:10:07-05:00 ab TESTING: Fri 20 Dec 2019 07:10:07 AM EST > > 2019-12-20T07:10:08-05:00 ab TESTING: Fri 20 Dec 2019 07:10:08 AM EST > > 2019-12-20T07:10:08-05:00 ab TESTING: Fri 20 Dec 2019 07:10:08 AM EST > > 2019-12-20T07:10:09-05:00 ab TESTING: Fri 20 Dec 2019 07:10:09 AM EST > > 2019-12-20T07:10:09-05:00 ab TESTING: Fri 20 Dec 2019 07:10:09 AM EST > > 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST > > 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST > > 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST > > 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST > > 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST > > 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST > > 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST > > 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST > > 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST > > 2019-12-20T07:10:13-05:00 ab TESTING: Fri 20 Dec 2019 07:10:13 AM EST > > 2019-12-20T07:10:13-05:00 ab TESTING: Fri 20 Dec 2019 07:10:13 AM EST > > 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST > > 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST > > 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST > > 2019-12-20T07:10:15-05:00 ab systemd[1]: Stopping System Logging > Service... > > 2019-12-20T07:10:15-05:00 ab rsyslogd: [origin software="rsyslogd" > > swVersion="8.1911.0" x-pid="3071" x-info="https://www.rsyslog.com;] > exiting > > on signal 15. > > 2019-12-20T07:10:15-05:00 ab
Re: streaming rsyslog metron using asa parser
On 2019/12/26 14:19:09, Otto Fowler wrote: > You are saying different things that are confusing me. > You seemed to be saying that you couldn’t parse, but now you are saying you > can parse, and see things in kibana but they are not in the alert ui? > yes based on what you suggest me before, i can push sample log from > (https://github.com/apache/metron/blob/master/metron-platform/metron-integration-test/src/main/sample/data/asa/raw/asa_raw) > and to kafka topic and storm parsed it and i see it in kibana ui; but can't > see it on the metron alart ui that is the problem. parsing is going well.. > > On December 25, 2019 at 10:47:54, updates on tube (abrahamfik...@gmail.com) > wrote: > > On 2019/12/23 11:25:45, Otto Fowler wrote: > > That doesn’t look like ASA data. > > > https://github.com/apache/metron/blob/master/metron-platform/metron-integration-test/src/main/sample/data/asa/raw/asa_raw > > > > Are you trying to do regular syslog, or ASA. > > > > > > > > > > On December 23, 2019 at 01:57:38, updates on tube (abrahamfik...@gmail.com) > > > wrote: > > > > i was trying to stream rsyslog log data to apache metron using asa > parser. > > the log look like down below > > > > 2019-12-20T07:06:41-05:00 ab TESTING: Fri 20 Dec 2019 07:06:41 AM EST > > the log 2019-12-20T07:06:41-05:00 ab rsyslogd: action > > 'action-13-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.1911.0 try > > https://www.rsyslog.com/e/2359 ] > > 2019-12-20T07:08:04-05:00 ab TESTING: Fri 20 Dec 2019 07:08:04 AM EST > > 2019-12-20T07:08:05-05:00 ab TESTING: Fri 20 Dec 2019 07:08:05 AM EST > > 2019-12-20T07:08:06-05:00 ab TESTING: Fri 20 Dec 2019 07:08:06 AM EST > > 2019-12-20T07:08:06-05:00 ab TESTING: Fri 20 Dec 2019 07:08:06 AM EST > > 2019-12-20T07:08:08-05:00 ab TESTING: Fri 20 Dec 2019 07:08:08 AM EST > > 2019-12-20T07:08:08-05:00 ab TESTING: Fri 20 Dec 2019 07:08:08 AM EST > > 2019-12-20T07:08:09-05:00 ab TESTING: Fri 20 Dec 2019 07:08:09 AM EST > > 2019-12-20T07:08:09-05:00 ab TESTING: Fri 20 Dec 2019 07:08:09 AM EST > > 2019-12-20T07:09:01-05:00 ab CRON[3174]: pam_unix(cron:session): session > > opened for user root by (uid=0) > > 2019-12-20T07:09:01-05:00 ab CRON[3175]: (root) CMD ( [ -x > > /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then > > /usr/lib/php/sessionclean; fi) > > 2019-12-20T07:09:01-05:00 ab CRON[3174]: pam_unix(cron:session): session > > closed for user root > > 2019-12-20T07:09:01-05:00 ab systemd[1]: Starting Clean php session > > files... > > 2019-12-20T07:09:01-05:00 ab systemd[1]: phpsessionclean.service: > > Succeeded. > > 2019-12-20T07:09:01-05:00 ab systemd[1]: Started Clean php session files. > > 2019-12-20T07:10:04-05:00 ab TESTING: Fri 20 Dec 2019 07:10:04 AM EST > > 2019-12-20T07:10:05-05:00 ab TESTING: Fri 20 Dec 2019 07:10:05 AM EST > > 2019-12-20T07:10:05-05:00 ab TESTING: Fri 20 Dec 2019 07:10:05 AM EST > > 2019-12-20T07:10:06-05:00 ab TESTING: Fri 20 Dec 2019 07:10:06 AM EST > > 2019-12-20T07:10:07-05:00 ab TESTING: Fri 20 Dec 2019 07:10:07 AM EST > > 2019-12-20T07:10:07-05:00 ab TESTING: Fri 20 Dec 2019 07:10:07 AM EST > > 2019-12-20T07:10:08-05:00 ab TESTING: Fri 20 Dec 2019 07:10:08 AM EST > > 2019-12-20T07:10:08-05:00 ab TESTING: Fri 20 Dec 2019 07:10:08 AM EST > > 2019-12-20T07:10:09-05:00 ab TESTING: Fri 20 Dec 2019 07:10:09 AM EST > > 2019-12-20T07:10:09-05:00 ab TESTING: Fri 20 Dec 2019 07:10:09 AM EST > > 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST > > 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST > > 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST > > 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST > > 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST > > 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST > > 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST > > 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST > > 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST > > 2019-12-20T07:10:13-05:00 ab TESTING: Fri 20 Dec 2019 07:10:13 AM EST > > 2019-12-20T07:10:13-05:00 ab TESTING: Fri 20 Dec 2019 07:10:13 AM EST > > 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST > > 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST > > 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST > > 2019-12-20T07:10:15-05:00 ab systemd[1]: Stopping System Logging > Service... > > 2019-12-20T07:10:15-05:00 ab rsyslogd: [origin software="rsyslogd" > > swVersion="8.1911.0" x-pid="3071" x-info="https://www.rsyslog.com;] > exiting > > on signal 15. > > 2019-12-20T07:10:15-05:00 ab systemd[1]: rsyslog.service: Succeeded. > > 2019-12-20T07:10:15-05:00 ab systemd[1]: Stopped System Logging Service. > > 2019-12-20T07:10:15-05:00 ab systemd[1]: Starting System Logging > Service... > > 2019-12-20T07:10:15-05:00 ab rsyslogd: imuxsock: Acquired
Re: streaming rsyslog metron using asa parser
You are saying different things that are confusing me. You seemed to be saying that you couldn’t parse, but now you are saying you can parse, and see things in kibana but they are not in the alert ui? On December 25, 2019 at 10:47:54, updates on tube (abrahamfik...@gmail.com) wrote: On 2019/12/23 11:25:45, Otto Fowler wrote: > That doesn’t look like ASA data. > https://github.com/apache/metron/blob/master/metron-platform/metron-integration-test/src/main/sample/data/asa/raw/asa_raw > > Are you trying to do regular syslog, or ASA. > > > > > On December 23, 2019 at 01:57:38, updates on tube (abrahamfik...@gmail.com) > wrote: > > i was trying to stream rsyslog log data to apache metron using asa parser. > the log look like down below > > 2019-12-20T07:06:41-05:00 ab TESTING: Fri 20 Dec 2019 07:06:41 AM EST > the log 2019-12-20T07:06:41-05:00 ab rsyslogd: action > 'action-13-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.1911.0 try > https://www.rsyslog.com/e/2359 ] > 2019-12-20T07:08:04-05:00 ab TESTING: Fri 20 Dec 2019 07:08:04 AM EST > 2019-12-20T07:08:05-05:00 ab TESTING: Fri 20 Dec 2019 07:08:05 AM EST > 2019-12-20T07:08:06-05:00 ab TESTING: Fri 20 Dec 2019 07:08:06 AM EST > 2019-12-20T07:08:06-05:00 ab TESTING: Fri 20 Dec 2019 07:08:06 AM EST > 2019-12-20T07:08:08-05:00 ab TESTING: Fri 20 Dec 2019 07:08:08 AM EST > 2019-12-20T07:08:08-05:00 ab TESTING: Fri 20 Dec 2019 07:08:08 AM EST > 2019-12-20T07:08:09-05:00 ab TESTING: Fri 20 Dec 2019 07:08:09 AM EST > 2019-12-20T07:08:09-05:00 ab TESTING: Fri 20 Dec 2019 07:08:09 AM EST > 2019-12-20T07:09:01-05:00 ab CRON[3174]: pam_unix(cron:session): session > opened for user root by (uid=0) > 2019-12-20T07:09:01-05:00 ab CRON[3175]: (root) CMD ( [ -x > /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then > /usr/lib/php/sessionclean; fi) > 2019-12-20T07:09:01-05:00 ab CRON[3174]: pam_unix(cron:session): session > closed for user root > 2019-12-20T07:09:01-05:00 ab systemd[1]: Starting Clean php session > files... > 2019-12-20T07:09:01-05:00 ab systemd[1]: phpsessionclean.service: > Succeeded. > 2019-12-20T07:09:01-05:00 ab systemd[1]: Started Clean php session files. > 2019-12-20T07:10:04-05:00 ab TESTING: Fri 20 Dec 2019 07:10:04 AM EST > 2019-12-20T07:10:05-05:00 ab TESTING: Fri 20 Dec 2019 07:10:05 AM EST > 2019-12-20T07:10:05-05:00 ab TESTING: Fri 20 Dec 2019 07:10:05 AM EST > 2019-12-20T07:10:06-05:00 ab TESTING: Fri 20 Dec 2019 07:10:06 AM EST > 2019-12-20T07:10:07-05:00 ab TESTING: Fri 20 Dec 2019 07:10:07 AM EST > 2019-12-20T07:10:07-05:00 ab TESTING: Fri 20 Dec 2019 07:10:07 AM EST > 2019-12-20T07:10:08-05:00 ab TESTING: Fri 20 Dec 2019 07:10:08 AM EST > 2019-12-20T07:10:08-05:00 ab TESTING: Fri 20 Dec 2019 07:10:08 AM EST > 2019-12-20T07:10:09-05:00 ab TESTING: Fri 20 Dec 2019 07:10:09 AM EST > 2019-12-20T07:10:09-05:00 ab TESTING: Fri 20 Dec 2019 07:10:09 AM EST > 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST > 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST > 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST > 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST > 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST > 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST > 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST > 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST > 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST > 2019-12-20T07:10:13-05:00 ab TESTING: Fri 20 Dec 2019 07:10:13 AM EST > 2019-12-20T07:10:13-05:00 ab TESTING: Fri 20 Dec 2019 07:10:13 AM EST > 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST > 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST > 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST > 2019-12-20T07:10:15-05:00 ab systemd[1]: Stopping System Logging Service... > 2019-12-20T07:10:15-05:00 ab rsyslogd: [origin software="rsyslogd" > swVersion="8.1911.0" x-pid="3071" x-info="https://www.rsyslog.com;] exiting > on signal 15. > 2019-12-20T07:10:15-05:00 ab systemd[1]: rsyslog.service: Succeeded. > 2019-12-20T07:10:15-05:00 ab systemd[1]: Stopped System Logging Service. > 2019-12-20T07:10:15-05:00 ab systemd[1]: Starting System Logging Service... > 2019-12-20T07:10:15-05:00 ab rsyslogd: imuxsock: Acquired UNIX socket > '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.1911.0] > 2019-12-20T07:10:15-05:00 ab rsyslogd: [origin software="rsyslogd" > swVersion="8.1911.0" x-pid="3270" x-info="https://www.rsyslog.com;] start > 2019-12-20T07:10:15-05:00 ab systemd[1]: Started System Logging Service. > 2019-12-20T07:10:18-05:00 ab TESTING: Fri 20 Dec 2019 07:10:18 AM EST > 2019-12-20T07:15:01-05:00 ab CRON[3283]: pam_unix(cron:session): session > opened for user root by (uid=0) > 2019-12-20T07:15:01-05:00 ab CRON[3284]: (root) CMD (command -v debian-sa1 > > /dev/null &&
Re: streaming rsyslog metron using asa parser
On 2019/12/23 11:25:45, Otto Fowler wrote: > That doesn’t look like ASA data. > https://github.com/apache/metron/blob/master/metron-platform/metron-integration-test/src/main/sample/data/asa/raw/asa_raw > > Are you trying to do regular syslog, or ASA. > > > > > On December 23, 2019 at 01:57:38, updates on tube (abrahamfik...@gmail.com) > wrote: > > i was trying to stream rsyslog log data to apache metron using asa parser. > the log look like down below > > 2019-12-20T07:06:41-05:00 ab TESTING: Fri 20 Dec 2019 07:06:41 AM EST > the log 2019-12-20T07:06:41-05:00 ab rsyslogd: action > 'action-13-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.1911.0 try > https://www.rsyslog.com/e/2359 ] > 2019-12-20T07:08:04-05:00 ab TESTING: Fri 20 Dec 2019 07:08:04 AM EST > 2019-12-20T07:08:05-05:00 ab TESTING: Fri 20 Dec 2019 07:08:05 AM EST > 2019-12-20T07:08:06-05:00 ab TESTING: Fri 20 Dec 2019 07:08:06 AM EST > 2019-12-20T07:08:06-05:00 ab TESTING: Fri 20 Dec 2019 07:08:06 AM EST > 2019-12-20T07:08:08-05:00 ab TESTING: Fri 20 Dec 2019 07:08:08 AM EST > 2019-12-20T07:08:08-05:00 ab TESTING: Fri 20 Dec 2019 07:08:08 AM EST > 2019-12-20T07:08:09-05:00 ab TESTING: Fri 20 Dec 2019 07:08:09 AM EST > 2019-12-20T07:08:09-05:00 ab TESTING: Fri 20 Dec 2019 07:08:09 AM EST > 2019-12-20T07:09:01-05:00 ab CRON[3174]: pam_unix(cron:session): session > opened for user root by (uid=0) > 2019-12-20T07:09:01-05:00 ab CRON[3175]: (root) CMD ( [ -x > /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then > /usr/lib/php/sessionclean; fi) > 2019-12-20T07:09:01-05:00 ab CRON[3174]: pam_unix(cron:session): session > closed for user root > 2019-12-20T07:09:01-05:00 ab systemd[1]: Starting Clean php session > files... > 2019-12-20T07:09:01-05:00 ab systemd[1]: phpsessionclean.service: > Succeeded. > 2019-12-20T07:09:01-05:00 ab systemd[1]: Started Clean php session files. > 2019-12-20T07:10:04-05:00 ab TESTING: Fri 20 Dec 2019 07:10:04 AM EST > 2019-12-20T07:10:05-05:00 ab TESTING: Fri 20 Dec 2019 07:10:05 AM EST > 2019-12-20T07:10:05-05:00 ab TESTING: Fri 20 Dec 2019 07:10:05 AM EST > 2019-12-20T07:10:06-05:00 ab TESTING: Fri 20 Dec 2019 07:10:06 AM EST > 2019-12-20T07:10:07-05:00 ab TESTING: Fri 20 Dec 2019 07:10:07 AM EST > 2019-12-20T07:10:07-05:00 ab TESTING: Fri 20 Dec 2019 07:10:07 AM EST > 2019-12-20T07:10:08-05:00 ab TESTING: Fri 20 Dec 2019 07:10:08 AM EST > 2019-12-20T07:10:08-05:00 ab TESTING: Fri 20 Dec 2019 07:10:08 AM EST > 2019-12-20T07:10:09-05:00 ab TESTING: Fri 20 Dec 2019 07:10:09 AM EST > 2019-12-20T07:10:09-05:00 ab TESTING: Fri 20 Dec 2019 07:10:09 AM EST > 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST > 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST > 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST > 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST > 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST > 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST > 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST > 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST > 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST > 2019-12-20T07:10:13-05:00 ab TESTING: Fri 20 Dec 2019 07:10:13 AM EST > 2019-12-20T07:10:13-05:00 ab TESTING: Fri 20 Dec 2019 07:10:13 AM EST > 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST > 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST > 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST > 2019-12-20T07:10:15-05:00 ab systemd[1]: Stopping System Logging Service... > 2019-12-20T07:10:15-05:00 ab rsyslogd: [origin software="rsyslogd" > swVersion="8.1911.0" x-pid="3071" x-info="https://www.rsyslog.com;] exiting > on signal 15. > 2019-12-20T07:10:15-05:00 ab systemd[1]: rsyslog.service: Succeeded. > 2019-12-20T07:10:15-05:00 ab systemd[1]: Stopped System Logging Service. > 2019-12-20T07:10:15-05:00 ab systemd[1]: Starting System Logging Service... > 2019-12-20T07:10:15-05:00 ab rsyslogd: imuxsock: Acquired UNIX socket > '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.1911.0] > 2019-12-20T07:10:15-05:00 ab rsyslogd: [origin software="rsyslogd" > swVersion="8.1911.0" x-pid="3270" x-info="https://www.rsyslog.com;] start > 2019-12-20T07:10:15-05:00 ab systemd[1]: Started System Logging Service. > 2019-12-20T07:10:18-05:00 ab TESTING: Fri 20 Dec 2019 07:10:18 AM EST > 2019-12-20T07:15:01-05:00 ab CRON[3283]: pam_unix(cron:session): session > opened for user root by (uid=0) > 2019-12-20T07:15:01-05:00 ab CRON[3284]: (root) CMD (command -v debian-sa1 > > /dev/null && debian-sa1 1 1) > 2019-12-20T07:15:01-05:00 ab CRON[3283]: pam_unix(cron:session): session > closed for user root > 2019-12-20T07:17:01-05:00 ab CRON[3323]: pam_unix(cron:session): session > opened for user root by (uid=0) > 2019-12-20T07:17:01-05:00 ab CRON[3324]: (root) CMD ( cd
Re: streaming rsyslog metron using asa parser
That doesn’t look like ASA data. https://github.com/apache/metron/blob/master/metron-platform/metron-integration-test/src/main/sample/data/asa/raw/asa_raw Are you trying to do regular syslog, or ASA. On December 23, 2019 at 01:57:38, updates on tube (abrahamfik...@gmail.com) wrote: i was trying to stream rsyslog log data to apache metron using asa parser. the log look like down below 2019-12-20T07:06:41-05:00 ab TESTING: Fri 20 Dec 2019 07:06:41 AM EST the log 2019-12-20T07:06:41-05:00 ab rsyslogd: action 'action-13-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.1911.0 try https://www.rsyslog.com/e/2359 ] 2019-12-20T07:08:04-05:00 ab TESTING: Fri 20 Dec 2019 07:08:04 AM EST 2019-12-20T07:08:05-05:00 ab TESTING: Fri 20 Dec 2019 07:08:05 AM EST 2019-12-20T07:08:06-05:00 ab TESTING: Fri 20 Dec 2019 07:08:06 AM EST 2019-12-20T07:08:06-05:00 ab TESTING: Fri 20 Dec 2019 07:08:06 AM EST 2019-12-20T07:08:08-05:00 ab TESTING: Fri 20 Dec 2019 07:08:08 AM EST 2019-12-20T07:08:08-05:00 ab TESTING: Fri 20 Dec 2019 07:08:08 AM EST 2019-12-20T07:08:09-05:00 ab TESTING: Fri 20 Dec 2019 07:08:09 AM EST 2019-12-20T07:08:09-05:00 ab TESTING: Fri 20 Dec 2019 07:08:09 AM EST 2019-12-20T07:09:01-05:00 ab CRON[3174]: pam_unix(cron:session): session opened for user root by (uid=0) 2019-12-20T07:09:01-05:00 ab CRON[3175]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi) 2019-12-20T07:09:01-05:00 ab CRON[3174]: pam_unix(cron:session): session closed for user root 2019-12-20T07:09:01-05:00 ab systemd[1]: Starting Clean php session files... 2019-12-20T07:09:01-05:00 ab systemd[1]: phpsessionclean.service: Succeeded. 2019-12-20T07:09:01-05:00 ab systemd[1]: Started Clean php session files. 2019-12-20T07:10:04-05:00 ab TESTING: Fri 20 Dec 2019 07:10:04 AM EST 2019-12-20T07:10:05-05:00 ab TESTING: Fri 20 Dec 2019 07:10:05 AM EST 2019-12-20T07:10:05-05:00 ab TESTING: Fri 20 Dec 2019 07:10:05 AM EST 2019-12-20T07:10:06-05:00 ab TESTING: Fri 20 Dec 2019 07:10:06 AM EST 2019-12-20T07:10:07-05:00 ab TESTING: Fri 20 Dec 2019 07:10:07 AM EST 2019-12-20T07:10:07-05:00 ab TESTING: Fri 20 Dec 2019 07:10:07 AM EST 2019-12-20T07:10:08-05:00 ab TESTING: Fri 20 Dec 2019 07:10:08 AM EST 2019-12-20T07:10:08-05:00 ab TESTING: Fri 20 Dec 2019 07:10:08 AM EST 2019-12-20T07:10:09-05:00 ab TESTING: Fri 20 Dec 2019 07:10:09 AM EST 2019-12-20T07:10:09-05:00 ab TESTING: Fri 20 Dec 2019 07:10:09 AM EST 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST 2019-12-20T07:10:13-05:00 ab TESTING: Fri 20 Dec 2019 07:10:13 AM EST 2019-12-20T07:10:13-05:00 ab TESTING: Fri 20 Dec 2019 07:10:13 AM EST 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST 2019-12-20T07:10:15-05:00 ab systemd[1]: Stopping System Logging Service... 2019-12-20T07:10:15-05:00 ab rsyslogd: [origin software="rsyslogd" swVersion="8.1911.0" x-pid="3071" x-info="https://www.rsyslog.com;] exiting on signal 15. 2019-12-20T07:10:15-05:00 ab systemd[1]: rsyslog.service: Succeeded. 2019-12-20T07:10:15-05:00 ab systemd[1]: Stopped System Logging Service. 2019-12-20T07:10:15-05:00 ab systemd[1]: Starting System Logging Service... 2019-12-20T07:10:15-05:00 ab rsyslogd: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.1911.0] 2019-12-20T07:10:15-05:00 ab rsyslogd: [origin software="rsyslogd" swVersion="8.1911.0" x-pid="3270" x-info="https://www.rsyslog.com;] start 2019-12-20T07:10:15-05:00 ab systemd[1]: Started System Logging Service. 2019-12-20T07:10:18-05:00 ab TESTING: Fri 20 Dec 2019 07:10:18 AM EST 2019-12-20T07:15:01-05:00 ab CRON[3283]: pam_unix(cron:session): session opened for user root by (uid=0) 2019-12-20T07:15:01-05:00 ab CRON[3284]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) 2019-12-20T07:15:01-05:00 ab CRON[3283]: pam_unix(cron:session): session closed for user root 2019-12-20T07:17:01-05:00 ab CRON[3323]: pam_unix(cron:session): session opened for user root by (uid=0) 2019-12-20T07:17:01-05:00 ab CRON[3324]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) 2019-12-20T07:17:01-05:00 ab CRON[3323]: pam_unix(cron:session): session closed for user root 2019-12-20T07:25:01-05:00 ab CRON[]: pam_unix(cron:session): session
