Hi,

Thanks for reply, I did not made any configuration changes, But I can send
you sample Events
For example
SYSLOG | severity:ERR uid:CvS7064cni4HcD7FU6 id.orig_p:514 id.resp_p:514
proto:udp id.orig_h:10.2.2.1 message:Feb 14 13:16:52 suricata[88128]:
[1:2007994:20] ET MALWARE Suspicious User-Agent (1 space) [Classification: A
Network Trojan was Detected] [Priority: 1] {TCP} 10.2.2.229:37423 ->
168.235.205.6:80 facility:LOCAL5 ts:1550132212.404591 id.resp_h:172.16.4.18


Default Bro Syslog parser does not crunch it and just paste it as this
message

Feb 14 13:16:52 suricata[88128]: [1:2007994:20] ET MALWARE Suspicious
User-Agent (1 space) [Classification: A Network Trojan was Detected]
[Priority: 1] {TCP} 10.2.2.229:37423 -> 168.235.205.6:80 Now the problem is
IP_SRC and IP_DST are being populated as the local IP instead of these ips.
Similar classifications is not set. Please suggest also about windows
events logs for detecting Failed Logins
Feb 14 14:32:18 DC12.tap.local MSWinEventLog 5 Security 182049 Thu Feb 14
14:32:10 2019 4634 Microsoft-Windows-Security-Auditing N/A Audit Success
DC12.tap.local 12545 An account was logged off. Subject: Security ID:
S-1-5-21-761976910-1883327070-1659661340-1104 Account Name: EXG$ Account
Domain: TAP Logon ID: 0x3E3F0A7 Logon Type: 3 This event is generated when
a logon session is destroyed. It may be positively correlated with a logon
event using the Logon ID value. Logon IDs are only unique between reboots
on the same computer.


On Wed, Feb 13, 2019 at 7:01 PM Otto Fowler <ottobackwa...@gmail.com> wrote:

> Also include the configuration of the parser please.
>
>
>
> On February 13, 2019 at 09:00:08, Otto Fowler (ottobackwa...@gmail.com)
> wrote:
>
> Farrukh,
>
> This error means that the syslog line you are passing in is not proper per
> the spec.
> Can you create a jira, with this info, and attach or otherwise include a
> SANITIZED (change IP, machine names, business stuff etc since this will be
> on the internet ) version of
> the failing line?
> I’ll be able to tell you what the issue is and what the options are once I
> can test it.
>
> Not everything sends properly formatted ( to the spec ) syslog.   While
> simple-syslog ( the library I wrote that backs this parser ) makes
> allowances ( for missing priority, different date formats ) it
> cannot handle everything that is possible obviously.
>
> As a not, this same library is used in nifi for the 5424 processor/ record
> reader as well.
>
>
>
>
> On February 13, 2019 at 05:54:42, Farrukh Naveed Anjum (
> anjum.farr...@gmail.com) wrote:
>
> Hi,
> I am trying to utilize for Syslog5424 I am recieving data from Nifi into
> the Kakfa.
>
> I am getting the Parser Exception any help will be appreciated. Following
> is the error.
>
> nerated.Rfc5424Parser.header(Rfc5424Parser.java:412) ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.syslog_msg(Rfc5424Parser.java:273)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.Rfc5424SyslogParser.parseLine(Rfc5424SyslogParser.java:93)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.Rfc5424SyslogParser.lambda$parseLines$0(Rfc5424SyslogParser.java:130)
>  ~[stormjar.jar:?]
>         at java.util.ArrayList.forEach(ArrayList.java:1249) [?:1.8.0_112]
>         at 
> com.github.palindromicity.syslog.Rfc5424SyslogParser.parseLines(Rfc5424SyslogParser.java:128)
>  ~[stormjar.jar:?]
>         at 
> org.apache.metron.parsers.syslog.Syslog5424Parser.parseOptionalResult(Syslog5424Parser.java:103)
>  ~[stormjar.jar:?]
>         at 
> org.apache.metron.parsers.ParserRunnerImpl.execute(ParserRunnerImpl.java:146) 
> ~[stormjar.jar:?]
>         at 
> org.apache.metron.parsers.bolt.ParserBolt.execute(ParserBolt.java:253) 
> [stormjar.jar:?]
>         at 
> org.apache.storm.daemon.executor$fn__10195$tuple_action_fn__10197.invoke(executor.clj:735)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.daemon.executor$mk_task_receiver$fn__10114.invoke(executor.clj:466)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.disruptor$clojure_handler$reify__4137.onEvent(disruptor.clj:40)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.utils.DisruptorQueue.consumeBatchToCursor(DisruptorQueue.java:472)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.utils.DisruptorQueue.consumeBatchWhenAvailable(DisruptorQueue.java:451)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.disruptor$consume_batch_when_available.invoke(disruptor.clj:73)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.daemon.executor$fn__10195$fn__10208$fn__10263.invoke(executor.clj:855)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at org.apache.storm.util$async_loop$fn__1221.invoke(util.clj:484) 
> [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at clojure.lang.AFn.run(AFn.java:22) [clojure-1.7.0.jar:?]
>         at java.lang.Thread.run(Thread.java:745) [?:1.8.0_112]
> Caused by: org.antlr.v4.runtime.NoViableAltException
>         at 
> org.antlr.v4.runtime.atn.ParserATNSimulator.noViableAlt(ParserATNSimulator.java:1894)
>  ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.atn.ParserATNSimulator.execATN(ParserATNSimulator.java:498)
>  ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.atn.ParserATNSimulator.adaptivePredict(ParserATNSimulator.java:424)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.header(Rfc5424Parser.java:373)
>  ~[stormjar.jar:?]
>         ... 18 more
> 2019-02-13 15:52:03.138 o.a.s.d.executor Thread-12-parserBolt-executor[5 5] 
> [ERROR]
> com.github.palindromicity.syslog.dsl.ParseException: Syntax error @ 1:5 no 
> viable alternative at input 'F'
>         at 
> com.github.palindromicity.syslog.dsl.DefaultErrorListener.syntaxError(DefaultErrorListener.java:17)
>  ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.ProxyErrorListener.syntaxError(ProxyErrorListener.java:65)
>  ~[stormjar.jar:?]
>         at org.antlr.v4.runtime.Parser.notifyErrorListeners(Parser.java:558) 
> ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.DefaultErrorStrategy.reportNoViableAlternative(DefaultErrorStrategy.java:310)
>  ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.DefaultErrorStrategy.reportError(DefaultErrorStrategy.java:147)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.header(Rfc5424Parser.java:412)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.syslog_msg(Rfc5424Parser.java:273)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.Rfc5424SyslogParser.parseLine(Rfc5424SyslogParser.java:93)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.Rfc5424SyslogParser.lambda$parseLines$0(Rfc5424SyslogParser.java:130)
>  ~[stormjar.jar:?]
>         at java.util.ArrayList.forEach(ArrayList.java:1249) [?:1.8.0_112]
>         at 
> com.github.palindromicity.syslog.Rfc5424SyslogParser.parseLines(Rfc5424SyslogParser.java:128)
>  ~[stormjar.jar:?]
>         at 
> org.apache.metron.parsers.syslog.Syslog5424Parser.parseOptionalResult(Syslog5424Parser.java:103)
>  ~[stormjar.jar:?]
>         at 
> org.apache.metron.parsers.ParserRunnerImpl.execute(ParserRunnerImpl.java:146) 
> ~[stormjar.jar:?]
>         at 
> org.apache.metron.parsers.bolt.ParserBolt.execute(ParserBolt.java:253) 
> [stormjar.jar:?]
>         at 
> org.apache.storm.daemon.executor$fn__10195$tuple_action_fn__10197.invoke(executor.clj:735)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.daemon.executor$mk_task_receiver$fn__10114.invoke(executor.clj:466)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.disruptor$clojure_handler$reify__4137.onEvent(disruptor.clj:40)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.utils.DisruptorQueue.consumeBatchToCursor(DisruptorQueue.java:472)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.utils.DisruptorQueue.consumeBatchWhenAvailable(DisruptorQueue.java:451)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.disruptor$consume_batch_when_available.invoke(disruptor.clj:73)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.daemon.executor$fn__10195$fn__10208$fn__10263.invoke(executor.clj:855)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at org.apache.storm.util$async_loop$fn__1221.invoke(util.clj:484) 
> [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at clojure.lang.AFn.run(AFn.java:22) [clojure-1.7.0.jar:?]
>         at java.lang.Thread.run(Thread.java:745) [?:1.8.0_112]
> Caused by: org.antlr.v4.runtime.NoViableAltException
>         at 
> org.antlr.v4.runtime.atn.ParserATNSimulator.noViableAlt(ParserATNSimulator.java:1894)
>  ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.atn.ParserATNSimulator.execATN(ParserATNSimulator.java:498)
>  ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.atn.ParserATNSimulator.adaptivePredict(ParserATNSimulator.java:424)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.header(Rfc5424Parser.java:373)
>  ~[stormjar.jar:?]
>         ... 18 more
> 2019-02-13 15:52:03.139 o.a.s.d.executor Thread-12-parserBolt-executor[5 5] 
> [ERROR]
> com.github.palindromicity.syslog.dsl.ParseException: Syntax error @ 1:5 no 
> viable alternative at input 'F'
>         at 
> com.github.palindromicity.syslog.dsl.DefaultErrorListener.syntaxError(DefaultErrorListener.java:17)
>  ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.ProxyErrorListener.syntaxError(ProxyErrorListener.java:65)
>  ~[stormjar.jar:?]
>         at org.antlr.v4.runtime.Parser.notifyErrorListeners(Parser.java:558) 
> ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.DefaultErrorStrategy.reportNoViableAlternative(DefaultErrorStrategy.java:310)
>  ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.DefaultErrorStrategy.reportError(DefaultErrorStrategy.java:147)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.header(Rfc5424Parser.java:412)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.syslog_msg(Rfc5424Parser.java:273)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.Rfc5424SyslogParser.parseLine(Rfc5424SyslogParser.java:93)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.Rfc5424SyslogParser.lambda$parseLines$0(Rfc5424SyslogParser.java:130)
>  ~[stormjar.jar:?]
>         at java.util.ArrayList.forEach(ArrayList.java:1249) [?:1.8.0_112]
>         at 
> com.github.palindromicity.syslog.Rfc5424SyslogParser.parseLines(Rfc5424SyslogParser.java:128)
>  ~[stormjar.jar:?]
>         at 
> org.apache.metron.parsers.syslog.Syslog5424Parser.parseOptionalResult(Syslog5424Parser.java:103)
>  ~[stormjar.jar:?]
>         at 
> org.apache.metron.parsers.ParserRunnerImpl.execute(ParserRunnerImpl.java:146) 
> ~[stormjar.jar:?]
>         at 
> org.apache.metron.parsers.bolt.ParserBolt.execute(ParserBolt.java:253) 
> [stormjar.jar:?]
>         at 
> org.apache.storm.daemon.executor$fn__10195$tuple_action_fn__10197.invoke(executor.clj:735)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.daemon.executor$mk_task_receiver$fn__10114.invoke(executor.clj:466)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.disruptor$clojure_handler$reify__4137.onEvent(disruptor.clj:40)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.utils.DisruptorQueue.consumeBatchToCursor(DisruptorQueue.java:472)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.utils.DisruptorQueue.consumeBatchWhenAvailable(DisruptorQueue.java:451)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.disruptor$consume_batch_when_available.invoke(disruptor.clj:73)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.daemon.executor$fn__10195$fn__10208$fn__10263.invoke(executor.clj:855)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at org.apache.storm.util$async_loop$fn__1221.invoke(util.clj:484) 
> [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at clojure.lang.AFn.run(AFn.java:22) [clojure-1.7.0.jar:?]
>         at java.lang.Thread.run(Thread.java:745) [?:1.8.0_112]
> Caused by: org.antlr.v4.runtime.NoViableAltException
>         at 
> org.antlr.v4.runtime.atn.ParserATNSimulator.noViableAlt(ParserATNSimulator.java:1894)
>  ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.atn.ParserATNSimulator.execATN(ParserATNSimulator.java:498)
>  ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.atn.ParserATNSimulator.adaptivePredict(ParserATNSimulator.java:424)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.header(Rfc5424Parser.java:373)
>  ~[stormjar.jar:?]
>         ... 18 more
> 2019-02-13 15:52:03.139 o.a.s.d.executor Thread-12-parserBolt-executor[5 5] 
> [ERROR]
> com.github.palindromicity.syslog.dsl.ParseException: Syntax error @ 1:5 no 
> viable alternative at input 'F'
>         at 
> com.github.palindromicity.syslog.dsl.DefaultErrorListener.syntaxError(DefaultErrorListener.java:17)
>  ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.ProxyErrorListener.syntaxError(ProxyErrorListener.java:65)
>  ~[stormjar.jar:?]
>         at org.antlr.v4.runtime.Parser.notifyErrorListeners(Parser.java:558) 
> ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.DefaultErrorStrategy.reportNoViableAlternative(DefaultErrorStrategy.java:310)
>  ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.DefaultErrorStrategy.reportError(DefaultErrorStrategy.java:147)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.header(Rfc5424Parser.java:412)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.syslog_msg(Rfc5424Parser.java:273)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.Rfc5424SyslogParser.parseLine(Rfc5424SyslogParser.java:93)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.Rfc5424SyslogParser.lambda$parseLines$0(Rfc5424SyslogParser.java:130)
>  ~[stormjar.jar:?]
>         at java.util.ArrayList.forEach(ArrayList.java:1249) [?:1.8.0_112]
>         at 
> com.github.palindromicity.syslog.Rfc5424SyslogParser.parseLines(Rfc5424SyslogParser.java:128)
>  ~[stormjar.jar:?]
>         at 
> org.apache.metron.parsers.syslog.Syslog5424Parser.parseOptionalResult(Syslog5424Parser.java:103)
>  ~[stormjar.jar:?]
>         at 
> org.apache.metron.parsers.ParserRunnerImpl.execute(ParserRunnerImpl.java:146) 
> ~[stormjar.jar:?]
>         at 
> org.apache.metron.parsers.bolt.ParserBolt.execute(ParserBolt.java:253) 
> [stormjar.jar:?]
>         at 
> org.apache.storm.daemon.executor$fn__10195$tuple_action_fn__10197.invoke(executor.clj:735)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.daemon.executor$mk_task_receiver$fn__10114.invoke(executor.clj:466)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.disruptor$clojure_handler$reify__4137.onEvent(disruptor.clj:40)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.utils.DisruptorQueue.consumeBatchToCursor(DisruptorQueue.java:472)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.utils.DisruptorQueue.consumeBatchWhenAvailable(DisruptorQueue.java:451)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.disruptor$consume_batch_when_available.invoke(disruptor.clj:73)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.daemon.executor$fn__10195$fn__10208$fn__10263.invoke(executor.clj:855)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at org.apache.storm.util$async_loop$fn__1221.invoke(util.clj:484) 
> [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at clojure.lang.AFn.run(AFn.java:22) [clojure-1.7.0.jar:?]
>         at java.lang.Thread.run(Thread.java:745) [?:1.8.0_112]
> Caused by: org.antlr.v4.runtime.NoViableAltException
>         at 
> org.antlr.v4.runtime.atn.ParserATNSimulator.noViableAlt(ParserATNSimulator.java:1894)
>  ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.atn.ParserATNSimulator.execATN(ParserATNSimulator.java:498)
>  ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.atn.ParserATNSimulator.adaptivePredict(ParserATNSimulator.java:424)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.header(Rfc5424Parser.java:373)
>  ~[stormjar.jar:?]
>         ... 18 more
> 2019-02-13 15:52:03.140 o.a.s.d.executor Thread-12-parserBolt-executor[5 5] 
> [ERROR]
> com.github.palindromicity.syslog.dsl.ParseException: Syntax error @ 1:5 no 
> viable alternative at input 'F'
>         at 
> com.github.palindromicity.syslog.dsl.DefaultErrorListener.syntaxError(DefaultErrorListener.java:17)
>  ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.ProxyErrorListener.syntaxError(ProxyErrorListener.java:65)
>  ~[stormjar.jar:?]
>         at org.antlr.v4.runtime.Parser.notifyErrorListeners(Parser.java:558) 
> ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.DefaultErrorStrategy.reportNoViableAlternative(DefaultErrorStrategy.java:310)
>  ~[stormjar.jar:?]
>         at 
> org.antlr.v4.runtime.DefaultErrorStrategy.reportError(DefaultErrorStrategy.java:147)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.header(Rfc5424Parser.java:412)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.dsl.generated.Rfc5424Parser.syslog_msg(Rfc5424Parser.java:273)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.Rfc5424SyslogParser.parseLine(Rfc5424SyslogParser.java:93)
>  ~[stormjar.jar:?]
>         at 
> com.github.palindromicity.syslog.Rfc5424SyslogParser.lambda$parseLines$0(Rfc5424SyslogParser.java:130)
>  ~[stormjar.jar:?]
>         at java.util.ArrayList.forEach(ArrayList.java:1249) [?:1.8.0_112]
>         at 
> com.github.palindromicity.syslog.Rfc5424SyslogParser.parseLines(Rfc5424SyslogParser.java:128)
>  ~[stormjar.jar:?]
>         at 
> org.apache.metron.parsers.syslog.Syslog5424Parser.parseOptionalResult(Syslog5424Parser.java:103)
>  ~[stormjar.jar:?]
>         at 
> org.apache.metron.parsers.ParserRunnerImpl.execute(ParserRunnerImpl.java:146) 
> ~[stormjar.jar:?]
>         at 
> org.apache.metron.parsers.bolt.ParserBolt.execute(ParserBolt.java:253) 
> [stormjar.jar:?]
>         at 
> org.apache.storm.daemon.executor$fn__10195$tuple_action_fn__10197.invoke(executor.clj:735)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.daemon.executor$mk_task_receiver$fn__10114.invoke(executor.clj:466)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.disruptor$clojure_handler$reify__4137.onEvent(disruptor.clj:40)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.utils.DisruptorQueue.consumeBatchToCursor(DisruptorQueue.java:472)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.utils.DisruptorQueue.consumeBatchWhenAvailable(DisruptorQueue.java:451)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.disruptor$consume_batch_when_available.invoke(disruptor.clj:73)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at 
> org.apache.storm.daemon.executor$fn__10195$fn__10208$fn__10263.invoke(executor.clj:855)
>  [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at org.apache.storm.util$async_loop$fn__1221.invoke(util.clj:484) 
> [storm-core-1.1.0.2.6.5.1050-37.jar:1.1.0.2.6.5.1050-37]
>         at clojure.lang.AFn.run(AFn.java:22) [clojure-1.7.0.jar:?]
>         at java.lang.Thread.run(Thread.java:745) [?:1.8.0_112]
>
> --
> With Regards
> Farrukh Naveed Anjum
>
>

-- 
With Regards
Farrukh Naveed Anjum

Reply via email to