On 2019/12/26 14:19:09, Otto Fowler <ottobackwa...@gmail.com> wrote: > You are saying different things that are confusing me. > You seemed to be saying that you couldn’t parse, but now you are saying you > can parse, and see things in kibana but they are not in the alert ui?
> yes based on what you suggest me before, i can push sample log from > (https://github.com/apache/metron/blob/master/metron-platform/metron-integration-test/src/main/sample/data/asa/raw/asa_raw) > and to kafka topic and storm parsed it and i see it in kibana ui; but can't > see it on the metron alart ui that is the problem. parsing is going well.. > > On December 25, 2019 at 10:47:54, updates on tube (abrahamfik...@gmail.com) > wrote: > > On 2019/12/23 11:25:45, Otto Fowler <ottobackwa...@gmail.com> wrote: > > That doesn’t look like ASA data. > > > https://github.com/apache/metron/blob/master/metron-platform/metron-integration-test/src/main/sample/data/asa/raw/asa_raw > > > > Are you trying to do regular syslog, or ASA. > > > > > > > > > > On December 23, 2019 at 01:57:38, updates on tube (abrahamfik...@gmail.com) > > > wrote: > > > > i was trying to stream rsyslog log data to apache metron using asa > parser. > > the log look like down below > > > > 2019-12-20T07:06:41-05:00 ab TESTING: Fri 20 Dec 2019 07:06:41 AM EST > > the log 2019-12-20T07:06:41-05:00 ab rsyslogd: action > > 'action-13-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.1911.0 try > > https://www.rsyslog.com/e/2359 ] > > 2019-12-20T07:08:04-05:00 ab TESTING: Fri 20 Dec 2019 07:08:04 AM EST > > 2019-12-20T07:08:05-05:00 ab TESTING: Fri 20 Dec 2019 07:08:05 AM EST > > 2019-12-20T07:08:06-05:00 ab TESTING: Fri 20 Dec 2019 07:08:06 AM EST > > 2019-12-20T07:08:06-05:00 ab TESTING: Fri 20 Dec 2019 07:08:06 AM EST > > 2019-12-20T07:08:08-05:00 ab TESTING: Fri 20 Dec 2019 07:08:08 AM EST > > 2019-12-20T07:08:08-05:00 ab TESTING: Fri 20 Dec 2019 07:08:08 AM EST > > 2019-12-20T07:08:09-05:00 ab TESTING: Fri 20 Dec 2019 07:08:09 AM EST > > 2019-12-20T07:08:09-05:00 ab TESTING: Fri 20 Dec 2019 07:08:09 AM EST > > 2019-12-20T07:09:01-05:00 ab CRON[3174]: pam_unix(cron:session): session > > opened for user root by (uid=0) > > 2019-12-20T07:09:01-05:00 ab CRON[3175]: (root) CMD ( [ -x > > /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then > > /usr/lib/php/sessionclean; fi) > > 2019-12-20T07:09:01-05:00 ab CRON[3174]: pam_unix(cron:session): session > > closed for user root > > 2019-12-20T07:09:01-05:00 ab systemd[1]: Starting Clean php session > > files... > > 2019-12-20T07:09:01-05:00 ab systemd[1]: phpsessionclean.service: > > Succeeded. > > 2019-12-20T07:09:01-05:00 ab systemd[1]: Started Clean php session files. > > 2019-12-20T07:10:04-05:00 ab TESTING: Fri 20 Dec 2019 07:10:04 AM EST > > 2019-12-20T07:10:05-05:00 ab TESTING: Fri 20 Dec 2019 07:10:05 AM EST > > 2019-12-20T07:10:05-05:00 ab TESTING: Fri 20 Dec 2019 07:10:05 AM EST > > 2019-12-20T07:10:06-05:00 ab TESTING: Fri 20 Dec 2019 07:10:06 AM EST > > 2019-12-20T07:10:07-05:00 ab TESTING: Fri 20 Dec 2019 07:10:07 AM EST > > 2019-12-20T07:10:07-05:00 ab TESTING: Fri 20 Dec 2019 07:10:07 AM EST > > 2019-12-20T07:10:08-05:00 ab TESTING: Fri 20 Dec 2019 07:10:08 AM EST > > 2019-12-20T07:10:08-05:00 ab TESTING: Fri 20 Dec 2019 07:10:08 AM EST > > 2019-12-20T07:10:09-05:00 ab TESTING: Fri 20 Dec 2019 07:10:09 AM EST > > 2019-12-20T07:10:09-05:00 ab TESTING: Fri 20 Dec 2019 07:10:09 AM EST > > 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST > > 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST > > 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 07:10:10 AM EST > > 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST > > 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST > > 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 07:10:11 AM EST > > 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST > > 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST > > 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 07:10:12 AM EST > > 2019-12-20T07:10:13-05:00 ab TESTING: Fri 20 Dec 2019 07:10:13 AM EST > > 2019-12-20T07:10:13-05:00 ab TESTING: Fri 20 Dec 2019 07:10:13 AM EST > > 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST > > 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST > > 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 07:10:14 AM EST > > 2019-12-20T07:10:15-05:00 ab systemd[1]: Stopping System Logging > Service... > > 2019-12-20T07:10:15-05:00 ab rsyslogd: [origin software="rsyslogd" > > swVersion="8.1911.0" x-pid="3071" x-info="https://www.rsyslog.com";] > exiting > > on signal 15. > > 2019-12-20T07:10:15-05:00 ab systemd[1]: rsyslog.service: Succeeded. > > 2019-12-20T07:10:15-05:00 ab systemd[1]: Stopped System Logging Service. > > 2019-12-20T07:10:15-05:00 ab systemd[1]: Starting System Logging > Service... > > 2019-12-20T07:10:15-05:00 ab rsyslogd: imuxsock: Acquired UNIX socket > > '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.1911.0] > > 2019-12-20T07:10:15-05:00 ab rsyslogd: [origin software="rsyslogd" > > swVersion="8.1911.0" x-pid="3270" x-info="https://www.rsyslog.com";] start > > 2019-12-20T07:10:15-05:00 ab systemd[1]: Started System Logging Service. > > 2019-12-20T07:10:18-05:00 ab TESTING: Fri 20 Dec 2019 07:10:18 AM EST > > 2019-12-20T07:15:01-05:00 ab CRON[3283]: pam_unix(cron:session): session > > opened for user root by (uid=0) > > 2019-12-20T07:15:01-05:00 ab CRON[3284]: (root) CMD (command -v > debian-sa1 > > > /dev/null && debian-sa1 1 1) > > 2019-12-20T07:15:01-05:00 ab CRON[3283]: pam_unix(cron:session): session > > closed for user root > > 2019-12-20T07:17:01-05:00 ab CRON[3323]: pam_unix(cron:session): session > > opened for user root by (uid=0) > > 2019-12-20T07:17:01-05:00 ab CRON[3324]: (root) CMD ( cd / && run-parts > > --report /etc/cron.hourly) > > 2019-12-20T07:17:01-05:00 ab CRON[3323]: pam_unix(cron:session): session > > closed for user root > > 2019-12-20T07:25:01-05:00 ab CRON[3333]: pam_unix(cron:session): session > > opened for user root by (uid=0) > > 2019-12-20T07:25:01-05:00 ab CRON[3334]: (root) CMD (command -v > debian-sa1 > > > /dev/null && debian-sa1 1 1) > > 2019-12-20T07:25:01-05:00 ab CRON[3333]: pam_unix(cron:session): session > > closed for user root > > 2019-12-20T07:29:38-05:00 ab snapd[666]: storehelpers.go:436: cannot > > refresh: snap has no updates available: "barrier", "barrier-kvm", > > "gtk-common-themes", "notepad-plus-plus", "snapd", > "wine-platform-3-stable" > > 2019-12-20T07:34:26-05:00 ab smartd[665]: Device: /dev/sda [SAT], SMART > > Usage Attribute: 190 Airflow_Temperature_Cel changed from 67 to 66 > > 2019-12-20T07:34:26-05:00 ab smartd[665]: Device: /dev/sda [SAT], SMART > > Usage Attribute: 194 Temperature_Celsius changed from 110 to 109 > > 2019-12-20T07:35:01-05:00 ab CRON[3450]: pam_unix(cron:session): session > > opened for user root by (uid=0) > > 2019-12-20T07:35:01-05:00 ab CRON[3451]: (root) CMD (command -v > debian-sa1 > > > /dev/null && debian-sa1 1 1) > > 2019-12-20T07:35:01-05:00 ab CRON[3450]: pam_unix(cron:session): session > > closed for user root > > 2019-12-20T07:39:01-05:00 ab CRON[3460]: pam_unix(cron:session): session > > opened for user root by (uid=0) > > 2019-12-20T07:39:01-05:00 ab CRON[3461]: (root) CMD ( [ -x > > /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then > > /usr/lib/php/sessionclean; fi) > > 2019-12-20T07:39:01-05:00 ab CRON[3460]: pam_unix(cron:session): session > > closed for user root > > 2019-12-20T07:39:01-05:00 ab systemd[1]: Starting Clean php session > > files... > > 2019-12-20T07:39:01-05:00 ab systemd[1]: phpsessionclean.service: > > Succeeded. > > 2019-12-20T07:39:01-05:00 ab systemd[1]: Started Clean php session files. > > 2019-12-20T07:45:01-05:00 ab CRON[3525]: pam_unix(cron:session): session > > opened for user root by (uid=0) > > 2019-12-20T07:45:01-05:00 ab CRON[3526]: (root) CMD (command -v > debian-sa1 > > > /dev/null && debian-sa1 1 1) > > 2019-12-20T07:45:01-05:00 ab CRON[3525]: pam_unix(cron:session): session > > closed for user root > > 2019-12-20T07:55:01-05:00 ab CRON[3549]: pam_unix(cron:session): session > > opened for user root by (uid=0) > > 2019-12-20T07:55:01-05:00 ab CRON[3550]: (root) CMD (command -v > debian-sa1 > > > /dev/null && debian-sa1 1 1) > > 2019-12-20T07:55:01-05:00 ab CRON[3549]: pam_unix(cron:session): session > > closed for user root > > 2019-12-20T08:05:01-05:00 ab CRON[3575]: pam_unix(cron:session): session > > opened for user root by (uid=0) > > 2019-12-20T08:05:01-05:00 ab CRON[3576]: (root) CMD (command -v > debian-sa1 > > > /dev/null && debian-sa1 1 1) > > 2019-12-20T08:05:01-05:00 ab CRON[3575]: pam_unix(cron:session): session > > closed for user root > > 2019-12-20T08:09:01-05:00 ab CRON[3586]: pam_unix(cron:session): session > > opened for user root by (uid=0) > > 2019-12-20T08:09:01-05:00 ab CRON[3587]: (root) CMD ( [ -x > > /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then > > /usr/lib/php/sessionclean; fi) > > 2019-12-20T08:09:01-05:00 ab CRON[3586]: pam_unix(cron:session): session > > closed for user root > > 2019-12-20T08:09:01-05:00 ab systemd[1]: Starting Clean php session > > files... > > 2019-12-20T08:09:01-05:00 ab systemd[1]: phpsessionclean.service: > > Succeeded. > > 2019-12-20T08:09:01-05:00 ab systemd[1]: Started Clean php session files > > > > > > > > > > > > > > > > THIS IS THE ERROR FOUND IN STORM UI parserBolt > > > > java.lang.RuntimeException: [Metron] Message '2019-12-20T07:06:41-05:00 > ab > > TESTING: Fri 20 Dec 2019 07:06:41 AM EST 2019-12-20T07:06:41-05:00 ab > > rsyslogd: action 'action-13-builtin:omfwd' resumed (module > 'builtin:omfwd') > > [v8.1911.0 try https://www.rsyslog.com/e/2359 ] 2019-12-20T07:08:04-05:00 > > ab TESTING: Fri 20 Dec 2019 07:08:04 AM EST 2019-12-20T07:08:05-05:00 ab > > TESTING: Fri 20 Dec 2019 07:08:05 AM EST 2019-12-20T07:08:06-05:00 ab > > TESTING: Fri 20 Dec 2019 07:08:06 AM EST 2019-12-20T07:08:06-05:00 ab > > TESTING: Fri 20 Dec 2019 07:08:06 AM EST 2019-12-20T07:08:08-05:00 ab > > TESTING: Fri 20 Dec 2019 07:08:08 AM EST 2019-12-20T07:08:08-05:00 ab > > TESTING: Fri 20 Dec 2019 07:08:08 AM EST 2019-12-20T07:08:09-05:00 ab > > TESTING: Fri 20 Dec 2019 07:08:09 AM EST 2019-12-20T07:08:09-05:00 ab > > TESTING: Fri 20 Dec 2019 07:08:09 AM EST 2019-12-20T07:09:01-05:00 ab > > CRON[3174]: pam_unix(cron:session): session opened for user root by > (uid=0) > > 2019-12-20T07:09:01-05:00 ab CRON[3175]: (root) CMD ( [ -x > > /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then > > /usr/lib/php/sessionclean; fi) 2019-12-20T07:09:01-05:00 ab CRON[3174]: > > pam_unix(cron:session): session closed for user root > > 2019-12-20T07:09:01-05:00 ab systemd[1]: Starting Clean php session > > files... 2019-12-20T07:09:01-05:00 ab systemd[1]: > phpsessionclean.service: > > Succeeded. 2019-12-20T07:09:01-05:00 ab systemd[1]: Started Clean php > > session files. 2019-12-20T07:10:04-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:04 AM EST 2019-12-20T07:10:05-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:05 AM EST 2019-12-20T07:10:05-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:05 AM EST 2019-12-20T07:10:06-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:06 AM EST 2019-12-20T07:10:07-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:07 AM EST 2019-12-20T07:10:07-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:07 AM EST 2019-12-20T07:10:08-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:08 AM EST 2019-12-20T07:10:08-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:08 AM EST 2019-12-20T07:10:09-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:09 AM EST 2019-12-20T07:10:09-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:09 AM EST 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:10 AM EST 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:10 AM EST 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:10 AM EST 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:11 AM EST 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:11 AM EST 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:11 AM EST 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:12 AM EST 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:12 AM EST 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:12 AM EST 2019-12-20T07:10:13-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:13 AM EST 2019-12-20T07:10:13-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:13 AM EST 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:14 AM EST 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:14 AM EST 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:14 AM EST 2019-12-20T07:10:15-05:00 ab systemd[1]: Stopping System > > Logging Service... 2019-12-20T07:10:15-05:00 ab rsyslogd: [origin > > software="rsyslogd" swVersion="8.1911.0" x-pid="3071" x-info=" > > https://www.rsyslog.com";] exiting on signal 15. 2019-12-20T07:10:15-05:00 > > ab systemd[1]: rsyslog.service: Succeeded. 2019-12-20T07:10:15-05:00 ab > > systemd[1]: Stopped System Logging Service. 2019-12-20T07:10:15-05:00 ab > > systemd[1]: Starting System Logging Service... 2019-12-20T07:10:15-05:00 > ab > > rsyslogd: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' > (fd > > 3) from systemd. [v8.1911.0] 2019-12-20T07:10:15-05:00 ab rsyslogd: > [origin > > software="rsyslogd" swVersion="8.1911.0" x-pid="3270" x-info=" > > https://www.rsyslog.com";] start 2019-12-20T07:10:15-05:00 ab systemd[1]: > > Started System Logging Service. 2019-12-20T07:10:18-05:00 ab TESTING: Fri > > 20 Dec 2019 07:10:18 AM EST 2019-12-20T07:15:01-05:00 ab CRON[3283]: > > pam_unix(cron:session): session opened for user root by (uid=0) > > 2019-12-20T07:15:01-05:00 ab CRON[3284]: (root) CMD (command -v > debian-sa1 > > > /dev/null && debian-sa1 1 1) 2019-12-20T07:15:01-05:00 ab CRON[3283]: > > pam_unix(cron:session): session closed for user root > > 2019-12-20T07:17:01-05:00 ab CRON[3323]: pam_unix(cron:session): session > > opened for user root by (uid=0) 2019-12-20T07:17:01-05:00 ab CRON[3324]: > > (root) CMD ( cd / && run-parts --report /etc/cron.hourly) > > 2019-12-20T07:17:01-05:00 ab CRON[3323]: pam_unix(cron:session): session > > closed for user root 2019-12-20T07:25:01-05:00 ab CRON[3333]: > > pam_unix(cron:session): session opened for user root by (uid=0) > > 2019-12-20T07:25:01-05:00 ab CRON[3334]: (root) CMD (command -v > debian-sa1 > > > /dev/null && debian-sa1 1 1) 2019-12-20T07:25:01-05:00 ab CRON[3333]: > > pam_unix(cron:session): session closed for user root > > 2019-12-20T07:29:38-05:00 ab snapd[666]: storehelpers.go:436: cannot > > refresh: snap has no updates available: "barrier", "barrier-kvm", > > "gtk-common-themes", "notepad-plus-plus", "snapd", > "wine-platform-3-stable" > > 2019-12-20T07:34:26-05:00 ab smartd[665]: Device: /dev/sda [SAT], SMART > > Usage Attribute: 190 Airflow_Temperature_Cel changed from 67 to 66 > > 2019-12-20T07:34:26-05:00 ab smartd[665]: Device: /dev/sda [SAT], SMART > > Usage Attribute: 194 Temperature_Celsius changed from 110 to 109 > > 2019-12-20T07:35:01-05:00 ab CRON[3450]: pam_unix(cron:session): session > > opened for user root by (uid=0) 2019-12-20T07:35:01-05:00 ab CRON[3451]: > > (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) > > 2019-12-20T07:35:01-05:00 ab CRON[3450]: pam_unix(cron:session): session > > closed for user root 2019-12-20T07:39:01-05:00 ab CRON[3460]: > > pam_unix(cron:session): session opened for user root by (uid=0) > > 2019-12-20T07:39:01-05:00 ab CRON[3461]: (root) CMD ( [ -x > > /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then > > /usr/lib/php/sessionclean; fi) 2019-12-20T07:39:01-05:00 ab CRON[3460]: > > pam_unix(cron:session): session closed for user root > > 2019-12-20T07:39:01-05:00 ab systemd[1]: Starting Clean php session > > files... 2019-12-20T07:39:01-05:00 ab systemd[1]: > phpsessionclean.service: > > Succeeded. 2019-12-20T07:39:01-05:00 ab systemd[1]: Started Clean php > > session files. 2019-12-20T07:45:01-05:00 ab CRON[3525]: > > pam_unix(cron:session): session opened for user root by (uid=0) > > 2019-12-20T07:45:01-05:00 ab CRON[3526]: (root) CMD (command -v > debian-sa1 > > > /dev/null && debian-sa1 1 1) 2019-12-20T07:45:01-05:00 ab CRON[3525]: > > pam_unix(cron:session): session closed for user root > > 2019-12-20T07:55:01-05:00 ab CRON[3549]: pam_unix(cron:session): session > > opened for user root by (uid=0) 2019-12-20T07:55:01-05:00 ab CRON[3550]: > > (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) > > 2019-12-20T07:55:01-05:00 ab CRON[3549]: pam_unix(cron:session): session > > closed for user root 2019-12-20T08:05:01-05:00 ab CRON[3575]: > > pam_unix(cron:session): session opened for user root by (uid=0) > > 2019-12-20T08:05:01-05:00 ab CRON[3576]: (root) CMD (command -v > debian-sa1 > > > /dev/null && debian-sa1 1 1) 2019-12-20T08:05:01-05:00 ab CRON[3575]: > > pam_unix(cron:session): session closed for user root > > 2019-12-20T08:09:01-05:00 ab CRON[3586]: pam_unix(cron:session): session > > opened for user root by (uid=0) 2019-12-20T08:09:01-05:00 ab CRON[3587]: > > (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d > > /run/systemd/system ]; then /usr/lib/php/sessionclean; fi) > > 2019-12-20T08:09:01-05:00 ab CRON[3586]: pam_unix(cron:session): session > > closed for user root 2019-12-20T08:09:01-05:00 ab systemd[1]: Starting > > Clean php session files... 2019-12-20T08:09:01-05:00 ab systemd[1]: > > phpsessionclean.service: Succeeded. 2019-12-20T08:09:01-05:00 ab > > systemd[1]: Started Clean php session files. ' does not match pattern > > '%{CISCO_TAGGED_SYSLOG}' at > > > org.apache.metron.parsers.asa.BasicAsaParser.parse(BasicAsaParser.java:184) > > at > > > org.apache.metron.parsers.interfaces.MessageParser.parseOptional(MessageParser.java:54) > > > at > > > org.apache.metron.parsers.interfaces.MessageParser.parseOptionalResult(MessageParser.java:67) > > > at > > > org.apache.metron.parsers.ParserRunnerImpl.execute(ParserRunnerImpl.java:144) > > > at org.apache.metron.parsers.bolt.ParserBolt.execute(ParserBolt.java:257) > > at > > > org.apache.storm.daemon.executor$fn__10195$tuple_action_fn__10197.invoke(executor.clj:735) > > > at > > > org.apache.storm.daemon.executor$mk_task_receiver$fn__10114.invoke(executor.clj:466) > > > at > > > org.apache.storm.disruptor$clojure_handler$reify__4137.onEvent(disruptor.clj:40) > > > at > > > org.apache.storm.utils.DisruptorQueue.consumeBatchToCursor(DisruptorQueue.java:472) > > > at > > > org.apache.storm.utils.DisruptorQueue.consumeBatchWhenAvailable(DisruptorQueue.java:451) > > > at > > > org.apache.storm.disruptor$consume_batch_when_available.invoke(disruptor.clj:73) > > > at > > > org.apache.storm.daemon.executor$fn__10195$fn__10208$fn__10263.invoke(executor.clj:855) > > > at org.apache.storm.util$async_loop$fn__1221.invoke(util.clj:484) at > > clojure.lang.AFn.run(AFn.java:22) at > java.lang.Thread.run(Thread.java:745) > > Caused by: java.lang.RuntimeException: [Metron] Message > > '2019-12-20T07:06:41-05:00 ab TESTING: Fri 20 Dec 2019 07:06:41 AM EST > > 2019-12-20T07:06:41-05:00 ab rsyslogd: action 'action-13-builtin:omfwd' > > resumed (module 'builtin:omfwd') [v8.1911.0 try > > https://www.rsyslog.com/e/2359 ] 2019-12-20T07:08:04-05:00 ab TESTING: > Fri > > 20 Dec 2019 07:08:04 AM EST 2019-12-20T07:08:05-05:00 ab TESTING: Fri 20 > > Dec 2019 07:08:05 AM EST 2019-12-20T07:08:06-05:00 ab TESTING: Fri 20 Dec > > 2019 07:08:06 AM EST 2019-12-20T07:08:06-05:00 ab TESTING: Fri 20 Dec > 2019 > > 07:08:06 AM EST 2019-12-20T07:08:08-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:08:08 AM EST 2019-12-20T07:08:08-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:08:08 AM EST 2019-12-20T07:08:09-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:08:09 AM EST 2019-12-20T07:08:09-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:08:09 AM EST 2019-12-20T07:09:01-05:00 ab CRON[3174]: > > pam_unix(cron:session): session opened for user root by (uid=0) > > 2019-12-20T07:09:01-05:00 ab CRON[3175]: (root) CMD ( [ -x > > /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then > > /usr/lib/php/sessionclean; fi) 2019-12-20T07:09:01-05:00 ab CRON[3174]: > > pam_unix(cron:session): session closed for user root > > 2019-12-20T07:09:01-05:00 ab systemd[1]: Starting Clean php session > > files... 2019-12-20T07:09:01-05:00 ab systemd[1]: > phpsessionclean.service: > > Succeeded. 2019-12-20T07:09:01-05:00 ab systemd[1]: Started Clean php > > session files. 2019-12-20T07:10:04-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:04 AM EST 2019-12-20T07:10:05-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:05 AM EST 2019-12-20T07:10:05-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:05 AM EST 2019-12-20T07:10:06-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:06 AM EST 2019-12-20T07:10:07-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:07 AM EST 2019-12-20T07:10:07-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:07 AM EST 2019-12-20T07:10:08-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:08 AM EST 2019-12-20T07:10:08-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:08 AM EST 2019-12-20T07:10:09-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:09 AM EST 2019-12-20T07:10:09-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:09 AM EST 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:10 AM EST 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:10 AM EST 2019-12-20T07:10:10-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:10 AM EST 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:11 AM EST 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:11 AM EST 2019-12-20T07:10:11-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:11 AM EST 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:12 AM EST 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:12 AM EST 2019-12-20T07:10:12-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:12 AM EST 2019-12-20T07:10:13-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:13 AM EST 2019-12-20T07:10:13-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:13 AM EST 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:14 AM EST 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:14 AM EST 2019-12-20T07:10:14-05:00 ab TESTING: Fri 20 Dec 2019 > > 07:10:14 AM EST 2019-12-20T07:10:15-05:00 ab systemd[1]: Stopping System > > Logging Service... 2019-12-20T07:10:15-05:00 ab rsyslogd: [origin > > software="rsyslogd" swVersion="8.1911.0" x-pid="3071" x-info=" > > https://www.rsyslog.com";] exiting on signal 15. 2019-12-20T07:10:15-05:00 > > ab systemd[1]: rsyslog.service: Succeeded. 2019-12-20T07:10:15-05:00 ab > > systemd[1]: Stopped System Logging Service. 2019-12-20T07:10:15-05:00 ab > > systemd[1]: Starting System Logging Service... 2019-12-20T07:10:15-05:00 > ab > > rsyslogd: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' > (fd > > 3) from systemd. [v8.1911.0] 2019-12-20T07:10:15-05:00 ab rsyslogd: > [origin > > software="rsyslogd" swVersion="8.1911.0" x-pid="3270" x-info=" > > https://www.rsyslog.com";] start 2019-12-20T07:10:15-05:00 ab systemd[1]: > > Started System Logging Service. 2019-12-20T07:10:18-05:00 ab TESTING: Fri > > 20 Dec 2019 07:10:18 AM EST 2019-12-20T07:15:01-05:00 ab CRON[3283]: > > pam_unix(cron:session): session opened for user root by (uid=0) > > 2019-12-20T07:15:01-05:00 ab CRON[3284]: (root) CMD (command -v > debian-sa1 > > > /dev/null && debian-sa1 1 1) 2019-12-20T07:15:01-05:00 ab CRON[3283]: > > pam_unix(cron:session): session closed for user root > > 2019-12-20T07:17:01-05:00 ab CRON[3323]: pam_unix(cron:session): session > > opened for user root by (uid=0) 2019-12-20T07:17:01-05:00 ab CRON[3324]: > > (root) CMD ( cd / && run-parts --report /etc/cron.hourly) > > 2019-12-20T07:17:01-05:00 ab CRON[3323]: pam_unix(cron:session): session > > closed for user root 2019-12-20T07:25:01-05:00 ab CRON[3333]: > > pam_unix(cron:session): session opened for user root by (uid=0) > > 2019-12-20T07:25:01-05:00 ab CRON[3334]: (root) CMD (command -v > debian-sa1 > > > /dev/null && debian-sa1 1 1) 2019-12-20T07:25:01-05:00 ab CRON[3333]: > > pam_unix(cron:session): session closed for user root > > 2019-12-20T07:29:38-05:00 ab snapd[666]: storehelpers.go:436: cannot > > refresh: snap has no updates available: "barrier", "barrier-kvm", > > "gtk-common-themes", "notepad-plus-plus", "snapd", > "wine-platform-3-stable" > > 2019-12-20T07:34:26-05:00 ab smartd[665]: Device: /dev/sda [SAT], SMART > > Usage Attribute: 190 Airflow_Temperature_Cel changed from 67 to 66 > > 2019-12-20T07:34:26-05:00 ab smartd[665]: Device: /dev/sda [SAT], SMART > > Usage Attribute: 194 Temperature_Celsius changed from 110 to 109 > > 2019-12-20T07:35:01-05:00 ab CRON[3450]: pam_unix(cron:session): session > > opened for user root by (uid=0) 2019-12-20T07:35:01-05:00 ab CRON[3451]: > > (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) > > 2019-12-20T07:35:01-05:00 ab CRON[3450]: pam_unix(cron:session): session > > closed for user root 2019-12-20T07:39:01-05:00 ab CRON[3460]: > > pam_unix(cron:session): session opened for user root by (uid=0) > > 2019-12-20T07:39:01-05:00 ab CRON[3461]: (root) CMD ( [ -x > > /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then > > /usr/lib/php/sessionclean; fi) 2019-12-20T07:39:01-05:00 ab CRON[3460]: > > pam_unix(cron:session): session closed for user root > > 2019-12-20T07:39:01-05:00 ab systemd[1]: Starting Clean php session > > files... 2019-12-20T07:39:01-05:00 ab systemd[1]: > phpsessionclean.service: > > Succeeded. 2019-12-20T07:39:01-05:00 ab systemd[1]: Started Clean php > > session files. 2019-12-20T07:45:01-05:00 ab CRON[3525]: > > pam_unix(cron:session): session opened for user root by (uid=0) > > 2019-12-20T07:45:01-05:00 ab CRON[3526]: (root) CMD (command -v > debian-sa1 > > > /dev/null && debian-sa1 1 1) 2019-12-20T07:45:01-05:00 ab CRON[3525]: > > pam_unix(cron:session): session closed for user root > > 2019-12-20T07:55:01-05:00 ab CRON[3549]: pam_unix(cron:session): session > > opened for user root by (uid=0) 2019-12-20T07:55:01-05:00 ab CRON[3550]: > > (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) > > 2019-12-20T07:55:01-05:00 ab CRON[3549]: pam_unix(cron:session): session > > closed for user root 2019-12-20T08:05:01-05:00 ab CRON[3575]: > > pam_unix(cron:session): session opened for user root by (uid=0) > > 2019-12-20T08:05:01-05:00 ab CRON[3576]: (root) CMD (command -v > debian-sa1 > > > /dev/null && debian-sa1 1 1) 2019-12-20T08:05:01-05:00 ab CRON[3575]: > > pam_unix(cron:session): session closed for user root > > 2019-12-20T08:09:01-05:00 ab CRON[3586]: pam_unix(cron:session): session > > opened for user root by (uid=0) 2019-12-20T08:09:01-05:00 ab CRON[3587]: > > (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d > > /run/systemd/system ]; then /usr/lib/php/sessionclean; fi) > > 2019-12-20T08:09:01-05:00 ab CRON[3586]: pam_unix(cron:session): session > > closed for user root 2019-12-20T08:09:01-05:00 ab systemd[1]: Starting > > Clean php session files... 2019-12-20T08:09:01-05:00 ab systemd[1]: > > phpsessionclean.service: Succeeded. 2019-12-20T08:09:01-05:00 ab > > systemd[1]: Started Clean php session files. ' does not match pattern > > '%{CISCO_TAGGED_SYSLOG}' at > > > org.apache.metron.parsers.asa.BasicAsaParser.parse(BasicAsaParser.java:178) > > ... 14 more > > > > i need your help???? as always > >i really appriciate your reply it works when i use sample log on github > but the problem is that i can't push asa, and websphare and syslog data > from kibana to metron alert ui i can see them on kibana can you help me > with that please???? @Otto Fowler >
