4 Replies Latest reply on Jun 16, 2017 2:29 AM by marcotiz

    SIEM custom parser

    marcotiz

      Hi all,

       

       

      i'm trying to create a simple custom parser in CEF format. Every filed matches correctly when I test a log as a semple data in parser creation phase. Once created and deployed the custom parser on a specific data source, parser does not works. I tried to upload the same log used during parser creation but it does not match. What could be the problem?

       

       

      thanks in advance for the answers

       

       

      Marco