1. I have a 3rd party application located on linux server (ubutu 12). I made a ASP to parse the log as a generic data source through SCP. The application generates the multiple rows log files periodically. but I found for my receiver cloud fetch file from the remote server, but only the first row would be put into the parser..Others would be wrongly recorded as 'Other'.
On the drill down panel , when I clicked the retrieve packet , I could see only the first row of the remote log file... Any explanations for this?
It seems Nitroviewer is getting everything and parse the first row in a normal way while marks others as 'Other'.
2. When I saw some events/logs have been marked as 'Other' , can I make a deeper drill down to see why the parser did work for these records? and Can I accurately fetch these log records and match them with a specific ASP to see why the parser is not working as other SIEM solutions do?