#1 absolis 7 years ago

hello, I am testing the NXlog EE, but the module xm_w3c does not work, do not parse the logs of BRO, you can help me. Module xm_w3c Delimiter , Module im_file File "/mnt/*.log" InputType w3c Module om_ssl Host 192.168.0.38 Port 10525 CAFile /data/conf/ca.crt AllowUntrusted TRUE Path i.bro.log => o.bro.log # ./nxlog-processor 2017-12-27 20:38:33 INFO connecting to 192.168.0.38:10525 2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S' 2017-12-27 20:39:47 ERROR last message repeated 15 times 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE 2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S' 2017-12-27 20:39:47 ERROR last message repeated 10 times 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE 2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S' 2017-12-27 20:39:47 ERROR last message repeated 34 times 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE Bro Files ![Bro files][Bro files] [Graylog2]: https://image.ibb.co/fCCGHG/Screenshot_20171227_225122.png ![Graylog2] [Graylog2]

Permalink

#2 absolis 7 years ago

#1 absolis

hello, I am testing the NXlog EE, but the module xm_w3c does not work, do not parse the logs of BRO, you can help me. <Extension w3c> Module xm_w3c Delimiter , </Extension> <Input i.bro.log> Module im_file File "/mnt/*.log" InputType w3c </Input> <Output o.bro.log> Module om_ssl Host 192.168.0.38 Port 10525 CAFile /data/conf/ca.crt AllowUntrusted TRUE </Output> <Route r.bro.log> Path i.bro.log => o.bro.log </Route> # ./nxlog-processor 2017-12-27 20:38:33 INFO connecting to 192.168.0.38:10525 2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S' 2017-12-27 20:39:47 ERROR last message repeated 15 times 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE 2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S' 2017-12-27 20:39:47 ERROR last message repeated 10 times 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE 2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S' 2017-12-27 20:39:47 ERROR last message repeated 34 times 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE Bro Files ![Bro files][Bro files] Graylog2

Config

<Extension w3c> Module xm_w3c Delimiter , </Extension>

<Input i.bro.log> Module im_file File "/mnt/*.log" InputType w3c </Input> <Output o.bro.log> Module om_ssl Host 192.168.0.38 Port 10525 CAFile /data/conf/ca.>crt AllowUntrusted TRUE </Output> <Route r.bro.log> Path i.bro.log => o.bro.log </Route>

Error

./nxlog-processor

2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S' 2017-12-27 20:39:47 ERROR last message repeated 15 times 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE 2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S' 2017-12-27 20:39:47 ERROR last message repeated 10 times 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE 2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S' 2017-12-27 20:39:47 ERROR last message repeated 34 times 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE

xm_w3c does not work NXlog EE

./nxlog-processor