Let's Talk
Let's Talk

xm_w3c does not work NXlog EE

Tags:
#1 absolis

hello, I am testing the NXlog EE, but the module xm_w3c does not work, do not parse the logs of BRO, you can help me.

<Extension w3c>
    Module xm_w3c
    Delimiter ,
</Extension>

<Input i.bro.log>
    Module im_file
    File "/mnt/*.log"
    InputType w3c
</Input>
<Output o.bro.log>
   Module om_ssl
   Host 192.168.0.38
   Port 10525
   CAFile /data/conf/ca.crt
   AllowUntrusted TRUE
</Output>
<Route r.bro.log>
    Path i.bro.log => o.bro.log
</Route>

# ./nxlog-processor 
2017-12-27 20:38:33 INFO connecting to 192.168.0.38:10525
2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S'
2017-12-27 20:39:47 ERROR last message repeated 15 times
2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE
2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE
2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S'
2017-12-27 20:39:47 ERROR last message repeated 10 times
2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE
2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S'
2017-12-27 20:39:47 ERROR last message repeated 34 times
2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE

Bro Files ![Bro files][Bro files]

Graylog2 Graylog2

Permalink
#2 absolis
#1 absolis
hello, I am testing the NXlog EE, but the module xm_w3c does not work, do not parse the logs of BRO, you can help me. <Extension w3c> Module xm_w3c Delimiter , </Extension> <Input i.bro.log> Module im_file File "/mnt/*.log" InputType w3c </Input> <Output o.bro.log> Module om_ssl Host 192.168.0.38 Port 10525 CAFile /data/conf/ca.crt AllowUntrusted TRUE </Output> <Route r.bro.log> Path i.bro.log => o.bro.log </Route> # ./nxlog-processor 2017-12-27 20:38:33 INFO connecting to 192.168.0.38:10525 2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S' 2017-12-27 20:39:47 ERROR last message repeated 15 times 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE 2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S' 2017-12-27 20:39:47 ERROR last message repeated 10 times 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE 2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S' 2017-12-27 20:39:47 ERROR last message repeated 34 times 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE Bro Files ![Bro files][Bro files] Graylog2

Config

<Extension w3c> Module xm_w3c Delimiter , </Extension>

<Input i.bro.log> Module im_file File "/mnt/*.log" InputType w3c </Input> <Output o.bro.log> Module om_ssl Host 192.168.0.38 Port 10525 CAFile /data/conf/ca.>crt AllowUntrusted TRUE </Output> <Route r.bro.log> Path i.bro.log => o.bro.log </Route>

Error

./nxlog-processor

2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S' 2017-12-27 20:39:47 ERROR last message repeated 15 times 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE 2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S' 2017-12-27 20:39:47 ERROR last message repeated 10 times 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE 2017-12-27 20:39:47 ERROR cannot parse integer "SUCCESS", invalid modifier: 'S' 2017-12-27 20:39:47 ERROR last message repeated 34 times 2017-12-27 20:39:47 ERROR couldn't parse integer: LOGON_FAILURE
Login to see more