Skip to main content
dicatalin
dicatalin
New Member
October 19, 2018
Question

Linux logs are not parsed correct

  • October 19, 2018
  • 2 replies
  • 2961 views

UnixParser assign as Event Type Generic_Unix_sshd_Generic for ssh login / logout events in analytics but if i run a parser test on log the event is correct assigned.

This make impossibile to generate reports in login / logout events.

 

Thank you

 

 

    2 replies

    dicatalin
    dicatalinAuthor
    New Member
    October 30, 2018

    I found the problem. I set rsyslog to send logs in RFC 5424 and fortisiem seams to have trouble interpreting this format. I leave default format and logs are parsed correctly.

    FSM_FTNT
    Staff
    FSM_FTNT
    Staff
    July 30, 2019

    Did you get this sorted? If not, share with me the log (PM) if needed and I will check it out.

     

    Thanks

    Terms & ConditionsAccessibility statement