Does anyone parser user information in Netscaler parser, especially login/off information is needed, but logout user and duration information does not come in the default parser.
I tried it in a different environment and it gave the same result, could this be due to the attributes you created for the parser?
This parser doesn't make use of any custom attributes not available in 7.2.0. The temporary variables starting with _ such as _duration do not have any impact on valid parsing of the event. This parser also parses the sample logs given so far correctly in a 7.2.0 version of FortiSIEM.
There may be something else going in, please open a TAC case to schedule a meeting to review.
Thanks,
TAC does not support parser issue.
We will push out this parser change via content update in the next few days. Once available, you can download and install it, and the change should reflect. If the events still are having issues, let them know this is a system parser issue and not a custom parsing request. The case should not be closed.
Hi @Rob_SIEM,
I continue to get the same error after the new update. I get the error "Failed to execute node: collectAndSetAttrByRegex" for 185 lines. I can share new logs with you if you want. I still haven't received a return for the ticket I opened.
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.