FortiSIEM Discussions
adem_netsys
Contributor

Parser Inability to Enable

Hi,

I have installed an agent on my windows 2008 R2 machine and I am getting the logs here but the logs are not parsed because the raw message is split into several parts, to try to fix this I disable the default parser but it does not test and does not produce a positive / negative output. I do not encounter such a problem in my test environment. When I want to validate the rule in the default, it gives an error in the xml, but it was working before, it is not possible to have an error because it is the system parser.Ekran görüntüsü 2024-05-15 163125.png

 

13 REPLIES 13
samdharar
New Contributor

I'm also facing the same problem on ForiSIEM 7.1.3, the testing goes on forever and can't enable the custom parser.

adem_netsys

@samdharar 

Did you find a solution or is the situation the same?

samdharar

It goes on still, even when trying to enable previously tested parsers. So its sure that its not behaving this way due to some error in the parser. Its something wrong with the FortiSIEM nodes/appliances. I do get a proxy error few seconds after I start the testing for the parser. 

KarlH
Contributor

Linking my issue here. I cannot get my parser to enable validation passes and testing passes Does Fortinet have any explanation? other then its wonky I cannot follow the steps in the 7.1.3 user guide. they don't work. It's an endless loop of validating and testing.

https://community.fortinet.com/t5/FortiSIEM-Discussions/Cannot-Enable-a-new-parser-which-passes-vali...

Karl Henning, Security Engineer, CISSP
Karl Henning, Security Engineer, CISSP
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"