Created on
01-27-2023
07:03 AM
Edited on
01-27-2023
07:05 AM
By
Anthony_E
Description |
This article describes how to troubleshoot Parsers in case the Parser Test is successful, but the logs are still not parsed from this Parser. |
Scope | Parsers. |
Solution |
- Review the Parsers documentation:
- If the Parser Test is successful, but the logs are still not parsed from the Parser:
- If the events are not recognized by the parser during the Test and are recognized from another parser or from no parser, then review the event FormatRecognizer. Example:
For this log:
2011-04-14 02:03:59 0.0.0.0(via UDP: [192.168.20.214]:45440) TRAP2, SNMP v2c, community public . Cold Start Trap (0) Uptime: 0:00:00.00 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (30) 0:00:00.30 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.903.8.0.1 SNMPv2-SMI::enterprises.903.1.9.2.1.2 = INTEGER: 2 SNMPv2-SMI::enterprises.903.1.9.2.1.3 = Hex-STRING: 07 DB 03 01 11 0F 38 00 2B 00 00 00 SNMPv2-SMI::enterprises.903.1.9.2.1.4 = INTEGER: 4 SNMPv2-SMI::enterprises.903.1.9.2.1.5 = INTEGER: 1 SNMPv2-SMI::enterprises.903.1.9.2.1.6 = STRING: "Power Down: System is Halting " SNMPv2-SMI::enterprises.903.1.1.9 = INTEGER: 1 SNMPv2-SMI::enterprises.903.1.9.2.1.1 = INTEGER: 13
For further information about parsers and customizations on Parsers, there is a dedicated training: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.