Help
FortiSIEM Discussions
adem_netsys
Contributor

Created on ‎05-15-2024 06:37 AM

Parser Inability to Enable

Hi,

I have installed an agent on my windows 2008 R2 machine and I am getting the logs here but the logs are not parsed because the raw message is split into several parts, to try to fix this I disable the default parser but it does not test and does not produce a positive / negative output. I do not encounter such a problem in my test environment. When I want to validate the rule in the default, it gives an error in the xml, but it was working before, it is not possible to have an error because it is the system parser.Ekran görüntüsü 2024-05-15 163125.png

 

407
0 Kudos
12 REPLIES 12
samdharar
New Contributor

Created on ‎05-15-2024 11:09 AM

I'm also facing the same problem on ForiSIEM 7.1.3, the testing goes on forever and can't enable the custom parser.

167
0 Kudos
adem_netsys
Contributor
In response to samdharar

Created on ‎05-17-2024 12:46 AM

@samdharar 

Did you find a solution or is the situation the same?

80
0 Kudos
samdharar
New Contributor
In response to adem_netsys

Created on ‎05-17-2024 08:26 AM

It goes on still, even when trying to enable previously tested parsers. So its sure that its not behaving this way due to some error in the parser. Its something wrong with the FortiSIEM nodes/appliances. I do get a proxy error few seconds after I start the testing for the parser. 

67
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.