"Could not parse timestamp" with OSSEC CEF Format #23
Comments
@dmuntean Please attach a complete message generated by OSSEC 2.9 so we can test our implementation against it. |
Please find the full message below.
|
joschi
pushed a commit
to graylog-labs/cef-parser
that referenced
this issue
Nov 15, 2017
joschi
pushed a commit
that referenced
this issue
Nov 15, 2017
OSSEC is using a "degraded" syslog format without hostname field. Fixes #23
joschi
added a commit
that referenced
this issue
Nov 15, 2017
OSSEC is using a "degraded" syslog format without hostname field. Fixes #23
joschi
added a commit
that referenced
this issue
Nov 15, 2017
joschi
added a commit
that referenced
this issue
Nov 15, 2017
joschi
added a commit
that referenced
this issue
Nov 15, 2017
hello java.lang.IllegalStateException: Could not parse timestamp. 'Jun 21 14:18:06' thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi guys,
I've been using graylog-plugin-cef version 1.1.1 with graylog version 2.1 to capture OSSEC version 2.9 logs in CEF format, and everything was working perfectly.
I updated graylog to version 2.3 and had to install graylog-plugin-cef version 2.3.0-beta.4. Unfortunately, this plugin no longer works, the messages can't be parsed anymore. The graylog log file contains following error for every message OSSEC is sending:
I also couldn't find how to configure OSSEC to send timestamp in any different format.
Is there a way to configure the expected timestamp with CEF input?
The text was updated successfully, but these errors were encountered: