Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
"Could not parse timestamp" with OSSEC CEF Format #23
I've been using graylog-plugin-cef version 1.1.1 with graylog version 2.1 to capture OSSEC version 2.9 logs in CEF format, and everything was working perfectly.
I updated graylog to version 2.3 and had to install graylog-plugin-cef version 2.3.0-beta.4. Unfortunately, this plugin no longer works, the messages can't be parsed anymore. The graylog log file contains following error for every message OSSEC is sending:
I also couldn't find how to configure OSSEC to send timestamp in any different format.
Is there a way to configure the expected timestamp with CEF input?
Please find the full message below.