RegEx FlexConnector Not Parsing.

Below I have posted a small set of sample logs, the code for my flexagent parser, and the entry I have in the agents.properties file for a custom syslog parser.  Is there anything that stands out as to why the data is not being parsed?  If I look in the agents.log file, I see the following error: 

[2024-05-30 15:03:42,809][WARN ][com.arcsight.agent.parsers.operation.regexTokenOperation] [getResult]No match between string [May 30 12] and regex [(\S+) \S+ (?:login|sshd|httpd)]

Parents Reply
  • 0 in reply to   

    This is stil the agent.properties file below

    #



    regex=(.*)
    token[0].count=1

    token[0].name=initiallogs
    token[0].type=String


    event.rawEvent=initiallogs
    event.deviceVendor=__StringContant("CISCO")
    event.deviceProduct=__StringContant("FTD")


    additionaldata.enabled=true

    extraprocessor.count=1

    extraprocessor[0].type=regex
    extraprocessor[0].filename=ftdparser/log_ftd
    extraprocessor[0].field=event.rawEvent
    extraprocessor[0].flexagent=true
    extraprocessor[0].clearfieldafterparsing=false

Children
No Data