Hi,
My parsers aren’t parse any log line…
│ Source │ Lines read │ Lines parsed │ Lines unparsed │ Lines poured to bucket │ Lines whitelisted │
├─────────────────────────────────────────────────┼────────────┼──────────────┼────────────────┼────────────────────────┼───────────────────┤
…
│ file:/var/log/20241119/sshd.log │ 28 │ - │ 28 │ - │ - │
I suppose because Date format is modified (centralized log server save logs in another date format), and I receive this error with explain command:
WARN Line 0/1 is missing evt.StrTime. It is most likely a mistake as it will prevent your logs to be processed in time-machine/forensic mode.
Example:
20241119-14:40:59 sshd[1872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=555.5.5.5
Can I solve without modify all Crowdsecurity Parsers (ssh, nginx…) with the correct Date format?
Any easy solution?
Thank you
Best Regards,
