Could not import content pack

noktork / Graylog-CISCO-ASA-Extractor

Tested and working with a raw/plain text input source

GNU General Public License v3.0

7 stars 8 forks source link

Could not import content pack #2

Closed aremai closed 7 years ago

aremai commented 7 years ago

Hi,

I'm receiving this error when trying to import your content pack. Is there a specific requirement for it work, or did I miss something?

Could not import content pack
Error importing content pack, please ensure it is a valid JSON file. Check your Graylog logs for more information.

cheers, theresa

webmastir commented 7 years ago

I encountered the same problem. I then realized it should be done under the "Import extractors to Input" section.

Under /system/inputs, select Manage extractors for whatever input you created
Under Actions, select Import extractors
Paste the contents of asa_extractor.json into the field provided
Click Add extractors to input

It works great for me. I was able to create some useful metrics with these extractors.

noktork commented 7 years ago

Thanks @webmastir that's a correct solution. Please give me input on how the extrator is working. Though ASA logs cannot be separated more than this, but any inputs are welcome!