There are occasions when you want to analyze log files that are in protobuf (Protocol Buffer) format.
To import a log file to a Log Decoder:
- In the Security Analytics menu, select Administration > Services.
The Explorer view for the Log Decoder is displayed.
Navigate to event-processors/logdecoder/destinations/logdecoder/consumer/processors/
Your screen should look similar to the following.
- For the send-protobuf field, select false, and change the value to true.
- Navigate to event-processors/logdecoder/destinations/logdecoder/consumer/processors/tcpconnector/
config/connector/channel/tcp and change the port value to 50202.
Navigate to event-processors/logdecoder/destinations/logdecoder/consumer/processors/tcpconnector/
config/connector/event and change the following parameters:
- Clear the delimiter field
- Change format to %text%
The log decoder is now configured to accept protobuf messages.