ISE topology runs into an exception related to invalid schema
109 views
Skip to first unread message
jain.a...@gmail.com
Feb 1, 2015, 12:48:05 AM2/1/15
to opensoc...@googlegroups.com
I was just trying ise topology and found that parserBolt is calling a schema check that looks for ip address related fields in the message. The transformed message has following:
Thanks for help,
Amit
2015-02-01 05:32:06 b.s.d.executor [INFO] TRANSFERING tuple TASK: 1 TUPLE: source: TestSpout:2, stream: default, id: {}, [[B@3abfae78]
2015-02-01 05:32:06 STDIO [ERROR] java.lang.Exception: Incorrect formatting on message: {"ProfilerServer":"stage-pdp01.cisco.com","EndpointCertainityMetric":"10","EndpointProperty":{"StaticAssignment":{"false\\,PostureApplicable":{"Yes\\,PolicyVersion":{"402\\,IdentityGroupID":{"0c1d9270-68a6-11e1-bc72-0050568e013c\\,Total Certainty Factor":{"10\\,BYODRegistration":{"Unknown\\,FeedService":{"false\\,EndPointPolicyID":{"49054ed0-68a6-11e1-bc72-0050568e013c\\,FirstCollection":{"1407397543718\\,MatchedPolicyID":{"49054ed0-68a6-11e1-bc72-0050568e013c\\,TimeToProfile":{"19\\,StaticGroupAssignment":{"false\\,NmapSubnetScanID":{"0\\,DeviceRegistrationStatus":{"NotRegistered\\,PortalUser":null}}}}}}}}}}}}}}},"EndpointOUI":"Wistron InfoComm(Kunshan)Co.\\,Ltd.","header":"Aug 6 17:26:31 10.34.84.145 Aug 7 00:45:43 stage-pdp01 CISE_Profiler 0000024855 1 0 2014-08-07 00:45:43.741 -07:00 0000288542 80002 INFO Profiler: Profiler EndPoint profiling event occurred","EndpointMatchedPolicy":"Nortel-Device","ConfigVersionId":"113","EndpointPolicy":"Nortel-Device","EndpointSourceEvent":"SNMPQuery Probe","EndpointNADAddress":"10.56.72.127","EndpointIPAddress":"10.56.111.14","EndpointMacAddress":"3C:97:0E:C3:F8:F1","EndpointIdentityGroup":"Profiled"}
It doesn't have following field that is being checked in schema
| public boolean checkForSchemaCorrectness(JSONObject message) { | |
| int correct = 0; | |
| // Standard but optional fields | |
| if (message.containsKey("ip_src_addr")) { | |
| correct++; | |
| LOG.trace("[OpenSOC] Message contains ip_src_addr"); | |
| } | |
| if (message.containsKey("ip_dst_addr")) { | |
| correct++; | |
| LOG.trace("[OpenSOC] Message contains ip_dst_addr"); | |
| } | |
| if (message.containsKey("ip_src_port")) { | |
| correct++; | |
| LOG.trace("[OpenSOC] Message contains ip_src_port"); | |
| } | |
| if (message.containsKey("ip_dst_port")) { | |
| correct++; | |
| LOG.trace("[OpenSOC] Message contains ip_dst_port"); | |
| } | |
| if (message.containsKey("protocol")) { | |
| correct++; | |
| LOG.trace("[OpenSOC] Message contains protocol"); | |
| } | |
| if (correct == 0 && message.containsKey("original_string")) { | |
| LOG.trace("[OpenSOC] Message does not conform to schema: " + message); | |
| return false; | |
| } else { | |
| LOG.trace("[OpenSOC] Message conforms to schema: " | |
| + message); | |
| return true; | |
| } | |
| } | |
This causes following exception in TelemetryParserBolt.java
LOG.trace("[OpenSOC] Checking if the transformed JSON conforms to the right schema"); | |
| if (!checkForSchemaCorrectness(transformed_message)) { | |
| throw new Exception("Incorrect formatting on message: " | |
| + transformed_message); | |
| } | |
Not sure what I'm missing. I'm trying it with TestSpout that reads the example input.
Thanks for help,
Amit
Reply all
Reply to author
Forward
0 new messages