ISE topology runs into an exception related to invalid schema

109 views
Skip to first unread message

jain.a...@gmail.com

unread,
Feb 1, 2015, 12:48:05 AM2/1/15
to opensoc...@googlegroups.com
I was just trying ise topology and found that parserBolt is calling a schema check that looks for ip address related fields in the message. The transformed message has following:

2015-02-01 05:32:06 b.s.d.executor [INFO] TRANSFERING tuple TASK: 1 TUPLE: source: TestSpout:2, stream: default, id: {}, [[B@3abfae78]
2015-02-01 05:32:06 STDIO [ERROR] java.lang.Exception: Incorrect formatting on message: {"ProfilerServer":"stage-pdp01.cisco.com","EndpointCertainityMetric":"10","EndpointProperty":{"StaticAssignment":{"false\\,PostureApplicable":{"Yes\\,PolicyVersion":{"402\\,IdentityGroupID":{"0c1d9270-68a6-11e1-bc72-0050568e013c\\,Total Certainty Factor":{"10\\,BYODRegistration":{"Unknown\\,FeedService":{"false\\,EndPointPolicyID":{"49054ed0-68a6-11e1-bc72-0050568e013c\\,FirstCollection":{"1407397543718\\,MatchedPolicyID":{"49054ed0-68a6-11e1-bc72-0050568e013c\\,TimeToProfile":{"19\\,StaticGroupAssignment":{"false\\,NmapSubnetScanID":{"0\\,DeviceRegistrationStatus":{"NotRegistered\\,PortalUser":null}}}}}}}}}}}}}}},"EndpointOUI":"Wistron InfoComm(Kunshan)Co.\\,Ltd.","header":"Aug  6 17:26:31 10.34.84.145 Aug  7 00:45:43 stage-pdp01 CISE_Profiler 0000024855 1 0 2014-08-07 00:45:43.741 -07:00 0000288542 80002 INFO  Profiler: Profiler EndPoint profiling event occurred","EndpointMatchedPolicy":"Nortel-Device","ConfigVersionId":"113","EndpointPolicy":"Nortel-Device","EndpointSourceEvent":"SNMPQuery Probe","EndpointNADAddress":"10.56.72.127","EndpointIPAddress":"10.56.111.14","EndpointMacAddress":"3C:97:0E:C3:F8:F1","EndpointIdentityGroup":"Profiled"}


It doesn't have following field that is being checked in schema

public boolean checkForSchemaCorrectness(JSONObject message) {
int correct = 0;
// Standard but optional fields
if (message.containsKey("ip_src_addr")) {
correct++;
LOG.trace("[OpenSOC] Message contains ip_src_addr");
}
if (message.containsKey("ip_dst_addr")) {
correct++;
LOG.trace("[OpenSOC] Message contains ip_dst_addr");
}
if (message.containsKey("ip_src_port")) {
correct++;
LOG.trace("[OpenSOC] Message contains ip_src_port");
}
if (message.containsKey("ip_dst_port")) {
correct++;
LOG.trace("[OpenSOC] Message contains ip_dst_port");
}
if (message.containsKey("protocol")) {
correct++;
LOG.trace("[OpenSOC] Message contains protocol");
}
if (correct == 0 && message.containsKey("original_string")) {
LOG.trace("[OpenSOC] Message does not conform to schema: " + message);
return false;
} else {
LOG.trace("[OpenSOC] Message conforms to schema: "
+ message);
return true;
}
}



This causes following exception in TelemetryParserBolt.java


LOG.trace("[OpenSOC] Checking if the transformed JSON conforms to the right schema");
if (!checkForSchemaCorrectness(transformed_message)) {
throw new Exception("Incorrect formatting on message: "
+ transformed_message);
}



Not sure what I'm missing. I'm trying it with TestSpout that reads the example input.

Thanks for help,
Amit


Reply all
Reply to author
Forward
0 new messages