ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

New Data Source in Audit fails to process in CloudSOC Tenant

book

Article ID: 172420

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced Data Loss Prevention Cloud Package

Issue/Introduction

  • Configured the new Data Source in the CloudSOC (CSOC) Tenant.
  • Received the email notification that the new log file is processing; however, the Status: Uploaded file(s) do not contain a 'flex_logfile' file in the CSOC Tenant > Audit > Device Logs:

Uploaded file(s) do not contain a 'flex_logfile' file

Cause

  1. Confirmed file type was UTF-16LE format as generated by the original source before processed into CloudSOC Tenant.
    • Confirmed that this notification was generated for UTF-8 (ASCII or plain text) is the only supported format file type.
  2. Confirmed other incidents that are caused by the following items found within the file:
    • Null values within the file
    • Double quotes; e.g. ""10.10.10.10""
    • Line break characters and other special characters

Environment

  • CloudSOC 2.x

Resolution

  1. Review any of the following options to resolve this issue:
    1. Configure the output source to generate the UTF-8 file
      • This configuration is managed outside the CloudSOC Tenant and supportability for the source is not a Symantec product
    2. Use a 3rd party software to convert the file type from the unsupported type to the UTF-8 format
      • This software is managed outside the CloudSOC Tenant and supportability for the software is not a Symantec product
    • Note: If any of the sources are Symantec products; please contact the support team of that specific software. Containg them provides assistance with configuring the output for that specific log file type to be in the UTF-8 format.
  2. 2. Review the log file(s); ensure that they are not generated with any of the content which would render the file unsupported.

Attachments