search cancel

New Data Source in Audit fails to process in CloudSOC Tenant


Article ID: 172420


Updated On:


CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced


  • Configured the new Data Source in the CloudSOC Tenant.
  • Received the email notification that the new log file is processing; however, the Status: Uploaded file(s) do not contain a 'flex_logfile' file in the CSOC Tenant > Audit > Device Logs:

Uploaded file(s) do not contain a 'flex_logfile' file


  1. Confirmed file type was UTF-16LE format as generated by the original source before processed into CloudSOC Tenant.
    • Confirmed that this notification was generated for UTF-8 (ASCII or plain text) is the only supported format file type.
  2. Confirmed other incidents that are caused by the following items found within the file:
    • Null values within the file
    • Double quotes; e.g. """"
    • Line break characters and other special characters


Consider the following options to resolve this issue:
    1. Configure the output source to generate the UTF-8 file
         •  This configuration is managed outside the CloudSOC Tenant and supportability for the source is not a Symantec product
    2. Use a 3rd party software to convert the file type from the unsupported type to the UTF-8 format
         •  This software is managed outside the CloudSOC Tenant and supportability for the software is not a Symantec product

Note: For sources that are Broadcom-Symantec products please contact the support team of the specific software- if you would like assistance configuring the output for that specific log file type to be in the UTF-8 format.

Review the log file(s); ensure that they are not generated with any of the content which would render the file unsupported.

For more information, see:

Flex universal log processor

Flex configuration directives