Configured the new Data Source in the CloudSOC (CSOC) Tenant.
Received the email notification that the new log file is processing; however, the Status: Uploaded file(s) do not contain a 'flex_logfile' file in the CSOC Tenant > Audit > Device Logs:
Uploaded file(s) do not contain a 'flex_logfile' file
Confirmed file type was UTF-16LE format as generated by the original source before processed into CloudSOC Tenant.
Confirmed that this notification was generated for UTF-8 (ASCII or plain text) is the only supported format file type.
Confirmed other incidents that are caused by the following items found within the file:
Null values within the file
Double quotes; e.g. ""10.10.10.10""
Line break characters and other special characters
Review any of the following options to resolve this issue:
Configure the output source to generate the UTF-8 file
This configuration is managed outside the CloudSOC Tenant and supportability for the source is not a Symantec product
Use a 3rd party software to convert the file type from the unsupported type to the UTF-8 format
This software is managed outside the CloudSOC Tenant and supportability for the software is not a Symantec product
Note: If any of the sources are Symantec products; please contact the support team of that specific software. Containg them provides assistance with configuring the output for that specific log file type to be in the UTF-8 format.
2. Review the log file(s); ensure that they are not generated with any of the content which would render the file unsupported.