Currently I receive the following error when I send a LogScheme-data tot he parser:
parser-1 | [2026-01-16 20:33:39,247] ERROR service.core: Component processing error:
parser-1 | [2026-01-16 20:33:39,247] ERROR service.core: Component processing error:
parser-1 | [2026-01-16 20:33:39,247] DEBUG parsers.json_parser.JsonParser.69aeb178a6ed5dcdbeb78df5be5fd7c7: Engine: Received 148 bytes from socket
parser-1 | [2026-01-16 20:33:39,247] DEBUG parsers.json_parser.JsonParser.69aeb178a6ed5dcdbeb78df5be5fd7c7: Engine: Calling processor...
parser-1 | [2026-01-16 20:33:39,247] DEBUG parsers.json_parser.JsonParser.69aeb178a6ed5dcdbeb78df5be5fd7c7: Engine: Processor returned: None
parser-1 | [2026-01-16 20:33:39,247] DEBUG parsers.json_parser.JsonParser.69aeb178a6ed5dcdbeb78df5be5fd7c7: Engine: Processor returned None, skipping send
parser-1 | [2026-01-16 20:33:59,869] DEBUG parsers.json_parser.JsonParser.69aeb178a6ed5dcdbeb78df5be5fd7c7: Engine: Received 148 bytes from socket
parser-1 | [2026-01-16 20:33:59,869] DEBUG parsers.json_parser.JsonParser.69aeb178a6ed5dcdbeb78df5be5fd7c7: Engine: Calling processor...
parser-1 | [2026-01-16 20:33:59,869] ERROR service.core: Component processing error:
parser-1 | [2026-01-16 20:33:59,869] ERROR service.core: Component processing error:
parser-1 | [2026-01-16 20:33:59,870] DEBUG parsers.json_parser.JsonParser.69aeb178a6ed5dcdbeb78df5be5fd7c7: Engine: Processor returned: None
parser-1 | [2026-01-16 20:33:59,871] DEBUG parsers.json_parser.JsonParser.69aeb178a6ed5dcdbeb78df5be5fd7c7: Engine: Processor returned None, skipping send
In line
we don't catch any of the exceptions that are defined in
https://github.com/ait-detectmate/DetectMateLibrary/blob/main/src/detectmatelibrary/schemas/_op.py
Thats why we don't get any error message when an error occurs in deserialize. I tried to cache an error and I receive "NotSupportedSchema". So I looked into the deserialisation-function and I was able to locate the source of the error at
|
schema_class = __get_schema_class(schema_id) |
schema_class = __get_schema_class(schema_id)fails because schema_id is not, as expected, b'1' but b'x1a'
The printed data looks as follows: b'\x1ai{"time": 2023-11-18 10:30:00","message": "pid=9699 uid=0 auid=4294967295 ses=4294967295","level": "INFO"}"\x11/var/log/some.log*\x03dev'
When I try to deserialize the exact line with the following code in python it can be serialized:
def from_proto(data):
log = schemas_pb2.LogSchema()
log.ParseFromString(data)
return logI believe that the code in _op.py and _class.py is faulty. Maybe we can also simplify that code. It is very hard to read and to follow.
Currently I receive the following error when I send a LogScheme-data tot he parser:
In line
DetectMateLibrary/src/detectmatelibrary/common/core.py
Line 26 in 022603e
Thats why we don't get any error message when an error occurs in deserialize. I tried to cache an error and I receive "NotSupportedSchema". So I looked into the deserialisation-function and I was able to locate the source of the error at
DetectMateLibrary/src/detectmatelibrary/schemas/_op.py
Line 132 in 022603e
schema_class = __get_schema_class(schema_id)fails because schema_id is not, as expected, b'1' but b'x1a'The printed data looks as follows:
b'\x1ai{"time": 2023-11-18 10:30:00","message": "pid=9699 uid=0 auid=4294967295 ses=4294967295","level": "INFO"}"\x11/var/log/some.log*\x03dev'When I try to deserialize the exact line with the following code in python it can be serialized:
I believe that the code in _op.py and _class.py is faulty. Maybe we can also simplify that code. It is very hard to read and to follow.