Issue

When trying to parse a log file using pantherlog, I see one of the following errors:

Resolution

To resolve this issue, try the command below. This is the basic command to parse a file. This is also documented here, but the --schemas option is optional.

$ pantherlog parse --path test.yml test.csv

 

In addition, ensure that you are using the most up to date version of pantherlog.

Cause

  1. The --schemas option checks for schemas that came with Panther. To designate a schema of your own choice to use with this parse operation, use the --path option.

  2. CSV isn't a stream type that pantherlog knows how to use. Run pantherlog --help to see a list of valid stream types.

  3. At least one option is missing here. See the command under Resolution for an example of a command that could work with valid files, or run pantherlog --help to see the recommended way to order the commands and options.

  4. Validation can fail if there are issues with a schema, such as syntax errors or compatibility issues due to using an outdated pantherlog tool.