What am I missing?
For this specific syslog messages
<182>Nov 14 12:06:46 myhostname.sma logserver: [14/Nov/2025:12:06:46.110690 +0530] myhostname 000000 kt 00000000 Info Audit Src='[::ffff:1.1.1.1]:62372' Auth='-' User='( [removed by moderator] )@(SonicWall Connect)' SocksVersion='0x101' Command='Tunnel' Dest='10.1.1.11:0' Error='0' SrcBytes='543969' DstBytes='822412' Duration='5085' VirtualHost='-' PlatformPrefix='W' EquipmentId='ACE4_2E00_2AFE_1FBD_2EE4_AC00_0000_0001.' SessionKey='myhostname:6916ad69:00000000'I keep getting the “No UDM events or entities were generated for the current parser configuration. ? Yet idm.read_only_udm filled?”
I know the IP address in above, is incorrect forat, but I have taken care of that in parser extension.
When I look in the statedump, I got many UDMs?
"@output": [
{
"idm": {
"read_only_udm": {
"metadata": {
"event_timestamp": {
"nanos": 110690000,
"seconds": [removed by moderator]
},
"event_type": "NETWORK_CONNECTION"
},
"principal": {
"hostname": "hostname",
"ip": [
"1.1.1.1"
],
"user": {
"userid": " [removed by moderator] "
}
},
"security_result": {
"action": [
"ALLOW"
]
},
"src": {
"ip": [
"1.1.1.1"
]
},
"target": {
"ip": [
"10.1.1.1"
],
"port": 0
}
}
}
}
],
What am I missing?