Hi Sebastian,

We have corrected the parameter as you advised in the previous email however we are still getting the same error with the shadowserver parser. Have attached the error in a notepad file. Attached too is an image of our current architecture kindly advise if from the shadowserver parser we are supposed to link to the deduplicator-expert or connect to the Elasticsearch output directly.

Regards,

Bwogi Emmanuel

From: Intelmq-users [mailto:intelmq-users-bounces@lists.cert.at] On Behalf Of UCC-CERT
Sent: Thursday, 20 February 2020 12:41
To: 'Sebastian Wagner' <wagner@cert.at>; intelmq-users@lists.cert.at
Cc: 'UCC CERT' <cert@ucc.co.ug>
Subject: Re: [Intelmq-users] IntelMQ

Thanks Sebastian,

We have edited the script accordingly and now testing. We shall get back to you on the progress

BR,

Vincent M

From: Sebastian Wagner [mailto:wagner@cert.at]
Sent: Thursday, February 20, 2020 11:27 AM
To: UCC-CERT <info@ug-cert.ug>; intelmq-users@lists.cert.at
Cc: UCC CERT <cert@ucc.co.ug>
Subject: Re: [Intelmq-users] IntelMQ

Hi,

This line

"extract_files": "True",

should be:

> "extract_files": true,

best regards,
Sebastian

--

// Sebastian Wagner <wagner@cert.at> - T: +43 1 5056416 7201

// CERT Austria - https://www.cert.at/

// Eine Initiative der nic.at GmbH - https://www.nic.at/

// Firmenbuchnummer 172568b, LG Salzburg