I am attempting to migrate from GitHub - imperva/incapsula-logs-downloader: A Python script for downloading log files from Incapsula to the Elastic Agent Imperva integration to collect Imperva WAF logs. I'm using the API option, not the S3 option. I've followed the steps at Imperva Cloud WAF | Documentation.
I enabled debug logging to /var/log/elastic-agent/ and the imperva related entries there are basically:
- List item
Spawned new unit cel-default-cel-imperva_cloud_waf.event: Starting: spawned pid '2317' - BeatV2Manager.unitListen UnitChanged.ID(cel-default-cel-imperva_cloud_waf.event), UnitChanged.Type(added), UnitChanged.Trigger(4): added/feature_change_triggered
- Unit state changed cel-default-cel-imperva_cloud_waf.event (STARTING->HEALTHY): Healthy
- component model updated
- Input 'cel' starting
- registering
- process repeated request
- failed evaluation
- failed eval: ERROR: :19:5: invalid UTF-8 in bytes, cannot convert to string\n | ).as(v, v.next < size(v.worklist) ?\n | ....^
Is there any way to know what exactly is the problem? It seems like its not failing authentication so it must not like the incoming data that the previous tool was fine with.
I also see these Agent logs
"event" => {
"dataset" => "imperva_cloud_waf.event"
},
"error" => {
"message" => "Failed to rename fields in processor: could not fetch value for key: message, Error: key not found"
},