Github user justinleet commented on a diff in the pull request:

    https://github.com/apache/metron/pull/528#discussion_r131635959
  
    --- Diff: 
metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/fireeye/BasicFireEyeParserTest.java
 ---
    @@ -57,4 +62,16 @@ public void testParse() throws ParseException {
           }
         }
       }
    +
    +  private final static String fireeyeMessage = "<164>Mar 19 05:24:39 
10.220.15.15 fenotify-851983.alert: 
CEF:0|FireEye|CMS|7.2.1.244420|DM|domain-match|1|rt=Feb 09 2015 12:28:26 UTC 
dvc=10.201.78.57 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 
shost=dev001srv02.example.com proto=udp cs5Label=cncHost cs5=mfdclk001.org 
dvchost=DEVFEYE1 spt=54527 dvc=10.100.25.16 smac=00:00:0c:07:ac:00 
cn1Label=vlan cn1=0 externalId=851983 cs4Label=link 
cs4=https://DEVCMS01.example.com/event_stream/events_for_bot?ev_id\\=851983 
dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS";
    +
    +  @SuppressWarnings("rawtypes")
    +  @Test
    +  public void testTimestampParsing() throws ParseException {
    +    JSONObject parsed = parser.parse(fireeyeMessage.getBytes()).get(0);
    +    JSONParser parser = new JSONParser();
    +    Map json = (Map) parser.parse(parsed.toJSONString());
    +    long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 3, 
19, 5, 24, 39, 0, UTC).toInstant().toEpochMilli();
    --- End diff --
    
    It's incredibly minor (and optional), but we could just swap out the 
`ZoneId.of("UTC")` for `ZoneOffset.UTC`
    
    At that point, this changes slightly, but still seems reasonable
    ```
        long expectedTimestamp = ZonedDateTime.of(
            Year.now(ZoneOffset.UTC).getValue(),
            3,
            19,
            5,
            24,
            39,
            0,
            ZoneOffset.UTC
        ).toInstant().toEpochMilli();
    ```


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to