GitHub user kylerichardson opened a pull request:
https://github.com/apache/incubator-metron/pull/276
METRON-363 Fix Cisco ASA Parser
I've rewritten the ASA parser which can be extended, as needed, to new ASA
message types by editing the bundled asa patterns file and the static map used
for grok patterns in the code. I've also tried to make it easier to deploy the
asa topology by including zookeeper config files and creating the kafka topic
during metron install. Sample data is also included for integration testing.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/kylerichardson/incubator-metron METRON-363
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-metron/pull/276.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #276
----
commit 1519be62a361d29f6eaa15fb9f641873d87675e0
Author: kylerichardson <[email protected]>
Date: 2016-08-16T01:12:42Z
Initial rewrite of Cisco ASA parser
Summary of changes:
- Complete rewrite of ASA parser including new test suite
- ZK configurations for ease of topology deployment (parser and enrichment)
- Add field constant for original_string in metron-common
- Minor changes to ASA patterns file for
(1) Syslog severity/facility capture
(2) Interface capture on CISCOFW106006_106007_106010
- Updates to various POMs to allow easier validation of logging during unit
testing
(1) Exclusions for slf4j-log4j12 on various dependencies for
metron-parsers and metron-integration-test
(2) Explicit dependency on slf4j-api for metron-parsers
(3) Test dependency on slf4j-simple for metron-parsers
commit a1284084ecfde20c16f338972e9b1f0dc7d7ae78
Author: kylerichardson <[email protected]>
Date: 2016-09-20T02:33:09Z
METRON-363 Reworked parser to handle nulls and field validation
Includes the following:
- Static map for ASA message patterns (vs pattern discovery)
- Minor changes to ASA patterns file
- Broke out common syslog parsing elements
- Broke out reusable field validations
commit 5e6468120534e04cacbe4d21910eb797971dd816
Author: kylerichardson <[email protected]>
Date: 2016-09-27T00:30:16Z
METRON-363 Add integration test and sample data
Includes the following:
- Extend BasicParser
- Handle both types of syslog timestamps (with and without year)
- Include integration test and supporting sample data
commit aeca74aa35c0c45ec74a96a7a976bf8557b246cd
Author: kylerichardson <[email protected]>
Date: 2016-09-27T00:40:51Z
METRON-363 Add license and kafka topic
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
