[GitHub] incubator-metron pull request #320: Metron 402: Snort timestamp field shows ...

Mon, 24 Oct 2016 14:12:30 -0700 

GitHub user mmiklavc opened a pull request:

    https://github.com/apache/incubator-metron/pull/320

    Metron 402: Snort timestamp field shows up wrong value

    Need to manually test in full-dev, but wanted to get this up for review 
asap.
    
    **Changes:**
    - Change Snort configuration to include date in the timestamp output
    - Fix BasicSnortParser to handle microseconds properly - switched to Java 
8's java.time API.
    - Added the ability to specify timezone and dateformat configuration to the 
snort parser. Defaults to localdatetime for the ZoneId, 
MM/dd/yy-HH:mm:ss.SSSSSS for the dateformat. Note the addition of "yy" to the 
dateformat.
    
    **Testing:**
    Can pass in different dateformat and timezone configuration and note the 
different behavior.
    Options are "timeZone" and "dateFormat". Valid timezones are per 
ZoneId.getAvailableZoneIds(). DateFormats should be valid per options here - 
https://docs.oracle.com/javase/8/docs/api/java/time/format/DateTimeFormatter.html

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/mmiklavc/incubator-metron METRON-402

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-metron/pull/320.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #320
    
----
commit b5dce190d098e1c4e1d67c5b7dd96639ec2ff937
Author: Michael Miklavcic <[email protected]>
Date:   2016-10-24T14:15:46Z

    partial commit

commit 6798c6dd9eba45833f110f4f02ace72a9b8ffcfa
Author: Michael Miklavcic <[email protected]>
Date:   2016-10-24T21:00:34Z

    METRON-402: Fix Snort parser to handle microseconds properly.

commit c42050ed5aa14d3e139c8624b4f281126fc0a5c3
Author: Michael Miklavcic <[email protected]>
Date:   2016-10-24T21:08:50Z

    METRON-402: Fix Snort parser to handle microseconds properly.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

Reply via email to