GitHub user mmiklavc reopened a pull request:
https://github.com/apache/incubator-metron/pull/320
Metron-402: Snort timestamp field shows up wrong value
Need to manually test in full-dev, but wanted to get this up for review
asap.
Resolves https://issues.apache.org/jira/browse/METRON-402
UPDATE 10/25/16 - Tested in full-dev. Tested with incorrect/unparsable
timezone and format. Verified configuration logging statements also.
```
{
"parserClassName":"org.apache.metron.parsers.snort.BasicSnortParser",
"sensorTopic":"snort",
"parserConfig": {
"dateFormat" : "MM/dd/yy-HH:mm:ss.SSSSSS",
"timeZone" : "America/New_York"
}
}
```
**Changes:**
- Change Snort configuration to include date in the timestamp output
- Fix BasicSnortParser to handle microseconds properly - switched to Java
8's java.time API.
- Added the ability to specify timezone and dateformat configuration to the
snort parser. Defaults to system default zone for the ZoneId,
MM/dd/yy-HH:mm:ss.SSSSSS for the dateformat. Note the addition of "yy" to the
dateformat.
**Testing:**
Can pass in different dateformat and timezone configuration and note the
different behavior.
Options are "timeZone" and "dateFormat". Valid timezones are per
ZoneId.getAvailableZoneIds(). DateFormats should be valid per options here -
https://docs.oracle.com/javase/8/docs/api/java/time/format/DateTimeFormatter.html
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mmiklavc/incubator-metron METRON-402
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-metron/pull/320.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #320
----
commit b5dce190d098e1c4e1d67c5b7dd96639ec2ff937
Author: Michael Miklavcic <[email protected]>
Date: 2016-10-24T14:15:46Z
partial commit
commit 6798c6dd9eba45833f110f4f02ace72a9b8ffcfa
Author: Michael Miklavcic <[email protected]>
Date: 2016-10-24T21:00:34Z
METRON-402: Fix Snort parser to handle microseconds properly.
commit c42050ed5aa14d3e139c8624b4f281126fc0a5c3
Author: Michael Miklavcic <[email protected]>
Date: 2016-10-24T21:08:50Z
METRON-402: Fix Snort parser to handle microseconds properly.
commit 81b8e21c875e9c5acaeccd2963fe73029d29be54
Author: Michael Miklavcic <[email protected]>
Date: 2016-10-25T16:49:06Z
METRON-402: Add logging to configure method
commit 007849d7a91fd51aa67e95365040c5253b21c758
Author: Michael Miklavcic <[email protected]>
Date: 2016-11-03T13:39:53Z
METRON-402: Reset the junit version
Separate PR upgraded global junit from 4.4 to 4.12, so this change refers
back again to that new global version.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
