Github user trixpan commented on the issue:
https://github.com/apache/incubator-metron/pull/451
No. And under RFC 3164, Syslog's Mmm is English only but this certainty is
not present in the CEF spec states MMM as SimpleDateFormat and makes no
reference over locale. This in theory means it should be locale agnostic.
If they adopt the syslog approach, locale should not be an issue but being
CEF God knows. :-)
Regarding robustness, SDF should not be able to automatically recognise MMM
in French on metron cluster running under user.language=en. From the top of my
head for this to occur, the code must invoke SDF specifying the locale used for
parsing.
This whole localised dates shouldn't be an issue for servers, as they
frequently run without locale settings but its particularly complex within
multinationals operating under multiple languages. Think about all those agents
insisting in using local settings when crafting CEF messages...
Shouldn't happen but after witnessing vendors violating their own standards
I lost faith :-)
BTW, I am happy to forward you whatever I get back from HPE around this
issue.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
