[ 
https://issues.apache.org/jira/browse/METRON-838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16116483#comment-16116483
 ] 

ASF GitHub Bot commented on METRON-838:
---------------------------------------

Github user justinleet commented on a diff in the pull request:

    https://github.com/apache/metron/pull/528#discussion_r131635959
  
    --- Diff: 
metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/fireeye/BasicFireEyeParserTest.java
 ---
    @@ -57,4 +62,16 @@ public void testParse() throws ParseException {
           }
         }
       }
    +
    +  private final static String fireeyeMessage = "<164>Mar 19 05:24:39 
10.220.15.15 fenotify-851983.alert: 
CEF:0|FireEye|CMS|7.2.1.244420|DM|domain-match|1|rt=Feb 09 2015 12:28:26 UTC 
dvc=10.201.78.57 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 
shost=dev001srv02.example.com proto=udp cs5Label=cncHost cs5=mfdclk001.org 
dvchost=DEVFEYE1 spt=54527 dvc=10.100.25.16 smac=00:00:0c:07:ac:00 
cn1Label=vlan cn1=0 externalId=851983 cs4Label=link 
cs4=https://DEVCMS01.example.com/event_stream/events_for_bot?ev_id\\=851983 
dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS";
    +
    +  @SuppressWarnings("rawtypes")
    +  @Test
    +  public void testTimestampParsing() throws ParseException {
    +    JSONObject parsed = parser.parse(fireeyeMessage.getBytes()).get(0);
    +    JSONParser parser = new JSONParser();
    +    Map json = (Map) parser.parse(parsed.toJSONString());
    +    long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 3, 
19, 5, 24, 39, 0, UTC).toInstant().toEpochMilli();
    --- End diff --
    
    It's incredibly minor (and optional), but we could just swap out the 
`ZoneId.of("UTC")` for `ZoneOffset.UTC`
    
    At that point, this changes slightly, but still seems reasonable
    ```
        long expectedTimestamp = ZonedDateTime.of(
            Year.now(ZoneOffset.UTC).getValue(),
            3,
            19,
            5,
            24,
            39,
            0,
            ZoneOffset.UTC
        ).toInstant().toEpochMilli();
    ```


> Incorrect set of ts in FireEye parser
> -------------------------------------
>
>                 Key: METRON-838
>                 URL: https://issues.apache.org/jira/browse/METRON-838
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Vladimir
>            Priority: Minor
>
> Although log line is parsed and day/month/year are extracted ts is not set to 
> correct value.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to