[jira] [Commented] (METRON-1638) Retrieve Pcap results in pdml format

Thu, 19 Jul 2018 09:59:19 -0700 


    [ 
https://issues.apache.org/jira/browse/METRON-1638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16549554#comment-16549554
 ] 

ASF GitHub Bot commented on METRON-1638:
----------------------------------------

Github user cestella commented on a diff in the pull request:

    https://github.com/apache/metron/pull/1120#discussion_r203801015
  
    --- Diff: metron-interface/metron-rest/src/main/scripts/pcap_to_pdml.sh ---
    @@ -0,0 +1,19 @@
    +#!/bin/bash
    +#
    +# Licensed to the Apache Software Foundation (ASF) under one
    +# or more contributor license agreements.  See the NOTICE file
    +# distributed with this work for additional information
    +# regarding copyright ownership.  The ASF licenses this file
    +# to you under the Apache License, Version 2.0 (the
    +# "License"); you may not use this file except in compliance
    +# with the License.  You may obtain a copy of the License at
    +#
    +#     http://www.apache.org/licenses/LICENSE-2.0
    +#
    +# Unless required by applicable law or agreed to in writing, software
    +# distributed under the License is distributed on an "AS IS" BASIS,
    +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    +# See the License for the specific language governing permissions and
    +# limitations under the License.
    +#
    +tshark -i - -T pdml
    --- End diff --
    
    Can we make sure to add to the docs as part of this PR that we now rely on 
tshark being installed?


> Retrieve Pcap results in pdml format
> ------------------------------------
>
>                 Key: METRON-1638
>                 URL: https://issues.apache.org/jira/browse/METRON-1638
>             Project: Metron
>          Issue Type: Sub-task
>            Reporter: Ryan Merriman
>            Priority: Major
>
> There should be a REST endpoint that allows a user to retrieve pcap page 
> results in pdml format.  Assuming tshark is installed, there should be a "GET 
> /api/v1/pcap/pdml/<jobId>/<pageNumber>" endpoint that will return pcap 
> results for the given page in pdml format 
> ([https://wiki.wireshark.org/PDML]), converted to json for easier consumption 
> by a UI. This endpoint will call out to the tskark utility for the raw to 
> pdml conversion.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to