[
https://issues.apache.org/jira/browse/METRON-280?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David M. Lyle updated METRON-280:
---------------------------------
Labels: platform (was: )
> bro parsing issue
> -----------------
>
> Key: METRON-280
> URL: https://issues.apache.org/jira/browse/METRON-280
> Project: Metron
> Issue Type: Bug
> Affects Versions: 0.2.1BETA
> Reporter: Neha Sinha
> Priority: Minor
> Labels: platform
> Fix For: 0.2.1BETA
>
> Attachments: bro_parser_stacktrace.rtf
>
>
> Hi,
> The bro parser fails to parse the following event in my metron environment :-
> {"http":
> {"ts":1467657279.0,"uid":"CMYLzP3PKiwZAgBa51","id.orig_h":"192.168.138.158","id.orig_p":49206,"id.resp_h":"95.163.121.204",
> "id.resp_p":80,"trans_depth":2,"method":"GET","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","uri":"/img/flags/it.png","referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","user_agent":"Mozilla/4.0
> (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR
> 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC
> 6.0)","request_body_len":0,"response_body_len":552,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["F3m7vB2RjUe4n01aqj"],"resp_mime_types":["image/png"]}}
> When I looked up the stack trace it complains of the following statement in
> BasicBroparser.java file :-
> convertedTimestamp=convertedTimestamp.substring(0,13);
> Since the "ts" field in the respective bro events is not 13 chars long the
> parser threw the exception.we need to fix the bro parser to accomodate
> parsing of such events.
> Please find attached the parser exception message .
> Regards,
> Neha
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
