[ https://issues.apache.org/jira/browse/METRON-363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15556771#comment-15556771 ]
ASF GitHub Bot commented on METRON-363: --------------------------------------- Github user kylerichardson commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/276#discussion_r82490277 --- Diff: metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/utils/SyslogUtils.java --- @@ -0,0 +1,89 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.metron.parsers.utils; + +import java.time.ZoneOffset; +import java.time.ZonedDateTime; +import java.time.format.DateTimeFormatter; + +public class SyslogUtils { + + public static long convertToEpochMillis(String logTimestamp, String logTimeFormat) { + ZonedDateTime timestamp = ZonedDateTime.parse(logTimestamp, DateTimeFormatter.ofPattern(logTimeFormat).withZone(ZoneOffset.UTC)); + return timestamp.toEpochSecond() * 1000; + } + + public static long parseTimestampToEpochMillis(String logTimestamp) { + if (logTimestamp.length() < 20) { + ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC); + int year = now.getYear(); + if (now.getDayOfYear() == 1 && !now.getMonth().toString().substring(0,3).equals(logTimestamp.substring(0,3).toUpperCase())) + year--; --- End diff -- Sure. I see how this is not entirely obvious. I'm trying to solve an edge case here where a message comes in for parsing without a year in the timestamp on January 1st but the message was actually generated on the device on December 31st. I'll add in some comments for clarity. > Fix Cisco ASA Parser > -------------------- > > Key: METRON-363 > URL: https://issues.apache.org/jira/browse/METRON-363 > Project: Metron > Issue Type: Improvement > Reporter: Kyle Richardson > Priority: Minor > > The current ASA parser is broken. This effort is to rework the current parser > to support the variety of syslog messages produced by Cisco ASA devices as > well as provide the necessary support files/configs for easier deployment of > the Storm topology. -- This message was sent by Atlassian JIRA (v6.3.4#6332)