[ 
https://issues.apache.org/jira/browse/METRON-363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15568773#comment-15568773
 ] 

ASF GitHub Bot commented on METRON-363:
---------------------------------------

Github user nickwallen commented on a diff in the pull request:

    https://github.com/apache/incubator-metron/pull/276#discussion_r83004884
  
    --- Diff: 
metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/asa/BasicAsaParser.java
 ---
    @@ -0,0 +1,209 @@
    +/**
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + *     http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.metron.parsers.asa;
    +
    +import com.google.common.collect.ImmutableMap;
    +import oi.thekraken.grok.api.Grok;
    +import oi.thekraken.grok.api.Match;
    +import oi.thekraken.grok.api.exception.GrokException;
    +import org.apache.metron.common.Constants;
    +import org.apache.metron.parsers.BasicParser;
    +import org.apache.metron.parsers.ParseException;
    +import org.apache.metron.parsers.utils.SyslogUtils;
    +import org.json.simple.JSONObject;
    +import org.slf4j.Logger;
    +import org.slf4j.LoggerFactory;
    +
    +import java.io.*;
    +import java.time.ZoneId;
    +import java.time.ZoneOffset;
    +import java.util.*;
    +
    +public class BasicAsaParser extends BasicParser {
    +
    +    protected static final Logger LOG = 
LoggerFactory.getLogger(BasicAsaParser.class);
    +
    +    private Grok asaGrok;
    +    protected ZoneId deviceTimeZone;
    +
    +    private static final Map<String, String> patternMap = 
ImmutableMap.<String, String>builder()
    +            .put("ASA-2-106001", "CISCOFW106001")
    +               .put("ASA-2-106006", "CISCOFW106006_106007_106010")
    +               .put("ASA-2-106007", "CISCOFW106006_106007_106010")
    +               .put("ASA-2-106010", "CISCOFW106006_106007_106010")
    +               .put("ASA-3-106014", "CISCOFW106014")
    +               .put("ASA-6-106015", "CISCOFW106015")
    +               .put("ASA-1-106021", "CISCOFW106021")
    +               .put("ASA-4-106023", "CISCOFW106023")
    +               .put("ASA-5-106100", "CISCOFW106100")
    +               .put("ASA-6-110002", "CISCOFW110002")
    +               .put("ASA-6-302010", "CISCOFW302010")
    +               .put("ASA-6-302013", "CISCOFW302013_302014_302015_302016")
    +               .put("ASA-6-302014", "CISCOFW302013_302014_302015_302016")
    +               .put("ASA-6-302015", "CISCOFW302013_302014_302015_302016")
    +               .put("ASA-6-302016", "CISCOFW302013_302014_302015_302016")
    +               .put("ASA-6-302020", "CISCOFW302020_302021")
    +               .put("ASA-6-302021", "CISCOFW302020_302021")
    +               .put("ASA-6-305011", "CISCOFW305011")
    +               .put("ASA-3-313001", "CISCOFW313001_313004_313008")
    +               .put("ASA-3-313004", "CISCOFW313001_313004_313008")
    +               .put("ASA-3-313008", "CISCOFW313001_313004_313008")
    +               .put("ASA-4-313005", "CISCOFW313005")
    +               .put("ASA-4-402117", "CISCOFW402117")
    +               .put("ASA-4-402119", "CISCOFW402119")
    +               .put("ASA-4-419001", "CISCOFW419001")
    +               .put("ASA-4-419002", "CISCOFW419002")
    +               .put("ASA-4-500004", "CISCOFW500004")
    +               .put("ASA-6-602303", "CISCOFW602303_602304")
    +               .put("ASA-6-602304", "CISCOFW602303_602304")
    +               .put("ASA-7-710001", 
"CISCOFW710001_710002_710003_710005_710006")
    +               .put("ASA-7-710002", 
"CISCOFW710001_710002_710003_710005_710006")
    +               .put("ASA-7-710003", 
"CISCOFW710001_710002_710003_710005_710006")
    +               .put("ASA-7-710005", 
"CISCOFW710001_710002_710003_710005_710006")
    +               .put("ASA-7-710006", 
"CISCOFW710001_710002_710003_710005_710006")
    +               .put("ASA-6-713172", "CISCOFW713172")
    +               .put("ASA-4-733100", "CISCOFW733100")
    +               .put("ASA-6-305012", "CISCOFW305012")
    +               .put("ASA-7-609001", "CISCOFW609001")
    +               .put("ASA-7-609002", "CISCOFW609002")
    +            .put("ASA-5-713041", "CISCOFW713041")
    +            .build();
    +
    +    @Override
    +    public void configure(Map<String, Object> parserConfig) {
    +        String timeZone = (String) parserConfig.get("deviceTimeZone");
    +        if (timeZone != null)
    +            deviceTimeZone = ZoneId.of(timeZone);
    +        else {
    +            deviceTimeZone = ZoneOffset.UTC;
    +            LOG.warn("[Metron] No device time zone provided; defaulting to 
UTC");
    +        }
    +    }
    +
    +    @Override
    +    public void init() {
    +        asaGrok = new Grok();
    +        InputStream patternStream = 
this.getClass().getClassLoader().getResourceAsStream("patterns/asa");
    +        try {
    +            asaGrok.addPatternFromReader(new 
InputStreamReader(patternStream));
    +        } catch (GrokException e) {
    +            LOG.error("[Metron] Failed to load grok patterns from jar", e);
    --- End diff --
    
    I think we would want to throw a runtime exception after the LOG.  That is, 
if the GrokParser itself is a good guide for expected behavior.


> Fix Cisco ASA Parser
> --------------------
>
>                 Key: METRON-363
>                 URL: https://issues.apache.org/jira/browse/METRON-363
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: Kyle Richardson
>            Priority: Minor
>
> The current ASA parser is broken. This effort is to rework the current parser 
> to support the variety of syslog messages produced by Cisco ASA devices as 
> well as provide the necessary support files/configs for easier deployment of 
> the Storm topology.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to