[ https://issues.apache.org/jira/browse/METRON-363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15585808#comment-15585808 ]
ASF GitHub Bot commented on METRON-363: --------------------------------------- GitHub user kylerichardson reopened a pull request: https://github.com/apache/incubator-metron/pull/276 METRON-363 Fix Cisco ASA Parser I've rewritten the ASA parser which can be extended, as needed, to new ASA message types by editing the bundled asa patterns file and the static map used for grok patterns in the code. I've also tried to make it easier to deploy the asa topology by including zookeeper config files and creating the kafka topic during metron install. Sample data is also included for integration testing. You can merge this pull request into a Git repository by running: $ git pull https://github.com/kylerichardson/incubator-metron METRON-363 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-metron/pull/276.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #276 ---- commit 5be7c60448f73fcc72c81451a67ef1e40fd29793 Author: kylerichardson <kylerichards...@gmail.com> Date: 2016-08-16T01:12:42Z Initial rewrite of Cisco ASA parser Summary of changes: - Complete rewrite of ASA parser including new test suite - ZK configurations for ease of topology deployment (parser and enrichment) - Add field constant for original_string in metron-common - Minor changes to ASA patterns file for (1) Syslog severity/facility capture (2) Interface capture on CISCOFW106006_106007_106010 - Updates to various POMs to allow easier validation of logging during unit testing (1) Exclusions for slf4j-log4j12 on various dependencies for metron-parsers and metron-integration-test (2) Explicit dependency on slf4j-api for metron-parsers (3) Test dependency on slf4j-simple for metron-parsers commit c87e6edaf0e308be9f417e07016508f87067ae0c Author: kylerichardson <kylerichards...@gmail.com> Date: 2016-09-20T02:33:09Z METRON-363 Reworked parser to handle nulls and field validation Includes the following: - Static map for ASA message patterns (vs pattern discovery) - Minor changes to ASA patterns file - Broke out common syslog parsing elements - Broke out reusable field validations commit a8c4903dd0bcac18e15c98aca7264dce1c455bee Author: kylerichardson <kylerichards...@gmail.com> Date: 2016-09-27T00:30:16Z METRON-363 Add integration test and sample data Includes the following: - Extend BasicParser - Handle both types of syslog timestamps (with and without year) - Include integration test and supporting sample data commit 011d389bdf43f1790384dbcd13ec7da148c53ef2 Author: kylerichardson <kylerichards...@gmail.com> Date: 2016-09-27T00:40:51Z METRON-363 Add license and kafka topic commit 04a936d75cf782254105993b2804912b4659257a Author: kylerichardson <kylerichards...@gmail.com> Date: 2016-09-28T00:29:21Z METRON-363 Adjust log level commit abd7fb92fe4c38530e10141d0aba6bd07a335ae8 Author: kylerichardson <kylerichards...@gmail.com> Date: 2016-10-08T01:11:22Z METRON-363 Enhance logging, remove unused code commit a885ecc762a8d5296d7c7ebfe7600c910ce3478b Author: kylerichardson <kylerichards...@gmail.com> Date: 2016-10-11T17:40:25Z METRON-363 Refactored and enhanced based on feedback Changes include: (1) New/additional unit tests (2) Reworked Syslog Timestamp (no year) logic (3) Enhanced error checking and logging (introduced new ParseException) commit fb6ed83eab8704607dc75c37982b0f98b819047d Author: kylerichardson <kylerichards...@gmail.com> Date: 2016-10-12T13:54:54Z METRON-363 Default to UTC in zookeeper config commit d7d327a3b03584fd3d03d4f6468d54c15786bda7 Author: kylerichardson <kylerichards...@gmail.com> Date: 2016-10-13T02:10:14Z METRON-363 Update tests commit 4e3cba6682eaf3130325d4c27bf32240ad7a0a92 Author: kylerichardson <kylerichards...@gmail.com> Date: 2016-10-18T00:33:34Z METRON-363 Refactor to add Clock dependency for testing commit db8686615533470e8a3273ee268f2eb0efb4999c Author: kylerichardson <kylerichards...@gmail.com> Date: 2016-10-18T01:15:29Z METRON-363 Add tests for back dating RFC3164 timestamps ---- > Fix Cisco ASA Parser > -------------------- > > Key: METRON-363 > URL: https://issues.apache.org/jira/browse/METRON-363 > Project: Metron > Issue Type: Improvement > Reporter: Kyle Richardson > Priority: Minor > > The current ASA parser is broken. This effort is to rework the current parser > to support the variety of syslog messages produced by Cisco ASA devices as > well as provide the necessary support files/configs for easier deployment of > the Storm topology. -- This message was sent by Atlassian JIRA (v6.3.4#6332)