[jira] [Created] (METRON-815) sensor-stubs sometimes send malformed bro timestamps

Jon Zeolla (JIRA) Sat, 01 Apr 2017 09:42:52 -0700

Jon Zeolla created METRON-815:
---------------------------------

             Summary: sensor-stubs sometimes send malformed bro timestamps
                 Key: METRON-815
                 URL: https://issues.apache.org/jira/browse/METRON-815
             Project: Metron
          Issue Type: Bug
            Reporter: Jon Zeolla
            Assignee: Jon Zeolla



The bro sensor-stub sends malformed timestamps when transforming an input 
timestamp that has less than 6 digits.  For instance:

> [vagrant@node1 bin]$ SEARCH="\"ts\"\:[0-9]\+.[0-9]\{6\}"
> [vagrant@node1 bin]$ REPLACE="\"ts\"\:`date +%s`.000000"
> [vagrant@node1 bin]$ cat /opt/sensor-stubs/data/bro.out | sed -e 
> "s/$SEARCH/$REPLACE/g"
...
{"dns": 
{"ts":1491064638.000000.38621,"uid":"CQ5vBa2GcEToa4NKt5","id.orig_h":"192.168.66.1","id.orig_p":5353,"id.resp_h":"224.0.0.251","id.resp_p":5353,"proto":"udp","trans_id":0,"query":"_googlecast._tcp.local","qclass":1,"qclass_name":"C_INTERNET","qtype":12,"qtype_name":"PTR","AA":false,"TC":false,"RD":false,"RA":false,"Z":0,"rejected":false}}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Created] (METRON-815) sensor-stubs sometimes send malformed bro timestamps

Reply via email to