[jira] [Updated] (METRON-815) sensor-stubs sometimes send malformed bro timestamps

Sat, 01 Apr 2017 10:12:06 -0700 

     [ 
https://issues.apache.org/jira/browse/METRON-815?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jon Zeolla updated METRON-815:
------------------------------
    Description: 
The bro sensor-stub sends malformed timestamps when transforming an input 
timestamp that has less than 6 digits.  For instance:

[vagrant@node1 bin]$ SEARCH="\"ts\"\:[0-9]\+.[0-9]\{6\}"
[vagrant@node1 bin]$ REPLACE="\"ts\"\:`date +%s`.000000"
[vagrant@node1 bin]$ cat /opt/sensor-stubs/data/bro.out | sed -e 
"s/$SEARCH/$REPLACE/g"
...
{"dns": 
{"ts":1491064638.000000.38621,"uid":"CQ5vBa2GcEToa4NKt5","id.orig_h":"192.168.66.1","id.orig_p":5353,"id.resp_h":"224.0.0.251","id.resp_p":5353,"proto":"udp","trans_id":0,"query":"_googlecast._tcp.local","qclass":1,"qclass_name":"C_INTERNET","qtype":12,"qtype_name":"PTR","AA":false,"TC":false,"RD":false,"RA":false,"Z":0,"rejected":false}}

  was:
The bro sensor-stub sends malformed timestamps when transforming an input 
timestamp that has less than 6 digits.  For instance:

> [vagrant@node1 bin]$ SEARCH="\"ts\"\:[0-9]\+.[0-9]\{6\}"
> [vagrant@node1 bin]$ REPLACE="\"ts\"\:`date +%s`.000000"
> [vagrant@node1 bin]$ cat /opt/sensor-stubs/data/bro.out | sed -e 
> "s/$SEARCH/$REPLACE/g"
...
{"dns": 
{"ts":1491064638.000000.38621,"uid":"CQ5vBa2GcEToa4NKt5","id.orig_h":"192.168.66.1","id.orig_p":5353,"id.resp_h":"224.0.0.251","id.resp_p":5353,"proto":"udp","trans_id":0,"query":"_googlecast._tcp.local","qclass":1,"qclass_name":"C_INTERNET","qtype":12,"qtype_name":"PTR","AA":false,"TC":false,"RD":false,"RA":false,"Z":0,"rejected":false}}


> sensor-stubs sometimes send malformed bro timestamps
> ----------------------------------------------------
>
>                 Key: METRON-815
>                 URL: https://issues.apache.org/jira/browse/METRON-815
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Jon Zeolla
>            Assignee: Jon Zeolla
>
> The bro sensor-stub sends malformed timestamps when transforming an input 
> timestamp that has less than 6 digits.  For instance:
> [vagrant@node1 bin]$ SEARCH="\"ts\"\:[0-9]\+.[0-9]\{6\}"
> [vagrant@node1 bin]$ REPLACE="\"ts\"\:`date +%s`.000000"
> [vagrant@node1 bin]$ cat /opt/sensor-stubs/data/bro.out | sed -e 
> "s/$SEARCH/$REPLACE/g"
> ...
> {"dns": 
> {"ts":1491064638.000000.38621,"uid":"CQ5vBa2GcEToa4NKt5","id.orig_h":"192.168.66.1","id.orig_p":5353,"id.resp_h":"224.0.0.251","id.resp_p":5353,"proto":"udp","trans_id":0,"query":"_googlecast._tcp.local","qclass":1,"qclass_name":"C_INTERNET","qtype":12,"qtype_name":"PTR","AA":false,"TC":false,"RD":false,"RA":false,"Z":0,"rejected":false}}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to