metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cestella <...@git.apache.org>
Subject [GitHub] incubator-metron pull request #297: METRON-488: Snort should use a proper CS...
Date Fri, 07 Oct 2016 10:16:11 GMT
GitHub user cestella reopened a pull request:

    https://github.com/apache/incubator-metron/pull/297

    METRON-488: Snort should use a proper CSV implementation

    Right now if you have a custom snort rule (e.g. alert tcp any any -> any any (msg:'snort
alert message having a ,(comma) to check csv parsing'; sid:999158; ) ) the snort parser will
fail to parse because it's splitting on the comma naively.
    It should use the existing CSV parsing infrastructure that we have and that is used in
the CSVParser.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/cestella/incubator-metron snort_delim_bug

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-metron/pull/297.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #297
    
----
commit f0a57334d0d80e298e5ea25f1b114ae0d6db4b11
Author: cstella <cestella@gmail.com>
Date:   2016-10-06T18:14:46Z

    Updating the snort parser to use the CSVExtractor infrastructure, which is a thin layer
on top of OpenCSV

commit 90d863034c52fe1d2860ec9f8ff63a6fd3267887
Author: cstella <cestella@gmail.com>
Date:   2016-10-07T06:55:19Z

    Whoops, forgot to call init.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message