metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kylerichardson <...@git.apache.org>
Subject [GitHub] incubator-metron pull request #276: METRON-363 Fix Cisco ASA Parser
Date Wed, 12 Oct 2016 00:18:15 GMT
GitHub user kylerichardson reopened a pull request:

    https://github.com/apache/incubator-metron/pull/276

    METRON-363 Fix Cisco ASA Parser

    I've rewritten the ASA parser which can be extended, as needed, to new ASA message types
by editing the bundled asa patterns file and the static map used for grok patterns in the
code. I've also tried to make it easier to deploy the asa topology by including zookeeper
config files and creating the kafka topic during metron install. Sample data is also included
for integration testing.


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/kylerichardson/incubator-metron METRON-363

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-metron/pull/276.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #276
    
----
commit 5be7c60448f73fcc72c81451a67ef1e40fd29793
Author: kylerichardson <kylerichardson2@gmail.com>
Date:   2016-08-16T01:12:42Z

    Initial rewrite of Cisco ASA parser
    
    Summary of changes:
    - Complete rewrite of ASA parser including new test suite
    - ZK configurations for ease of topology deployment (parser and enrichment)
    - Add field constant for original_string in metron-common
    - Minor changes to ASA patterns file for
      (1) Syslog severity/facility capture
      (2) Interface capture on CISCOFW106006_106007_106010
    - Updates to various POMs to allow easier validation of logging during unit testing
      (1) Exclusions for slf4j-log4j12 on various dependencies for metron-parsers and metron-integration-test
      (2) Explicit dependency on slf4j-api for metron-parsers
      (3) Test dependency on slf4j-simple for metron-parsers

commit c87e6edaf0e308be9f417e07016508f87067ae0c
Author: kylerichardson <kylerichardson2@gmail.com>
Date:   2016-09-20T02:33:09Z

    METRON-363 Reworked parser to handle nulls and field validation
    
    Includes the following:
    - Static map for ASA message patterns (vs pattern discovery)
    - Minor changes to ASA patterns file
    - Broke out common syslog parsing elements
    - Broke out reusable field validations

commit a8c4903dd0bcac18e15c98aca7264dce1c455bee
Author: kylerichardson <kylerichardson2@gmail.com>
Date:   2016-09-27T00:30:16Z

    METRON-363 Add integration test and sample data
    
    Includes the following:
    - Extend BasicParser
    - Handle both types of syslog timestamps (with and without year)
    - Include integration test and supporting sample data

commit 011d389bdf43f1790384dbcd13ec7da148c53ef2
Author: kylerichardson <kylerichardson2@gmail.com>
Date:   2016-09-27T00:40:51Z

    METRON-363 Add license and kafka topic

commit 04a936d75cf782254105993b2804912b4659257a
Author: kylerichardson <kylerichardson2@gmail.com>
Date:   2016-09-28T00:29:21Z

    METRON-363 Adjust log level

commit abd7fb92fe4c38530e10141d0aba6bd07a335ae8
Author: kylerichardson <kylerichardson2@gmail.com>
Date:   2016-10-08T01:11:22Z

    METRON-363 Enhance logging, remove unused code

commit a885ecc762a8d5296d7c7ebfe7600c910ce3478b
Author: kylerichardson <kylerichardson2@gmail.com>
Date:   2016-10-11T17:40:25Z

    METRON-363 Refactored and enhanced based on feedback
    
    Changes include:
    (1) New/additional unit tests
    (2) Reworked Syslog Timestamp (no year) logic
    (3) Enhanced error checking and logging (introduced new ParseException)

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message