metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nickwallen <...@git.apache.org>
Subject [GitHub] incubator-metron pull request #276: METRON-363 Fix Cisco ASA Parser
Date Wed, 12 Oct 2016 13:48:26 GMT
Github user nickwallen commented on a diff in the pull request:

    https://github.com/apache/incubator-metron/pull/276#discussion_r83000386
  
    --- Diff: metron-platform/metron-parsers/src/main/java/org/apache/metron/parsers/utils/SyslogUtils.java
---
    @@ -0,0 +1,125 @@
    +/**
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + *     http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.metron.parsers.utils;
    +
    +import org.apache.metron.parsers.ParseException;
    +
    +import java.time.ZoneId;
    +import java.time.ZonedDateTime;
    +import java.time.format.DateTimeFormatter;
    +import java.time.temporal.TemporalAccessor;
    +import java.util.regex.Pattern;
    +
    +import static java.time.temporal.ChronoField.*;
    +
    +public class SyslogUtils {
    +
    +    public static long parseTimestampToEpochMillis(String logTimestamp, ZoneId timeZone)
throws ParseException {
    +        // RFC3164 (standard syslog timestamp; no year)
    +        // MMM ppd HH:mm:ss
    +        // Oct  9 2015 13:42:11
    +        if (Pattern.matches("[A-Z][a-z]{2}(?:(?:\\s{2}\\d)|(?:\\s\\d{2}))\\s\\d{2}:\\d{2}:\\d{2}",
logTimestamp)) {
    +            DateTimeFormatter inputFormat = DateTimeFormatter.ofPattern("MMM ppd HH:mm:ss").withZone(timeZone);
    +
    +            TemporalAccessor inputDate = inputFormat.parse(logTimestamp);
    +            int inputMonth = inputDate.get(MONTH_OF_YEAR);
    +            int inputDay = inputDate.get(DAY_OF_MONTH);
    +            int inputHour = inputDate.get(HOUR_OF_DAY);
    +            int inputMinute = inputDate.get(MINUTE_OF_HOUR);
    +            int inputSecond = inputDate.get(SECOND_OF_MINUTE);
    +
    +            ZonedDateTime currentDate = ZonedDateTime.now(timeZone);
    +            int normalizedYear = currentDate.getYear();
    +
    +            /**
    +             * Since no year is provided, one must be derived.
    +             *   During the month of January (first 31 days of the year), assume logs
coming in from
    +             *   November (11) and December (12) are from the previous year.
    +             */
    +            if (currentDate.getDayOfYear() <= 31 && inputMonth >= 11)
    +                normalizedYear--;
    +            ZonedDateTime normalizedTimestamp = ZonedDateTime.of(normalizedYear, inputMonth,
inputDay, inputHour, inputMinute, inputSecond, 0, timeZone);
    +            return normalizedTimestamp.toInstant().toEpochMilli();
    +        }
    +
    +        // CISCO timestamp (standard syslog + year)
    +        // MMM dd yyyy HH:mm:ss
    +        // Oct 09 2015 13:42:11
    +        else if (Pattern.matches("[A-Z][a-z]{2}\\s\\d{2}\\s\\d{4}\\s\\d{2}:\\d{2}:\\d{2}",
logTimestamp))
    +            return convertToEpochMillis(logTimestamp, DateTimeFormatter.ofPattern("MMM
dd yyyy HH:mm:ss").withZone(timeZone));
    +
    +        // RFC5424 (ISO timestamp)
    +        // 2015-10-09T13:42:11.52Z or 2015-10-09T13:42:11.52-04:00
    +        else if (Pattern.matches("\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d+)?(?:Z|[+-]\\d{2}:\\d{2})",
logTimestamp))
    +            return convertToEpochMillis(logTimestamp, DateTimeFormatter.ISO_OFFSET_DATE_TIME);
    +
    +        else
    +            throw new ParseException(String.format("Unsupported date format: '%s'", logTimestamp));
    --- End diff --
    
    Just curious, any reason we're using a checked exception here?  In other places we're
just using run time exceptions.  The ParseException that you created is used only for this,
I believe. 
    
    Not a big deal either way.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message