metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kylerichardson <>
Subject [GitHub] incubator-metron pull request #276: METRON-363 Fix Cisco ASA Parser
Date Wed, 19 Oct 2016 12:00:58 GMT
GitHub user kylerichardson reopened a pull request:

    METRON-363 Fix Cisco ASA Parser

    I've rewritten the ASA parser which can be extended, as needed, to new ASA message types
by editing the bundled asa patterns file and the static map used for grok patterns in the
code. I've also tried to make it easier to deploy the asa topology by including zookeeper
config files and creating the kafka topic during metron install. Sample data is also included
for integration testing.

You can merge this pull request into a Git repository by running:

    $ git pull METRON-363

Alternatively you can review and apply these changes as the patch at:

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #276
commit 5be7c60448f73fcc72c81451a67ef1e40fd29793
Author: kylerichardson <>
Date:   2016-08-16T01:12:42Z

    Initial rewrite of Cisco ASA parser
    Summary of changes:
    - Complete rewrite of ASA parser including new test suite
    - ZK configurations for ease of topology deployment (parser and enrichment)
    - Add field constant for original_string in metron-common
    - Minor changes to ASA patterns file for
      (1) Syslog severity/facility capture
      (2) Interface capture on CISCOFW106006_106007_106010
    - Updates to various POMs to allow easier validation of logging during unit testing
      (1) Exclusions for slf4j-log4j12 on various dependencies for metron-parsers and metron-integration-test
      (2) Explicit dependency on slf4j-api for metron-parsers
      (3) Test dependency on slf4j-simple for metron-parsers

commit c87e6edaf0e308be9f417e07016508f87067ae0c
Author: kylerichardson <>
Date:   2016-09-20T02:33:09Z

    METRON-363 Reworked parser to handle nulls and field validation
    Includes the following:
    - Static map for ASA message patterns (vs pattern discovery)
    - Minor changes to ASA patterns file
    - Broke out common syslog parsing elements
    - Broke out reusable field validations

commit a8c4903dd0bcac18e15c98aca7264dce1c455bee
Author: kylerichardson <>
Date:   2016-09-27T00:30:16Z

    METRON-363 Add integration test and sample data
    Includes the following:
    - Extend BasicParser
    - Handle both types of syslog timestamps (with and without year)
    - Include integration test and supporting sample data

commit 011d389bdf43f1790384dbcd13ec7da148c53ef2
Author: kylerichardson <>
Date:   2016-09-27T00:40:51Z

    METRON-363 Add license and kafka topic

commit 04a936d75cf782254105993b2804912b4659257a
Author: kylerichardson <>
Date:   2016-09-28T00:29:21Z

    METRON-363 Adjust log level

commit abd7fb92fe4c38530e10141d0aba6bd07a335ae8
Author: kylerichardson <>
Date:   2016-10-08T01:11:22Z

    METRON-363 Enhance logging, remove unused code

commit a885ecc762a8d5296d7c7ebfe7600c910ce3478b
Author: kylerichardson <>
Date:   2016-10-11T17:40:25Z

    METRON-363 Refactored and enhanced based on feedback
    Changes include:
    (1) New/additional unit tests
    (2) Reworked Syslog Timestamp (no year) logic
    (3) Enhanced error checking and logging (introduced new ParseException)

commit fb6ed83eab8704607dc75c37982b0f98b819047d
Author: kylerichardson <>
Date:   2016-10-12T13:54:54Z

    METRON-363 Default to UTC in zookeeper config

commit d7d327a3b03584fd3d03d4f6468d54c15786bda7
Author: kylerichardson <>
Date:   2016-10-13T02:10:14Z

    METRON-363 Update tests

commit 4e3cba6682eaf3130325d4c27bf32240ad7a0a92
Author: kylerichardson <>
Date:   2016-10-18T00:33:34Z

    METRON-363 Refactor to add Clock dependency for testing

commit db8686615533470e8a3273ee268f2eb0efb4999c
Author: kylerichardson <>
Date:   2016-10-18T01:15:29Z

    METRON-363 Add tests for back dating RFC3164 timestamps


If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at or file a JIRA ticket
with INFRA.

View raw message