metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From justinleet <...@git.apache.org>
Subject [GitHub] metron pull request #528: METRON-838 Incorrect set of ts in FireEye parser
Date Mon, 07 Aug 2017 11:56:56 GMT
Github user justinleet commented on a diff in the pull request:

    https://github.com/apache/metron/pull/528#discussion_r131635959
  
    --- Diff: metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/fireeye/BasicFireEyeParserTest.java
---
    @@ -57,4 +62,16 @@ public void testParse() throws ParseException {
           }
         }
       }
    +
    +  private final static String fireeyeMessage = "<164>Mar 19 05:24:39 10.220.15.15
fenotify-851983.alert: CEF:0|FireEye|CMS|7.2.1.244420|DM|domain-match|1|rt=Feb 09 2015 12:28:26
UTC dvc=10.201.78.57 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706 shost=dev001srv02.example.com
proto=udp cs5Label=cncHost cs5=mfdclk001.org dvchost=DEVFEYE1 spt=54527 dvc=10.100.25.16 smac=00:00:0c:07:ac:00
cn1Label=vlan cn1=0 externalId=851983 cs4Label=link cs4=https://DEVCMS01.example.com/event_stream/events_for_bot?ev_id\\=851983
dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS";
    +
    +  @SuppressWarnings("rawtypes")
    +  @Test
    +  public void testTimestampParsing() throws ParseException {
    +    JSONObject parsed = parser.parse(fireeyeMessage.getBytes()).get(0);
    +    JSONParser parser = new JSONParser();
    +    Map json = (Map) parser.parse(parsed.toJSONString());
    +    long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 3, 19, 5, 24,
39, 0, UTC).toInstant().toEpochMilli();
    --- End diff --
    
    It's incredibly minor (and optional), but we could just swap out the `ZoneId.of("UTC")`
for `ZoneOffset.UTC`
    
    At that point, this changes slightly, but still seems reasonable
    ```
        long expectedTimestamp = ZonedDateTime.of(
            Year.now(ZoneOffset.UTC).getValue(),
            3,
            19,
            5,
            24,
            39,
            0,
            ZoneOffset.UTC
        ).toInstant().toEpochMilli();
    ```


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message