metron-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Sirota (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (METRON-185) Create McAfee NSM Firewall Parser
Date Thu, 02 Jun 2016 05:30:59 GMT

     [ https://issues.apache.org/jira/browse/METRON-185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

James Sirota updated METRON-185:
--------------------------------
    Labels: ParserExtension  (was: )

> Create McAfee NSM Firewall Parser
> ---------------------------------
>
>                 Key: METRON-185
>                 URL: https://issues.apache.org/jira/browse/METRON-185
>             Project: Metron
>          Issue Type: New Feature
>            Reporter: Jonathan Rider
>            Priority: Minor
>              Labels: ParserExtension
>
> Create a parser for the McAfee NSM Firewall Parser. How they should be parsed is specified
below.
> <188>Apr 15 16:35:41 GMT mabm011q AclLog: mabm011q matched Outbound ACL rule (COM
Baseline Firewall/#3) 60.210.64.70 -> 200.60.213.21:443 (ssl/SSL/TLS (HTTPS)) = ->PERMIT|N/A|N/A
> {
>   "priority":188,
>   "timestamp":1460738141000,
>   "hostname":"mabm011q",
>   "firewall_rule":"COM Baseline Firewall/#3",
>   "firewall_direction":"Outbound",
>   "ip_src_addr":"60.210.64.70",
>   "ip_dst_addr":"200.60.213.21",
>   "ip_dst_port":"443",
>   "protocol":"ssl",
>   "subprotocol":"SSL/TLS (HTTPS)",
>   "action":"PERMIT"
> }



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message