Fireeye "unable to find timestamp"

[ed d <ra...@hotmail.com>]

Apache metron 0.4.1, git cloned.

Not sure they version of Fireeye, but its NX data. Timestamp in the log is this format: "rt=Sep 25 2017 19:53:35"


Basic fireeye parser does not seem to be parsing the NX timestamp.


Snippet:


o.a.m.p.f.BasicFireEyeParser [WARN] Unable to find timestamp in message:

Re: Fireeye "unable to find timestamp"

[ed d <ra...@hotmail.com>]

https://issues.apache.org/jira/browse/METRON-1257




________________________________
From: Otto Fowler <ot...@gmail.com>
Sent: Tuesday, October 17, 2017 1:16 PM
To: dev@metron.apache.org; ed d
Subject: Re: Fireeye "unable to find timestamp"

Would it be possible for you to create a jira, which included the ‘raw’ data ( anonymized )?
If this is a problem that we need to fix, it would be good to have a test case for the code etc
to prove it.




On October 17, 2017 at 13:03:11, ed d (ragdelaed@hotmail.com<ma...@hotmail.com>) wrote:

Apache metron 0.4.1, git cloned.

Not sure they version of Fireeye, but its NX data. Timestamp in the log is this format: "rt=Sep 25 2017 19:53:35"


Basic fireeye parser does not seem to be parsing the NX timestamp.


Snippet:


o.a.m.p.f.BasicFireEyeParser [WARN] Unable to find timestamp in message:

Re: Fireeye "unable to find timestamp"

[Otto Fowler <ot...@gmail.com>]

Would it be possible for you to create a jira, which included the ‘raw’
data ( anonymized )?
If this is a problem that we need to fix, it would be good to have a test
case for the code etc
to prove it.



On October 17, 2017 at 13:03:11, ed d (ragdelaed@hotmail.com) wrote:

Apache metron 0.4.1, git cloned.

Not sure they version of Fireeye, but its NX data. Timestamp in the log is
this format: "rt=Sep 25 2017 19:53:35"


Basic fireeye parser does not seem to be parsing the NX timestamp.


Snippet:


o.a.m.p.f.BasicFireEyeParser [WARN] Unable to find timestamp in message: