Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/528#discussion_r131635959
--- Diff:
metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/fireeye/BasicFireEyeParserTest.java
---
@@ -57,4 +62,16 @@ public void testParse() throws ParseException {
}
}
}
+
+ private final static String fireeyeMessage = "<164>Mar 19 05:24:39
10.220.15.15 fenotify-851983.alert:
CEF:0|FireEye|CMS|7.2.1.244420|DM|domain-match|1|rt=Feb 09 2015 12:28:26 UTC
dvc=10.201.78.57 cn3Label=cncPort cn3=53 cn2Label=sid cn2=80494706
shost=dev001srv02.example.com proto=udp cs5Label=cncHost cs5=mfdclk001.org
dvchost=DEVFEYE1 spt=54527 dvc=10.100.25.16 smac=00:00:0c:07:ac:00
cn1Label=vlan cn1=0 externalId=851983 cs4Label=link
cs4=https://DEVCMS01.example.com/event_stream/events_for_bot?ev_id\\=851983
dmac=00:1d:a2:af:32:a1 cs1Label=sname cs1=Trojan.Generic.DNS";
+
+ @SuppressWarnings("rawtypes")
+ @Test
+ public void testTimestampParsing() throws ParseException {
+ JSONObject parsed = parser.parse(fireeyeMessage.getBytes()).get(0);
+ JSONParser parser = new JSONParser();
+ Map json = (Map) parser.parse(parsed.toJSONString());
+ long expectedTimestamp = ZonedDateTime.of(Year.now(UTC).getValue(), 3,
19, 5, 24, 39, 0, UTC).toInstant().toEpochMilli();
--- End diff --
It's incredibly minor (and optional), but we could just swap out the
`ZoneId.of("UTC")` for `ZoneOffset.UTC`
At that point, this changes slightly, but still seems reasonable
```
long expectedTimestamp = ZonedDateTime.of(
Year.now(ZoneOffset.UTC).getValue(),
3,
19,
5,
24,
39,
0,
ZoneOffset.UTC
).toInstant().toEpochMilli();
```
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
