[ https://issues.apache.org/jira/browse/METRON-280?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Casey Stella updated METRON-280: -------------------------------- Fix Version/s: (was: 0.2.1BETA) > bro parsing issue > ----------------- > > Key: METRON-280 > URL: https://issues.apache.org/jira/browse/METRON-280 > Project: Metron > Issue Type: Bug > Affects Versions: 0.2.1BETA > Reporter: Neha Sinha > Priority: Minor > Labels: platform > Attachments: bro_parser_stacktrace.rtf > > > Hi, > The bro parser fails to parse the following event in my metron environment :- > {"http": > {"ts":1467657279.0,"uid":"CMYLzP3PKiwZAgBa51","id.orig_h":"192.168.138.158","id.orig_p":49206,"id.resp_h":"95.163.121.204", > "id.resp_p":80,"trans_depth":2,"method":"GET","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","uri":"/img/flags/it.png","referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","user_agent":"Mozilla/4.0 > (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR > 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC > 6.0)","request_body_len":0,"response_body_len":552,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["F3m7vB2RjUe4n01aqj"],"resp_mime_types":["image/png"]}} > When I looked up the stack trace it complains of the following statement in > BasicBroparser.java file :- > convertedTimestamp=convertedTimestamp.substring(0,13); > Since the "ts" field in the respective bro events is not 13 chars long the > parser threw the exception.we need to fix the bro parser to accomodate > parsing of such events. > Please find attached the parser exception message . > Regards, > Neha -- This message was sent by Atlassian JIRA (v6.3.4#6332)