Neha Sinha created METRON-280:
---------------------------------
Summary: bro parsing issue
Key: METRON-280
URL: https://issues.apache.org/jira/browse/METRON-280
Project: Metron
Issue Type: Bug
Affects Versions: 0.2.1BETA
Reporter: Neha Sinha
Fix For: 0.2.1BETA
Hi,
The bro parser fails to parse the following event in my metron environment :-
{"http":
{"ts":1467657279.0,"uid":"CMYLzP3PKiwZAgBa51","id.orig_h":"192.168.138.158","id.orig_p":49206,"id.resp_h":"95.163.121.204",
"id.resp_p":80,"trans_depth":2,"method":"GET","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","uri":"/img/flags/it.png","referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","user_agent":"Mozilla/4.0
(compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR
2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC
6.0)","request_body_len":0,"response_body_len":552,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["F3m7vB2RjUe4n01aqj"],"resp_mime_types":["image/png"]}}
When I looked up the stack trace it complains of the following statement in
BasicBroparser.java file :-
convertedTimestamp=convertedTimestamp.substring(0,13);
Since the "ts" field in the respective bro events is not 13 chars long the
parser threw the exception.we need to fix the bro parser to accomodate parsing
of such events.
Please find attached the parser exception message .
Regards,
Neha
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
