[METRON-280] bro parsing issue - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Done
Priority: Minor
Resolution: Done
Affects Version/s: 0.2.1BETA
Fix Version/s: None
Labels:
- platform

Description

Hi,

The bro parser fails to parse the following event in my metron environment :-

{"http": {"ts":1467657279.0,"uid":"CMYLzP3PKiwZAgBa51","id.orig_h":"192.168.138.158","id.orig_p":49206,"id.resp_h":"95.163.121.204",
"id.resp_p":80,"trans_depth":2,"method":"GET","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","uri":"/img/flags/it.png","referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","request_body_len":0,"response_body_len":552,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["F3m7vB2RjUe4n01aqj"],"resp_mime_types":["image/png"]}}

When I looked up the stack trace it complains of the following statement in BasicBroparser.java file :-
convertedTimestamp=convertedTimestamp.substring(0,13);

Since the "ts" field in the respective bro events is not 13 chars long the parser threw the exception.we need to fix the bro parser to accomodate parsing of such events.

Please find attached the parser exception message .

Regards,
Neha

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

bro_parser_stacktrace.rtf
06/Jul/16 08:30
5 kB
Neha Sinha

Activity

People

Assignee:: Unassigned

Reporter:: Neha Sinha

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 06/Jul/16 08:29

Updated:: 02/Nov/16 18:18

Resolved:: 02/Nov/16 18:18