Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add additional time formats to decode_cef #19346

Merged
merged 2 commits into from
Jun 25, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -413,6 +413,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Explicitly set ECS version in all Filebeat modules. {pull}19198[19198]
- Add new mode to multiline reader to aggregate constant number of lines {pull}18352[18352]
- Add automatic retries and exponential backoff to httpjson input. {pull}18956[18956]
- Add support for timezone offsets and `Z` to decode_cef timestamp parser. {pull}19346[19346]
- Improve ECS categorization field mappings in traefik module. {issue}16183[16183] {pull}19379[19379]

*Heartbeat*
Expand Down
15 changes: 15 additions & 0 deletions x-pack/filebeat/processors/decode_cef/cef/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -103,18 +103,33 @@ func toMACAddress(v string) (string, error) {
var timeLayouts = []string{
// MMM dd HH:mm:ss.SSS zzz
"Jan _2 15:04:05.000 MST",
"Jan _2 15:04:05.000 Z0700",
"Jan _2 15:04:05.000 Z07:00",

// MMM dd HH:mm:sss.SSS
"Jan _2 15:04:05.000",

// MMM dd HH:mm:ss zzz
"Jan _2 15:04:05 MST",
"Jan _2 15:04:05 Z0700",
"Jan _2 15:04:05 Z07:00",

// MMM dd HH:mm:ss
"Jan _2 15:04:05",

// MMM dd yyyy HH:mm:ss.SSS zzz
"Jan _2 2006 15:04:05.000 MST",
"Jan _2 2006 15:04:05.000 Z0700",
"Jan _2 2006 15:04:05.000 Z07:00",

// MMM dd yyyy HH:mm:ss.SSS
"Jan _2 2006 15:04:05.000",

// MMM dd yyyy HH:mm:ss zzz
"Jan _2 2006 15:04:05 MST",
"Jan _2 2006 15:04:05 Z0700",
"Jan _2 2006 15:04:05 Z07:00",

// MMM dd yyyy HH:mm:ss
"Jan _2 2006 15:04:05",
}
Expand Down
63 changes: 63 additions & 0 deletions x-pack/filebeat/processors/decode_cef/cef/types_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
// or more contributor license agreements. Licensed under the Elastic License;
// you may not use this file except in compliance with the Elastic License.

package cef

import (
"testing"

"github.com/stretchr/testify/assert"
)

func TestToTimestamp(t *testing.T) {
var times = []string{
// Unix epoch in milliseconds.
"1322004689000",

// MMM dd HH:mm:ss.SSS zzz
"Jun 23 17:37:24.000 Z",
"Jun 23 17:37:24.000 EST",
"Jun 23 17:37:24.000 +05",
"Jun 23 17:37:24.000 +0500",
"Jun 23 17:37:24.000 +05:00",

// MMM dd HH:mm:sss.SSS
"Jun 23 17:37:24.000",

// MMM dd HH:mm:ss zzz
"Jun 23 17:37:24 Z",
"Jun 23 17:37:24 EST",
"Jun 23 17:37:24 +05",
"Jun 23 17:37:24 +0500",
"Jun 23 17:37:24 +05:00",

// MMM dd HH:mm:ss
"Jun 23 17:37:24",

// MMM dd yyyy HH:mm:ss.SSS zzz
"Jun 23 2020 17:37:24.000 Z",
"Jun 23 2020 17:37:24.000 EST",
"Jun 23 2020 17:37:24.000 +05",
"Jun 23 2020 17:37:24.000 +0500",
"Jun 23 2020 17:37:24.000 +05:00",

// MMM dd yyyy HH:mm:ss.SSS
"Jun 23 2020 17:37:24.000",

// MMM dd yyyy HH:mm:ss zzz
"Jun 23 2020 17:37:24 Z",
"Jun 23 2020 17:37:24 EST",
"Jun 23 2020 17:37:24 +05",
"Jun 23 2020 17:37:24 +0500",
"Jun 23 2020 17:37:24 +05:00",

// MMM dd yyyy HH:mm:ss
"Jun 23 2020 17:37:24",
}

for _, timeValue := range times {
_, err := toTimestamp(timeValue)
assert.NoError(t, err, timeValue)
}
}