New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix in log date parsing at predecoding stage #15826
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
98d8cfe
to
0edf819
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
QA review
- Type: Manual testing.
- Status: Approved 🟢
- Testing issue: Test Analysisd timestamp granularity support fix wazuh-qa#3728
- Comments: Test Analysisd timestamp granularity support fix wazuh-qa#3728 (comment)
Note: The development has been approved even though the Solaris build checks are 🔴. The node where these checks are launched is under maintenance.
Description
This pull request fixes an incorrect log date parsing reported by a community user, where a syslog-ng date format has a fraction of seconds with 3 digits instead of 6.
Along with the fix, several date format unit tests have been added to perform verifications.
Thanks to these unit tests, a problem in parsing proftpd 1.3.5 date format was also found and fixed.
ProFTPD 1.3.5 log fixed error
An error was found when a unit test was developed for this use case. The date format is similar to:
2015-04-16 21:51:02,805
. But the parsed date missed the last character, resulting in2015-04-16 21:51:02,80
.Tests
Unit Tests Log