Skip to content

Commit

Permalink
Add support for GMT timezone offset in decode_cef (#20993)
Browse files Browse the repository at this point in the history
The Java SimpleDataFormat's `zzz` allows for `GMT-07:00` in timestamps
but this wasn't handled in the processor.
  • Loading branch information
andrewkroh authored Sep 10, 2020
1 parent af6222d commit 6cfee0c
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 0 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Add `while_pattern` type to multiline reader. {pull}19662[19662]
- Tracking session end reason in panw module. {pull}18705[18705]
- Fix PANW field spelling "veredict" to "verdict" on event.action {pull}18808[18808]
- Removed experimental modules `citrix`, `kaspersky`, `rapid7` and `tenable`. {pull}20706[20706]
- Add support for GMT timezone offsets in `decode_cef`. {pull}20993[20993]

*Heartbeat*

Expand Down
4 changes: 4 additions & 0 deletions x-pack/filebeat/processors/decode_cef/cef/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ var timeLayouts = []string{
"Jan _2 15:04:05.000 MST",
"Jan _2 15:04:05.000 Z0700",
"Jan _2 15:04:05.000 Z07:00",
"Jan _2 15:04:05.000 GMT-07:00",

// MMM dd HH:mm:sss.SSS
"Jan _2 15:04:05.000",
Expand All @@ -113,6 +114,7 @@ var timeLayouts = []string{
"Jan _2 15:04:05 MST",
"Jan _2 15:04:05 Z0700",
"Jan _2 15:04:05 Z07:00",
"Jan _2 15:04:05 GMT-07:00",

// MMM dd HH:mm:ss
"Jan _2 15:04:05",
Expand All @@ -121,6 +123,7 @@ var timeLayouts = []string{
"Jan _2 2006 15:04:05.000 MST",
"Jan _2 2006 15:04:05.000 Z0700",
"Jan _2 2006 15:04:05.000 Z07:00",
"Jan _2 2006 15:04:05.000 GMT-07:00",

// MMM dd yyyy HH:mm:ss.SSS
"Jan _2 2006 15:04:05.000",
Expand All @@ -129,6 +132,7 @@ var timeLayouts = []string{
"Jan _2 2006 15:04:05 MST",
"Jan _2 2006 15:04:05 Z0700",
"Jan _2 2006 15:04:05 Z07:00",
"Jan _2 2006 15:04:05 GMT-07:00",

// MMM dd yyyy HH:mm:ss
"Jan _2 2006 15:04:05",
Expand Down
4 changes: 4 additions & 0 deletions x-pack/filebeat/processors/decode_cef/cef/types_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ func TestToTimestamp(t *testing.T) {
"Jun 23 17:37:24.000 +05",
"Jun 23 17:37:24.000 +0500",
"Jun 23 17:37:24.000 +05:00",
"Jun 23 17:37:24.000 GMT+05:00",

// MMM dd HH:mm:sss.SSS
"Jun 23 17:37:24.000",
Expand All @@ -31,6 +32,7 @@ func TestToTimestamp(t *testing.T) {
"Jun 23 17:37:24 +05",
"Jun 23 17:37:24 +0500",
"Jun 23 17:37:24 +05:00",
"Jun 23 17:37:24 GMT+05:00",

// MMM dd HH:mm:ss
"Jun 23 17:37:24",
Expand All @@ -41,6 +43,7 @@ func TestToTimestamp(t *testing.T) {
"Jun 23 2020 17:37:24.000 +05",
"Jun 23 2020 17:37:24.000 +0500",
"Jun 23 2020 17:37:24.000 +05:00",
"Jun 23 2020 17:37:24.000 GMT+05:00",

// MMM dd yyyy HH:mm:ss.SSS
"Jun 23 2020 17:37:24.000",
Expand All @@ -51,6 +54,7 @@ func TestToTimestamp(t *testing.T) {
"Jun 23 2020 17:37:24 +05",
"Jun 23 2020 17:37:24 +0500",
"Jun 23 2020 17:37:24 +05:00",
"Jun 23 2020 17:37:24 GMT+05:00",

// MMM dd yyyy HH:mm:ss
"Jun 23 2020 17:37:24",
Expand Down

0 comments on commit 6cfee0c

Please sign in to comment.