FIX: Non-ARCHIVAL_RCD_TYPE events have 'reserved' and 'timestamp' fields

spohara79 / estreamer

SourceFire eStreamer python client libraries

Apache License 2.0

9 stars 4 forks source link

FIX: Non-ARCHIVAL_RCD_TYPE events have 'reserved' and 'timestamp' fields #6

Closed TeePaps closed 7 years ago

TeePaps commented 7 years ago

It seems that all EventData records parsed after the first ARCHIVAL_RCD_TYPE have 'reserved' and 'timestamp' fields, even though they should not, and thus don't get parsed properly.

I'm not sure if there's a better way to do this.

TeePaps commented 7 years ago

This was apparently not the fix for this issue. I'll keep looking

spohara79 commented 7 years ago

Do you want to try adding the following two lines below your addition? after your new line 633?

                self._fields_names_ = [field_ for field_ in self._fields_names_ if field_[0] not in ['timestamp', 'reserved']]
                for k in ['timestamp', 'reserved']:
                    self._field_format_.pop(k)