search

zeek / trace-summary

Generates network traffic summaries.
https://www.zeek.org
Other
22 stars 7 forks source link

Allow for parsing JSON ISO8601 timestamp #2

Closed weslambert closed 5 years ago

weslambert commented 5 years ago

Currently, trace-summary will throw an error (Invalid starting time on line...) when trying to parse conn logs with a timestamp of type ISO8601 (if you are using something like redef LogAscii::json_timestamps = JSON::TS_ISO8601; to write Bro logs in JSON), for example 2019-03-01T21:16:50.629660Z. I believe this is due to this value trying to be interpreted as a float. This PR checks to see if the format is ISO8601, and if so, should convert the timestamp accordingly.

jsiwek commented 5 years ago

Looked good, thanks for the patch.

weslambert commented 5 years ago

Thanks, @jsiwek !