Custom connector and time format
I'm trying to write my first custom connector which will parse an output from tshark. I can retrieve tieme field in both formats using tshark - in epoch and something like that "Mar 7, 2016 17:21:06.811141000 EET"
Can custom connector understand epoch? I was not able to achieve this task:( So my question is - what is best way to parse my time formats to the ones which Arcsight can understand. What time format must I specify in config file? And can someone explain me how exactly timeformat option works in flexconnector? Thanks.