Absent Member.. Absent Member..
Absent Member..
178 views

Custom connector and time format

Hi,

I'm trying to write my first custom connector which will parse an output from tshark. I can retrieve tieme field in both formats using tshark - in epoch and something like that "Mar  7, 2016 17:21:06.811141000 EET"

Can custom connector understand epoch? I was not able to achieve this task:( So my question is - what is best way to parse my time formats to the ones which Arcsight can understand. What time format must I specify in config file? And can someone explain me how exactly timeformat option works in flexconnector? Thanks.

Labels (2)
0 Likes
1 Reply
Admiral
Admiral

hi,

Have seen a couple of discussions around this recently, maybe these will help somewhat:

Hope its useful,

Best regards,

Lar

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.