metron-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From o...@apache.org
Subject [metron] branch master updated: METRON-1893 Create a syslog 3164 parser (ottobackwards) closes apache/metron#1279
Date Mon, 24 Dec 2018 17:04:02 GMT
This is an automated email from the ASF dual-hosted git repository.

otto pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/metron.git


The following commit(s) were added to refs/heads/master by this push:
     new 0dc9fc8  METRON-1893 Create a syslog 3164 parser (ottobackwards) closes apache/metron#1279
0dc9fc8 is described below

commit 0dc9fc8fe862c6a43f25bf9c61bbd38a36d3bbc8
Author: ottobackwards <ottobackwards@gmail.com>
AuthorDate: Mon Dec 24 11:00:39 2018 -0500

    METRON-1893 Create a syslog 3164 parser (ottobackwards) closes apache/metron#1279
---
 dependencies_with_url.csv                          |   2 +-
 .../sample/data/syslog3164/parsed/Syslog3164Parsed | 100 +++++++++++
 .../sample/data/syslog3164/raw/Syslog3164Output    | 100 +++++++++++
 .../sample/data/syslog5424/parsed/Syslog5424Parsed |   6 +-
 .../Syslog3164ParserIntegrationTest.java           |  37 ++++
 metron-platform/metron-parsing/README.md           |   1 +
 .../metron-parsing/metron-parsers-common/README.md |   1 +
 .../metron-parsing/metron-parsers-common/pom.xml   |   5 +
 .../main/config/zookeeper/parsers/syslog3164.json  |   6 +
 .../main/config/zookeeper/parsers/syslog5424.json  |   0
 .../metron/parsers/syslog/BaseSyslogParser.java}   |  89 ++++++----
 .../metron/parsers/syslog/Syslog3164Parser.java    |  43 +++++
 .../metron/parsers/syslog/Syslog5424Parser.java    |  51 ++++++
 .../parsers/syslog/Syslog3164ParserTest.java       | 187 +++++++++++++++++++++
 .../parsers/syslog/Syslog5424ParserTest.java       |  49 +++++-
 .../metron-parsing/metron-parsers/README.md        |   1 -
 .../metron-parsing/metron-parsers/pom.xml          |   5 -
 .../src/main/resources/META-INF/NOTICE             |   6 +
 pom.xml                                            |   2 +-
 19 files changed, 641 insertions(+), 50 deletions(-)

diff --git a/dependencies_with_url.csv b/dependencies_with_url.csv
index 17453f5..745e3c9 100644
--- a/dependencies_with_url.csv
+++ b/dependencies_with_url.csv
@@ -488,7 +488,7 @@ org.sonatype.sisu:sisu-inject-bean:jar:2.2.2:compile
 org.sonatype.sisu:sisu-inject-plexus:jar:2.2.2:compile
 com.zaxxer:HikariCP:jar:2.7.8:compile,ASLv2,https://github.com/brettwooldridge/HikariCP
 org.hibernate.validator:hibernate-validator:jar:6.0.9.Final:compile,ASLv2,https://github.com/hibernate/hibernate-validator
-com.github.palindromicity:simple-syslog-5424:jar:0.0.9:compile,ASLv2,https://github.com/palindromicity/simple-syslog-5424
+com.github.palindromicity:simple-syslog:jar:0.0.1:compile,ASLv2,https://github.com/palindromicity/simple-syslog
 org.elasticsearch.client:elasticsearch-rest-high-level-client:jar:5.6.14:compile,ASLv2,https://github.com/elastic/elasticsearch/blob/master/LICENSE.txt
 org.elasticsearch.plugin:aggs-matrix-stats-client:jar:5.6.14:compile,ASLv2,https://github.com/elastic/elasticsearch/blob/master/LICENSE.txt
 org.fusesource.jansi:jansi:jar:1.16:compile,ASLv2,https://github.com/fusesource/jansi/blob/master/license.txt
diff --git a/metron-platform/metron-integration-test/src/main/sample/data/syslog3164/parsed/Syslog3164Parsed b/metron-platform/metron-integration-test/src/main/sample/data/syslog3164/parsed/Syslog3164Parsed
new file mode 100644
index 0000000..4e90b46
--- /dev/null
+++ b/metron-platform/metron-integration-test/src/main/sample/data/syslog3164/parsed/Syslog3164Parsed
@@ -0,0 +1,100 @@
+{"syslog.header.hostName":"10.22.8.216","original_string":"<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-609001: Built local-host inside:10.22.8.205","syslog.header.facility":"20","guid":"4f2beee4-c6d3-4282-b5e1-be42417e717e","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-7-609001: Built local-host inside:10.22.8.205","syslog.header.pri":"167","syslog.header.severity":"7","timestamp":1515142355000,"source.type":"syslog3164"}
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.74\/0(LOCAL\\user.name) gaddr 10.22.8.205\/0 laddr 10.22.8.205\/0","syslog.header.facility":"20","guid":"4e86e51e-a970-4a96-bb79-7d400030755c","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.74\/0(LOCAL\\user.name) gaddr 10.22.8.205\/0 laddr 10.22.8.205\/0","syslog.head [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00","syslog.header.facility":"20","guid":"430bbc53-48e9-4f57-bfa6-18a28b7b0223","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00","syslog.header.pri":"167","syslog.header.severity":"7","timestamp":1515142355000,"source.type":"syslog3164"}
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167725 for Outside_VPN:147.111.72.16\/26436 to DMZ-Inside:10.22.8.53\/443 duration 0:00:00 bytes 9687 TCP FINs","syslog.header.facility":"17","guid":"8032a334-9c48-4863-ae7b-1b14bfdb5ca7","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 488167725 for Outside_VPN:147.111.72.16\/26436 to DMZ-Inside:10.22.8. [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805593 for outside:10.22.8.223\/59614(LOCAL\\user.name) to inside:10.22.8.78\/8102 duration 0:00:07 bytes 3433 TCP FINs (user.name)","syslog.header.facility":"20","guid":"583888b8-52a7-4833-a62e-0a53572c956c","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 212805593 for outside:10.22.8.223\/59614(LOCAL\\ [...]
+{"syslog.header.hostName":"10.22.8.212","original_string":"<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245503 for outside:10.22.8.233\/54209 (10.22.8.233\/54209) to inside:198.111.72.238\/443 (198.111.72.238\/443) (user.name)","syslog.header.facility":"21","guid":"07ed512a-6572-4a51-b63e-3953eaa18d1b","syslog.header.timestamp":"Jan  5 14:52:35","syslog.message":"%ASA-6-302013: Built inbound TCP connection 76245503 for outside:10.22.8.233\/54209 (10.22.8 [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806031 for outside:10.22.8.17\/58633 (10.22.8.17\/58633)(LOCAL\\user.name) to inside:10.22.8.12\/389 (10.22.8.12\/389) (user.name)","syslog.header.facility":"20","guid":"7a90799e-3ecd-4928-9096-557b1d012b8e","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302013: Built inbound TCP connection 212806031 for outside:10.22.8.17\/58633 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168292 for DMZ-Inside:10.22.8.51\/51231 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 2103 TCP FINs","syslog.header.facility":"17","guid":"8e56f63c-2b81-4802-83c5-28648f407a93","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 488168292 for DMZ-Inside:10.22.8.51\/51231 to Inside-Trunk:10.22.8.1 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 186.111.72.11\/80 to 204.111.72.226\/45019 flags SYN ACK  on interface Outside_VPN","syslog.header.facility":"17","guid":"f883a23c-85b7-4f8d-9f23-ca934aece337","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-106015: Deny TCP (no connection) from 186.111.72.11\/80 to 204.111.72.226\/45019 flags SYN ACK  on interface Outside_VPN","sys [...]
+{"syslog.header.hostName":"10.22.8.12","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302014: Teardown TCP connection 17604987 for outside:209.111.72.151\/443 to inside:10.22.8.188\/64306 duration 0:00:31 bytes 10128 TCP FINs","syslog.header.facility":"20","guid":"6f1baf12-3725-447c-9ca4-c4ae4b9fd801","syslog.header.timestamp":"Jan  5 09:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 17604987 for outside:209.111.72.151\/443 to inside:10.22.8.188\/64306 duratio [...]
+{"syslog.header.hostName":"10.22.8.12","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302014: Teardown TCP connection 17604999 for outside:209.111.72.151\/443 to inside:10.22.8.188\/64307 duration 0:00:30 bytes 6370 TCP FINs","syslog.header.facility":"20","guid":"8dcb24c3-6b65-4057-9c7d-cb5c63f72016","syslog.header.timestamp":"Jan  5 09:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 17604999 for outside:209.111.72.151\/443 to inside:10.22.8.188\/64307 duration [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167347 for Outside_VPN:198.111.72.24\/2134 to DMZ-Inside:10.22.8.53\/443 duration 0:00:01 bytes 9785 TCP FINs","syslog.header.facility":"17","guid":"cb019c2b-302b-4c7f-8726-f70bd88b2d69","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 488167347 for Outside_VPN:198.111.72.24\/2134 to DMZ-Inside:10.22.8.53 [...]
+{"syslog.header.hostName":"10.22.8.212","original_string":"<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245506 for outside:10.22.8.110\/49886 (10.22.8.110\/49886) to inside:192.111.72.8\/8612 (192.111.72.8\/8612) (user.name)","syslog.header.facility":"21","guid":"b2de2222-95bd-492e-bd2a-785242d7adcd","syslog.header.timestamp":"Jan  5 14:52:35","syslog.message":"%ASA-6-302015: Built inbound UDP connection 76245506 for outside:10.22.8.110\/49886 (10.22.8.1 [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805993 for outside:10.22.8.89\/56917(LOCAL\\user.name) to inside:216.111.72.126\/443 duration 0:00:00 bytes 0 TCP FINs (user.name)","syslog.header.facility":"20","guid":"10b7f2e0-1f40-4f7f-a0fd-d40d32a11837","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 212805993 for outside:10.22.8.89\/56917(LOCAL\\us [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-710005: UDP request discarded from 10.22.8.223\/49192 to outside:224.111.72.252\/5355","syslog.header.facility":"20","guid":"663af706-af43-4c02-8308-1513c8111bea","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-7-710005: UDP request discarded from 10.22.8.223\/49192 to outside:224.111.72.252\/5355","syslog.header.pri":"167","syslog.header.severity":"7","timestamp":1515142 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488166143 for Outside_VPN:198.111.72.64\/80 to Inside-Trunk:10.22.8.39\/54883 duration 0:00:04 bytes 1148 TCP FINs","syslog.header.facility":"17","guid":"4ccf7d55-4281-475f-acaa-909b3efd81f0","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 488166143 for Outside_VPN:198.111.72.64\/80 to Inside-Trunk:10.22.8. [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.84\/445 to 10.22.8.219\/60726 flags ACK  on interface inside","syslog.header.facility":"20","guid":"48d112e2-7569-4661-ba42-f33db2f4e190","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-106015: Deny TCP (no connection) from 10.22.8.84\/445 to 10.22.8.219\/60726 flags ACK  on interface inside","syslog.header.pri":"166","syslo [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168344 for DMZ-Inside:10.22.8.53\/61682 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 5648 TCP FINs","syslog.header.facility":"17","guid":"2bc1288b-8216-460a-8060-f12f51118085","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 488168344 for DMZ-Inside:10.22.8.53\/61682 to Inside-Trunk:10.22.8.1 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168345 for DMZ-Inside:10.22.8.16\/31454 to Inside-Trunk:10.22.8.21\/443 duration 0:00:00 bytes 756 TCP FINs","syslog.header.facility":"17","guid":"ee8145ce-60a1-4059-95a2-ddf29f23159d","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 488168345 for DMZ-Inside:10.22.8.16\/31454 to Inside-Trunk:10.22.8.21\/4 [...]
+{"syslog.header.hostName":"10.22.8.4","original_string":"<182>Jan  5 20:22:35 10.22.8.4 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.12\/0 gaddr 10.22.8.45\/1 laddr 10.22.8.45\/1","syslog.header.facility":"22","guid":"83246ca7-d2ce-494e-86c3-c2a38f44c581","syslog.header.timestamp":"Jan  5 20:22:35","syslog.message":"%ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.12\/0 gaddr 10.22.8.45\/1 laddr 10.22.8.45\/1","syslog.header.pri":"182","syslog.header.sever [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 50.111.72.230\/80 to 204.111.72.254\/53077 flags RST  on interface Outside_VPN","syslog.header.facility":"17","guid":"c7019d2a-819c-44c3-a31a-27d104dc8b2c","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-106015: Deny TCP (no connection) from 50.111.72.230\/80 to 204.111.72.254\/53077 flags RST  on interface Outside_VPN","syslog.head [...]
+{"syslog.header.hostName":"10.22.8.12","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603649 for outside:206.111.72.2\/161 to inside:10.22.8.48\/63297 duration 0:02:01 bytes 209","syslog.header.facility":"20","guid":"f4a6f93d-d94e-4fd0-bd3d-e3ecd22ead31","syslog.header.timestamp":"Jan  5 09:52:35","syslog.message":"%ASA-6-302016: Teardown UDP connection 17603649 for outside:206.111.72.2\/161 to inside:10.22.8.48\/63297 duration 0:02:01 bytes 2 [...]
+{"syslog.header.hostName":"10.22.8.12","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603650 for outside:207.111.72.122\/161 to inside:10.22.8.48\/63298 duration 0:02:01 bytes 209","syslog.header.facility":"20","guid":"4eeed9d1-0619-482a-815d-8e2711c9197d","syslog.header.timestamp":"Jan  5 09:52:35","syslog.message":"%ASA-6-302016: Teardown UDP connection 17603650 for outside:207.111.72.122\/161 to inside:10.22.8.48\/63298 duration 0:02:01 byt [...]
+{"syslog.header.hostName":"10.22.8.12","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603652 for outside:206.111.72.2\/161 to inside:10.22.8.48\/63300 duration 0:02:01 bytes 115","syslog.header.facility":"20","guid":"ace7f8c0-fdbd-475b-81d0-42ea557f9b02","syslog.header.timestamp":"Jan  5 09:52:35","syslog.message":"%ASA-6-302016: Teardown UDP connection 17603652 for outside:206.111.72.2\/161 to inside:10.22.8.48\/63300 duration 0:02:01 bytes 1 [...]
+{"syslog.header.hostName":"10.22.8.12","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603657 for outside:206.111.72.2\/161 to inside:10.22.8.48\/63306 duration 0:02:01 bytes 115","syslog.header.facility":"20","guid":"88652169-336a-49ad-a0cc-cdbe627dabe3","syslog.header.timestamp":"Jan  5 09:52:35","syslog.message":"%ASA-6-302016: Teardown UDP connection 17603657 for outside:206.111.72.2\/161 to inside:10.22.8.48\/63306 duration 0:02:01 bytes 1 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168436 for DMZ-Inside:10.22.8.51\/51235 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 2497 TCP FINs","syslog.header.facility":"17","guid":"cce6c817-4237-4970-9868-95bb9cb88769","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 488168436 for DMZ-Inside:10.22.8.51\/51235 to Inside-Trunk:10.22.8.1 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167656 for Outside_VPN:69.111.72.70\/21560 to DMZ-Inside:10.22.8.53\/443 duration 0:00:01 bytes 11410 TCP FINs","syslog.header.facility":"17","guid":"c80fe260-62a1-44bc-9790-380730505321","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 488167656 for Outside_VPN:69.111.72.70\/21560 to DMZ-Inside:10.22.8.5 [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806050 for outside:10.22.8.62\/53965 (10.22.8.62\/53965)(LOCAL\\user.name) to inside:10.22.8.85\/53 (10.22.8.85\/53) (user.name)","syslog.header.facility":"20","guid":"d2aeae4b-099e-44a8-803e-e6f3efc6b681","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302015: Built inbound UDP connection 212806050 for outside:10.22.8.62\/53965 ( [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806052 for outside:10.22.8.62\/56500 (10.22.8.62\/56500)(LOCAL\\user.name) to inside:198.111.72.83\/443 (198.111.72.83\/443) (user.name)","syslog.header.facility":"20","guid":"4c17cf2e-7614-4bff-b786-b928ac108949","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302013: Built inbound TCP connection 212806052 for outside:10.22.8.62\ [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806054 for outside:10.22.8.62\/56502 (10.22.8.62\/56502)(LOCAL\\user.name) to inside:50.111.72.252\/443 (50.111.72.252\/443) (user.name)","syslog.header.facility":"20","guid":"d14e6612-5694-4114-b305-c8176c661f04","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302013: Built inbound TCP connection 212806054 for outside:10.22.8.62\ [...]
+{"syslog.header.hostName":"10.22.8.12","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-305011: Built dynamic TCP translation from inside:10.22.8.188\/64340 to outside:206.111.72.41\/2013","syslog.header.facility":"20","guid":"4ecfc895-d27b-448f-8d29-88fae8bfdc15","syslog.header.timestamp":"Jan  5 09:52:35","syslog.message":"%ASA-6-305011: Built dynamic TCP translation from inside:10.22.8.188\/64340 to outside:206.111.72.41\/2013","syslog.header.pri":"166","syslog.header.severit [...]
+{"syslog.header.hostName":"10.22.8.33","original_string":"<166>Jan  5 15:52:35 10.22.8.33 %ASA-6-305012: Teardown dynamic UDP translation from inside:192.111.72.2\/62251 to outside:79.111.72.174\/21311 duration 0:02:30","syslog.header.facility":"20","guid":"e1cf9c5f-40e9-4cce-8d96-ca4b54fcbe89","syslog.header.timestamp":"Jan  5 15:52:35","syslog.message":"%ASA-6-305012: Teardown dynamic UDP translation from inside:192.111.72.2\/62251 to outside:79.111.72.174\/21311 duration 0:02:30","sys [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806058 for outside:10.22.8.221\/56631 (10.22.8.221\/56631)(LOCAL\\user.name) to inside:10.22.8.26\/389 (10.22.8.26\/389) (user.name)","syslog.header.facility":"20","guid":"749d6df7-18d1-4a81-bbea-0dee8f4c89a8","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302015: Built inbound UDP connection 212806058 for outside:10.22.8.221\/56 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168189 for Outside_VPN:209.111.72.10\/56619 to DMZ-Inside:10.22.8.53\/443 duration 0:00:00 bytes 2477 TCP FINs","syslog.header.facility":"17","guid":"131157d7-fcb9-4f4f-82c9-9b8f0c21bcd0","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 488168189 for Outside_VPN:209.111.72.10\/56619 to DMZ-Inside:10.22.8. [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.112\/52235 to 198.111.72.227\/80 flags ACK  on interface Inside-Trunk","syslog.header.facility":"17","guid":"cdedb97f-8a06-4427-95e4-2dae888b5942","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-106015: Deny TCP (no connection) from 10.22.8.112\/52235 to 198.111.72.227\/80 flags ACK  on interface Inside-Trunk","syslog.header [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167192 for Outside_VPN:115.111.72.7\/49196 to DMZ-Inside:10.22.8.57\/443 duration 0:00:02 bytes 20588 TCP Reset-O","syslog.header.facility":"17","guid":"1fc183f6-8390-425f-a79b-a7e17ce95747","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 488167192 for Outside_VPN:115.111.72.7\/49196 to DMZ-Inside:10.22. [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212806055 for outside:10.22.8.62\/55383(LOCAL\\user.name) to inside:10.22.8.85\/53 duration 0:00:00 bytes 349 (user.name)","syslog.header.facility":"20","guid":"1dd165c4-602d-444b-88f4-600d6c05cb96","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302016: Teardown UDP connection 212806055 for outside:10.22.8.62\/55383(LOCAL\\user.name) to  [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168380 for Outside_VPN:74.111.72.12\/443 to Inside-Trunk:10.22.8.39\/54894 duration 0:00:00 bytes 5701 TCP FINs","syslog.header.facility":"17","guid":"920adf53-ca83-40b2-9ddf-2b034047dafb","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 488168380 for Outside_VPN:74.111.72.12\/443 to Inside-Trunk:10.22.8. [...]
+{"syslog.header.hostName":"10.22.8.212","original_string":"<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245522 for outside:10.22.8.147\/56343 (10.22.8.147\/56343) to inside:209.111.72.151\/443 (209.111.72.151\/443) (user.name)","syslog.header.facility":"21","guid":"26d79381-d0be-44ec-ba05-93cec39f5461","syslog.header.timestamp":"Jan  5 14:52:35","syslog.message":"%ASA-6-302013: Built inbound TCP connection 76245522 for outside:10.22.8.147\/56343 (10.22.8 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168443 for Outside_VPN:23.111.72.27\/80 to Inside-Trunk:10.22.8.81\/64713 duration 0:00:00 bytes 2426 TCP FINs","syslog.header.facility":"17","guid":"54c06801-f175-46e9-b6e5-d47cd9fb4731","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 488168443 for Outside_VPN:23.111.72.27\/80 to Inside-Trunk:10.22.8.81 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488111566 for Outside_VPN:131.111.72.49\/443 to Inside-Trunk:10.22.8.127\/56558 duration 0:01:57 bytes 3614 TCP Reset-O","syslog.header.facility":"17","guid":"f556360d-b58b-469a-a8e9-29fa4915915f","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 488111566 for Outside_VPN:131.111.72.49\/443 to Inside-Trunk:10 [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806061 for outside:10.22.8.17\/58635 (10.22.8.17\/58635)(LOCAL\\user.name) to inside:10.22.8.12\/389 (10.22.8.12\/389) (user.name)","syslog.header.facility":"20","guid":"68149a18-1f1f-4b5e-b619-61077e84ee2e","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302013: Built inbound TCP connection 212806061 for outside:10.22.8.17\/58635 [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806010 for outside:10.22.8.33\/60223(LOCAL\\user.name) to inside:10.22.8.86\/389 duration 0:00:00 bytes 416 TCP Reset-I (user.name)","syslog.header.facility":"20","guid":"222989b0-267e-4679-a28f-e3561f4b40f0","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 212806010 for outside:10.22.8.33\/60223(LOCAL\\u [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806062 for outside:10.22.8.221\/56632 (10.22.8.221\/56632)(LOCAL\\user.name) to inside:10.22.8.73\/389 (10.22.8.73\/389) (user.name)","syslog.header.facility":"20","guid":"01a3c7d7-a847-472f-912f-9fed08122a21","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302015: Built inbound UDP connection 212806062 for outside:10.22.8.221\/56 [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00","syslog.header.facility":"20","guid":"b21487c7-a268-4389-8daf-48553e24be9e","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00","syslog.header.pri":"167","syslog.header.severity":"7","timestamp":1515142355000,"source.type":"syslog3164"}
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168231 for Outside_VPN:204.111.72.243\/3011 to Inside-Trunk:10.22.8.208\/60037 duration 0:00:00 bytes 19415 TCP FINs","syslog.header.facility":"17","guid":"aa78ab45-e5f7-4c78-91ac-7782278121ba","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 488168231 for Outside_VPN:204.111.72.243\/3011 to Inside-Trunk: [...]
+{"syslog.header.hostName":"10.22.8.41","original_string":"<166>Jan  5 16:52:35 10.22.8.41 %ASA-6-302013: Built inbound TCP connection 45476108 for Outside:10.22.8.97\/53484 (10.22.8.97\/53484)(LOCAL\\user.name) to Inside:141.111.72.70\/7576 (141.111.72.70\/7576) (user.name)","syslog.header.facility":"20","guid":"17255787-8e0b-441b-95f3-2847562976a0","syslog.header.timestamp":"Jan  5 16:52:35","syslog.message":"%ASA-6-302013: Built inbound TCP connection 45476108 for Outside:10.22.8.97\/5 [...]
+{"syslog.header.hostName":"10.22.8.212","original_string":"<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245527 for outside:10.22.8.97\/65195 (10.22.8.97\/65195) to inside:17.111.72.212\/5223 (17.111.72.212\/5223) (user.name)","syslog.header.facility":"21","guid":"2afc28ff-6abc-4687-8980-29520e29fdd0","syslog.header.timestamp":"Jan  5 14:52:35","syslog.message":"%ASA-6-302013: Built inbound TCP connection 76245527 for outside:10.22.8.97\/65195 (10.22.8.97 [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806018 for outside:10.22.8.17\/58632(LOCAL\\user.name) to inside:10.22.8.12\/389 duration 0:00:00 bytes 0 TCP FINs (user.name)","syslog.header.facility":"20","guid":"e1b89dd1-ac20-449d-89f3-c0bd6854e5f4","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 212806018 for outside:10.22.8.17\/58632(LOCAL\\user.n [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168562 for DMZ-Inside:10.22.8.51\/51236 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 2273 TCP FINs","syslog.header.facility":"17","guid":"883c4b0a-6fce-473b-accb-05e685f0cbf8","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 488168562 for DMZ-Inside:10.22.8.51\/51236 to Inside-Trunk:10.22.8.1 [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806065 for outside:10.22.8.62\/59829 (10.22.8.62\/59829)(LOCAL\\user.name) to inside:10.22.8.85\/53 (10.22.8.85\/53) (user.name)","syslog.header.facility":"20","guid":"1163b376-fc70-4ae9-81b4-0b037327fa5a","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302015: Built inbound UDP connection 212806065 for outside:10.22.8.62\/59829 ( [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806067 for outside:10.22.8.143\/62675 (10.22.8.143\/62675)(LOCAL\\user.name) to inside:141.111.72.12\/389 (141.111.72.12\/389) (user.name)","syslog.header.facility":"20","guid":"48775c39-c9d8-4da9-a543-7a70abb2e456","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302013: Built inbound TCP connection 212806067 for outside:10.22.8.1 [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-710005: UDP request discarded from 10.22.8.223\/61122 to outside:224.111.72.252\/5355","syslog.header.facility":"20","guid":"3ec72d5a-d659-4f0a-8be7-328f990d1678","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-7-710005: UDP request discarded from 10.22.8.223\/61122 to outside:224.111.72.252\/5355","syslog.header.pri":"167","syslog.header.severity":"7","timestamp":1515142 [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.143\/0(LOCAL\\user.name) gaddr 141.111.72.12\/0 laddr 141.111.72.12\/0 (user.name)","syslog.header.facility":"20","guid":"ce7ccaf5-f676-455d-a612-1c5856416c9c","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.143\/0(LOCAL\\user.name) gaddr 141.111.72.12\/0 ladd [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168547 for Outside_VPN:107.111.72.102\/80 to Inside-Trunk:10.22.8.54\/61676 duration 0:00:00 bytes 1030 TCP FINs","syslog.header.facility":"17","guid":"fe02e22f-f3f4-4ba3-afe9-500519b4f0f4","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302014: Teardown TCP connection 488168547 for Outside_VPN:107.111.72.102\/80 to Inside-Trunk:10.22. [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806078 for outside:10.22.8.221\/56633 (10.22.8.221\/56633)(LOCAL\\user.name) to inside:10.22.8.20\/389 (10.22.8.20\/389) (user.name)","syslog.header.facility":"20","guid":"4e748582-a989-4605-abc1-70e30c6ce5b5","syslog.header.timestamp":"Jan  5 08:52:35","syslog.message":"%ASA-6-302015: Built inbound UDP connection 212806078 for outside:10.22.8.221\/56 [...]
+{"syslog.header.hostName":"10.22.8.12","original_string":"<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-305011: Built dynamic TCP translation from inside:10.22.8.83\/59915 to outside:206.111.72.41\/22776","syslog.header.facility":"20","guid":"557f3bc8-e889-427d-97fe-7d9e4b61e932","syslog.header.timestamp":"Jan  5 09:52:35","syslog.message":"%ASA-6-305011: Built dynamic TCP translation from inside:10.22.8.83\/59915 to outside:206.111.72.41\/22776","syslog.header.pri":"166","syslog.header.severit [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168044 for Outside_VPN:50.111.72.39\/80 to Inside-Trunk:10.22.8.75\/60877 duration 0:00:01 bytes 13304 TCP FINs","syslog.header.facility":"17","guid":"d81d66f2-e6e0-42ff-b886-a02fd3893032","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302014: Teardown TCP connection 488168044 for Outside_VPN:50.111.72.39\/80 to Inside-Trunk:10.22.8.7 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488118326 for Outside_VPN:23.111.72.27\/80 to Inside-Trunk:10.22.8.229\/57901 duration 0:01:45 bytes 1942 TCP FINs","syslog.header.facility":"17","guid":"e33243a6-d361-48da-9dd6-30fe1a2b0dbe","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302014: Teardown TCP connection 488118326 for Outside_VPN:23.111.72.27\/80 to Inside-Trunk:10.22.8.2 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488160565 for Outside_VPN:72.111.72.29\/80 to Inside-Trunk:10.22.8.42\/57520 duration 0:00:15 bytes 1025 TCP FINs","syslog.header.facility":"17","guid":"0833ee92-e4b0-4cec-aed6-73e0f3afa0e8","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302014: Teardown TCP connection 488160565 for Outside_VPN:72.111.72.29\/80 to Inside-Trunk:10.22.8.42 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488096423 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22.8.127\/59096 duration 0:02:27 bytes 99347 TCP Reset-O","syslog.header.facility":"17","guid":"5afa5b9b-af47-4954-820f-1a2a72249f5c","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302014: Teardown TCP connection 488096423 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488095522 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22.8.127\/59087 duration 0:02:29 bytes 154785 TCP Reset-O","syslog.header.facility":"17","guid":"cc093a83-1f7d-468a-b09a-982e62a5371a","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302014: Teardown TCP connection 488095522 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.2 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488106557 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22.8.127\/59134 duration 0:02:09 bytes 25319 TCP Reset-O","syslog.header.facility":"17","guid":"30e86e48-6d96-4ebc-8865-262c67d1801b","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302014: Teardown TCP connection 488106557 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488096426 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22.8.127\/59099 duration 0:02:27 bytes 26171 TCP Reset-O","syslog.header.facility":"17","guid":"e9d40894-606f-4f14-9bb3-367fbc0c19a0","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302014: Teardown TCP connection 488096426 for Outside_VPN:72.111.72.43\/80 to Inside-Trunk:10.22 [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806005 for outside:10.22.8.17\/58630(LOCAL\\user.name) to inside:10.22.8.12\/389 duration 0:00:00 bytes 3942 TCP FINs (user.name)","syslog.header.facility":"20","guid":"ada1044a-5805-494a-a814-2907ad6ad665","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302014: Teardown TCP connection 212806005 for outside:10.22.8.17\/58630(LOCAL\\use [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806085 for outside:10.22.8.143\/54018 (10.22.8.143\/54018)(LOCAL\\user.name) to inside:10.22.8.85\/53 (10.22.8.85\/53) (user.name)","syslog.header.facility":"20","guid":"7e38f864-4c30-4f06-9dd7-0bc8f405bbe6","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302015: Built inbound UDP connection 212806085 for outside:10.22.8.143\/5401 [...]
+{"syslog.header.hostName":"10.22.8.212","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.96\/2708 gaddr 10.22.8.30\/0 laddr 10.22.8.30\/0 (user.name)","syslog.header.facility":"21","guid":"57fb779c-227a-4f64-afde-d993f5f163fb","syslog.header.timestamp":"Jan  5 14:52:36","syslog.message":"%ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.96\/2708 gaddr 10.22.8.30\/0 laddr 10.22.8.30\/0 (user.name)","syslog.head [...]
+{"syslog.header.hostName":"10.22.8.212","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245537 for outside:10.22.8.110\/49886 (10.22.8.110\/49886) to inside:192.111.72.11\/8612 (192.111.72.11\/8612) (user.name)","syslog.header.facility":"21","guid":"55f3aa3a-fa7f-42c2-86fa-23602434c716","syslog.header.timestamp":"Jan  5 14:52:36","syslog.message":"%ASA-6-302015: Built inbound UDP connection 76245537 for outside:10.22.8.110\/49886 (10.22.8 [...]
+{"syslog.header.hostName":"10.22.8.41","original_string":"<166>Jan  5 16:52:36 10.22.8.41 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.85\/58359 to 10.22.8.11\/88 flags RST ACK  on interface Outside","syslog.header.facility":"20","guid":"04bf0433-398f-4369-8a10-b6b6800b94dc","syslog.header.timestamp":"Jan  5 16:52:36","syslog.message":"%ASA-6-106015: Deny TCP (no connection) from 10.22.8.85\/58359 to 10.22.8.11\/88 flags RST ACK  on interface Outside","syslog.header.pri":"166","s [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.82\/0(LOCAL\\user.name) gaddr 10.22.8.205\/0 laddr 10.22.8.205\/0","syslog.header.facility":"20","guid":"0ca4a23e-9dc1-46ea-bbd4-e5fa1566a5fa","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.82\/0(LOCAL\\user.name) gaddr 10.22.8.205\/0 laddr 10.22.8.205\/0","syslog.head [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212799832 for outside:10.22.8.230\/55549(LOCAL\\user.name) to inside:10.22.8.11\/389 duration 0:02:01 bytes 354 (user.name)","syslog.header.facility":"20","guid":"b472dd59-9ede-42ed-a67b-e5d34e8b7b9d","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302016: Teardown UDP connection 212799832 for outside:10.22.8.230\/55549(LOCAL\\user.name)  [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212799867 for outside:10.22.8.240\/138(LOCAL\\user.name) to inside:10.22.8.255\/138 duration 0:02:01 bytes 214 (user.name)","syslog.header.facility":"20","guid":"9231563a-4e43-440d-9bcd-ff67d2f01b17","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302016: Teardown UDP connection 212799867 for outside:10.22.8.240\/138(LOCAL\\user.name) to  [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<167>Jan  5 08:52:36 10.22.8.216 %ASA-7-609001: Built local-host inside:67.111.72.204","syslog.header.facility":"20","guid":"e717a671-9e5f-4bb7-b0b0-0e1cbcfe5b4a","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-7-609001: Built local-host inside:67.111.72.204","syslog.header.pri":"167","syslog.header.severity":"7","timestamp":1515142356000,"source.type":"syslog3164"}
+{"syslog.header.hostName":"10.22.8.212","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245544 for outside:10.22.8.227\/54540 (10.22.8.227\/54540) to inside:63.111.72.124\/80 (63.111.72.124\/80) (user.name)","syslog.header.facility":"21","guid":"49cc4afe-467b-4b4c-b883-d6aa2ebe1d9f","syslog.header.timestamp":"Jan  5 14:52:36","syslog.message":"%ASA-6-302013: Built inbound TCP connection 76245544 for outside:10.22.8.227\/54540 (10.22.8.227 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168135 for Outside_VPN:198.111.72.66\/36797 to DMZ-Inside:10.22.8.53\/80 duration 0:00:01 bytes 89039 TCP FINs","syslog.header.facility":"17","guid":"de2a851d-4860-4625-b870-c7f3a10c219a","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302014: Teardown TCP connection 488168135 for Outside_VPN:198.111.72.66\/36797 to DMZ-Inside:10.22.8. [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805836 for outside:10.22.8.62\/56471(LOCAL\\user.name) to inside:208.111.72.1\/443 duration 0:00:04 bytes 1700 TCP FINs (user.name)","syslog.header.facility":"20","guid":"6f37c953-20ea-4fa3-aa96-0b91c689e110","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302014: Teardown TCP connection 212805836 for outside:10.22.8.62\/56471(LOCAL\\u [...]
+{"syslog.header.hostName":"10.22.8.212","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245546 for outside:10.22.8.227\/54542 (10.22.8.227\/54542) to inside:63.111.72.124\/80 (63.111.72.124\/80) (user.name)","syslog.header.facility":"21","guid":"4e9f6ee9-55fc-40da-8e3c-77ba4f072013","syslog.header.timestamp":"Jan  5 14:52:36","syslog.message":"%ASA-6-302013: Built inbound TCP connection 76245546 for outside:10.22.8.227\/54542 (10.22.8.227 [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.74\/0(LOCAL\\user.name) gaddr 10.22.8.205\/0 laddr 10.22.8.205\/0","syslog.header.facility":"20","guid":"79538743-01a6-49e1-860a-80fe58111d59","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.74\/0(LOCAL\\user.name) gaddr 10.22.8.205\/0 laddr 10.22.8.205\/0","syslog.head [...]
+{"syslog.header.hostName":"10.22.8.212","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302020: Built outbound ICMP connection for faddr 10.22.8.96\/2708 gaddr 10.22.8.30\/0 laddr 10.22.8.30\/0","syslog.header.facility":"21","guid":"7ba31a57-915e-466e-8efb-dfdbc9a7d515","syslog.header.timestamp":"Jan  5 14:52:36","syslog.message":"%ASA-6-302020: Built outbound ICMP connection for faddr 10.22.8.96\/2708 gaddr 10.22.8.30\/0 laddr 10.22.8.30\/0","syslog.header.pri":"174","syslog. [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168388 for DMZ-Inside:10.22.8.10\/49771 to Inside-Trunk:10.22.8.128\/443 duration 0:00:00 bytes 19132 TCP Reset-O","syslog.header.facility":"17","guid":"5fb3a31a-84f7-465e-b4a5-648edc12c9f3","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302014: Teardown TCP connection 488168388 for DMZ-Inside:10.22.8.10\/49771 to Inside-Trunk:10.22.8 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168692 for DMZ-Inside:10.22.8.53\/61694 to Inside-Trunk:10.22.8.174\/40004 duration 0:00:00 bytes 5660 TCP FINs","syslog.header.facility":"17","guid":"89922414-2c06-45b2-9c96-e2a62956eb4b","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302014: Teardown TCP connection 488168692 for DMZ-Inside:10.22.8.53\/61694 to Inside-Trunk:10.22.8.1 [...]
+{"syslog.header.hostName":"10.22.8.212","original_string":"<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245552 for outside:10.22.8.92\/51042 (10.22.8.92\/51042) to inside:10.22.8.193\/9100 (10.22.8.193\/9100) (user.name)","syslog.header.facility":"21","guid":"af712b8d-55d8-46c0-9ab0-92e075aaf546","syslog.header.timestamp":"Jan  5 14:52:36","syslog.message":"%ASA-6-302013: Built inbound TCP connection 76245552 for outside:10.22.8.92\/51042 (10.22.8.92\/51 [...]
+{"syslog.header.hostName":"10.22.8.41","original_string":"<166>Jan  5 16:52:36 10.22.8.41 %ASA-6-302016: Teardown UDP connection 45474680 for Outside:10.22.8.49\/137(LOCAL\\user.name) to Inside:10.22.8.12\/137 duration 0:02:03 bytes 486 (user.name)","syslog.header.facility":"20","guid":"756ac82f-e710-4dac-b7d6-8e22931b3cfd","syslog.header.timestamp":"Jan  5 16:52:36","syslog.message":"%ASA-6-302016: Teardown UDP connection 45474680 for Outside:10.22.8.49\/137(LOCAL\\user.name) to Inside: [...]
+{"syslog.header.hostName":"10.22.8.41","original_string":"<166>Jan  5 16:52:36 10.22.8.41 %ASA-6-302016: Teardown UDP connection 45474694 for Outside:10.22.8.49\/138(LOCAL\\user.name) to Inside:10.22.8.12\/138 duration 0:02:01 bytes 184 (user.name)","syslog.header.facility":"20","guid":"c7cbc688-5c80-43f0-b3a9-6e026c988c83","syslog.header.timestamp":"Jan  5 16:52:36","syslog.message":"%ASA-6-302016: Teardown UDP connection 45474694 for Outside:10.22.8.49\/138(LOCAL\\user.name) to Inside: [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167720 for Outside_VPN:198.111.72.75\/1033 to DMZ-Inside:10.22.8.53\/443 duration 0:00:01 bytes 9634 TCP FINs","syslog.header.facility":"17","guid":"fd20d131-6fe5-4258-a822-982db9b3bcc2","syslog.header.timestamp":"Jan  5 08:52:36","syslog.message":"%ASA-6-302014: Teardown TCP connection 488167720 for Outside_VPN:198.111.72.75\/1033 to DMZ-Inside:10.22.8.53 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488165627 for Outside_VPN:170.111.72.22\/27463 to DMZ-Inside:10.22.8.53\/443 duration 0:00:01 bytes 9756 TCP FINs","syslog.header.facility":"17","guid":"de48f6be-b9c8-42e5-8db9-4fdec5458dbf","syslog.header.timestamp":"Jan  5 08:52:32","syslog.message":"%ASA-6-302014: Teardown TCP connection 488165627 for Outside_VPN:170.111.72.22\/27463 to DMZ-Inside:10.22.8. [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:32 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212805854 for outside:10.22.8.62\/54704(LOCAL\\user.name) to inside:10.22.8.85\/53 duration 0:00:00 bytes 114 (user.name)","syslog.header.facility":"20","guid":"84c5fb3b-ae49-4eb8-af3f-57c63fc6d079","syslog.header.timestamp":"Jan  5 08:52:32","syslog.message":"%ASA-6-302016: Teardown UDP connection 212805854 for outside:10.22.8.62\/54704(LOCAL\\user.name) to  [...]
+{"syslog.header.hostName":"10.22.8.12","original_string":"<166>Jan  5 09:52:32 10.22.8.12 %ASA-6-302020: Built inbound ICMP connection for faddr 207.111.72.122\/0 gaddr 206.111.72.24\/512 laddr 10.22.8.57\/512","syslog.header.facility":"20","guid":"a7fcb975-e65a-4f01-939e-839cf4f599b0","syslog.header.timestamp":"Jan  5 09:52:32","syslog.message":"%ASA-6-302020: Built inbound ICMP connection for faddr 207.111.72.122\/0 gaddr 206.111.72.24\/512 laddr 10.22.8.57\/512","syslog.header.pri":"1 [...]
+{"syslog.header.hostName":"10.22.8.12","original_string":"<166>Jan  5 09:52:32 10.22.8.12 %ASA-6-302013: Built outbound TCP connection 17605397 for outside:69.111.72.0\/80 (69.111.72.0\/80) to inside:10.22.8.102\/55659 (206.111.72.41\/40627)","syslog.header.facility":"20","guid":"12f475f4-04c8-41de-8d41-547f98933048","syslog.header.timestamp":"Jan  5 09:52:32","syslog.message":"%ASA-6-302013: Built outbound TCP connection 17605397 for outside:69.111.72.0\/80 (69.111.72.0\/80) to inside:1 [...]
+{"syslog.header.hostName":"10.22.8.212","original_string":"<174>Jan  5 14:52:32 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245230 for outside:10.22.8.96\/123 (10.22.8.96\/123) to inside:10.22.8.12\/123 (10.22.8.12\/123) (user.name)","syslog.header.facility":"21","guid":"9b26768a-1a11-4777-b1fb-906821b7f05b","syslog.header.timestamp":"Jan  5 14:52:32","syslog.message":"%ASA-6-302015: Built inbound UDP connection 76245230 for outside:10.22.8.96\/123 (10.22.8.96\/123) to insi [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488031413 for Outside_VPN:184.111.72.216\/50341 to DMZ-Inside:10.22.8.57\/443 duration 0:05:01 bytes 13543 TCP Reset-O","syslog.header.facility":"17","guid":"b177327e-d674-470a-8f82-bacd18d47df2","syslog.header.timestamp":"Jan  5 08:52:32","syslog.message":"%ASA-6-302014: Teardown TCP connection 488031413 for Outside_VPN:184.111.72.216\/50341 to DMZ-Inside:10 [...]
+{"syslog.header.hostName":"10.22.8.41","original_string":"<166>Jan  5 16:52:32 10.22.8.41 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.95\/1(LOCAL\\user.name) gaddr 10.22.8.12\/0 laddr 10.22.8.12\/0 (user.name)","syslog.header.facility":"20","guid":"69f69569-66c2-4846-9f12-3b24a416e876","syslog.header.timestamp":"Jan  5 16:52:32","syslog.message":"%ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.95\/1(LOCAL\\user.name) gaddr 10.22.8.12\/0 laddr 10.22.8.12\ [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488030393 for DMZ-Inside:[10.22.8.10\/57109 to Inside-Trunk:10.22.8.128\/443 duration 0:05:04 bytes 13541 TCP Reset-O","syslog.header.facility":"17","guid":"bf63019f-7895-495f-8406-2b50b9186a90","syslog.header.timestamp":"Jan  5 08:52:32","syslog.message":"%ASA-6-302014: Teardown TCP connection 488030393 for DMZ-Inside:[10.22.8.10\/57109 to Inside-Trunk:10.22 [...]
+{"syslog.header.hostName":"10.22.8.12","original_string":"<166>Jan  5 09:52:32 10.22.8.12 %ASA-6-305012: Teardown dynamic TCP translation from inside:10.22.8.149\/62156 to outside:206.111.72.41\/19576 duration 0:00:44","syslog.header.facility":"20","guid":"28cc755f-1acb-41bf-a454-ee392fb7ef1a","syslog.header.timestamp":"Jan  5 09:52:32","syslog.message":"%ASA-6-305012: Teardown dynamic TCP translation from inside:10.22.8.149\/62156 to outside:206.111.72.41\/19576 duration 0:00:44","syslo [...]
+{"syslog.header.hostName":"10.22.8.12","original_string":"<166>Jan  5 09:52:32 10.22.8.12 %ASA-6-305012: Teardown dynamic TCP translation from inside:10.22.8.149\/62159 to outside:206.111.72.41\/39634 duration 0:00:44","syslog.header.facility":"20","guid":"d6c11c2e-c0b4-4981-b6bc-768c5437b7d9","syslog.header.timestamp":"Jan  5 09:52:32","syslog.message":"%ASA-6-305012: Teardown dynamic TCP translation from inside:10.22.8.149\/62159 to outside:206.111.72.41\/39634 duration 0:00:44","syslo [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488031793 for Outside_VPN:198.111.72.146\/28026 to DMZ-Inside:10.22.8.53\/443 duration 0:05:00 bytes 119 TCP FINs","syslog.header.facility":"17","guid":"6816c488-5bc9-4854-97cb-c26c31f223fb","syslog.header.timestamp":"Jan  5 08:52:32","syslog.message":"%ASA-6-302014: Teardown TCP connection 488031793 for Outside_VPN:198.111.72.146\/28026 to DMZ-Inside:10.22.8 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488030810 for DMZ-Inside:10.22.8.10\/56930 to Inside-Trunk:10.22.8.128\/443 duration 0:05:03 bytes 13543 TCP Reset-O","syslog.header.facility":"17","guid":"abaf91ea-8b0f-4157-9222-3492585e19e4","syslog.header.timestamp":"Jan  5 08:52:32","syslog.message":"%ASA-6-302014: Teardown TCP connection 488030810 for DMZ-Inside:10.22.8.10\/56930 to Inside-Trunk:10.22.8 [...]
+{"syslog.header.hostName":"10.22.8.201","original_string":"<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 186.111.72.11\/80 to 204.111.72.199\/61438 flags SYN ACK  on interface Outside_VPN","syslog.header.facility":"17","guid":"25830358-2bde-4c75-bc90-0aba594625dd","syslog.header.timestamp":"Jan  5 08:52:32","syslog.message":"%ASA-6-106015: Deny TCP (no connection) from 186.111.72.11\/80 to 204.111.72.199\/61438 flags SYN ACK  on interface Outside_VPN","sys [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<166>Jan  5 08:52:32 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212805863 for outside:10.22.8.144\/61999 (10.22.8.144\/61999)(LOCAL\\user.name) to inside:10.22.8.163\/80 (10.22.8.163\/80) (user.name)","syslog.header.facility":"20","guid":"78461d6a-8008-4c55-b8cd-b48b90e9d519","syslog.header.timestamp":"Jan  5 08:52:32","syslog.message":"%ASA-6-302013: Built inbound TCP connection 212805863 for outside:10.22.8.144\/61 [...]
+{"syslog.header.hostName":"10.22.8.216","original_string":"<167>Jan  5 08:52:32 10.22.8.216 %ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00","syslog.header.facility":"20","guid":"0d48864f-dcd5-40b5-8ec3-a37ccf2f1527","syslog.header.timestamp":"Jan  5 08:52:32","syslog.message":"%ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00","syslog.header.pri":"167","syslog.header.severity":"7","timestamp":1515142352000,"source.type":"syslog3164"}
\ No newline at end of file
diff --git a/metron-platform/metron-integration-test/src/main/sample/data/syslog3164/raw/Syslog3164Output b/metron-platform/metron-integration-test/src/main/sample/data/syslog3164/raw/Syslog3164Output
new file mode 100644
index 0000000..6009d48
--- /dev/null
+++ b/metron-platform/metron-integration-test/src/main/sample/data/syslog3164/raw/Syslog3164Output
@@ -0,0 +1,100 @@
+<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-609001: Built local-host inside:10.22.8.205
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.74/0(LOCAL\user.name) gaddr 10.22.8.205/0 laddr 10.22.8.205/0
+<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167725 for Outside_VPN:147.111.72.16/26436 to DMZ-Inside:10.22.8.53/443 duration 0:00:00 bytes 9687 TCP FINs
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805593 for outside:10.22.8.223/59614(LOCAL\user.name) to inside:10.22.8.78/8102 duration 0:00:07 bytes 3433 TCP FINs (user.name)
+<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245503 for outside:10.22.8.233/54209 (10.22.8.233/54209) to inside:198.111.72.238/443 (198.111.72.238/443) (user.name)
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806031 for outside:10.22.8.17/58633 (10.22.8.17/58633)(LOCAL\user.name) to inside:10.22.8.12/389 (10.22.8.12/389) (user.name)
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168292 for DMZ-Inside:10.22.8.51/51231 to Inside-Trunk:10.22.8.174/40004 duration 0:00:00 bytes 2103 TCP FINs
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 186.111.72.11/80 to 204.111.72.226/45019 flags SYN ACK  on interface Outside_VPN
+<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302014: Teardown TCP connection 17604987 for outside:209.111.72.151/443 to inside:10.22.8.188/64306 duration 0:00:31 bytes 10128 TCP FINs
+<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302014: Teardown TCP connection 17604999 for outside:209.111.72.151/443 to inside:10.22.8.188/64307 duration 0:00:30 bytes 6370 TCP FINs
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167347 for Outside_VPN:198.111.72.24/2134 to DMZ-Inside:10.22.8.53/443 duration 0:00:01 bytes 9785 TCP FINs
+<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245506 for outside:10.22.8.110/49886 (10.22.8.110/49886) to inside:192.111.72.8/8612 (192.111.72.8/8612) (user.name)
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805993 for outside:10.22.8.89/56917(LOCAL\user.name) to inside:216.111.72.126/443 duration 0:00:00 bytes 0 TCP FINs (user.name)
+<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-710005: UDP request discarded from 10.22.8.223/49192 to outside:224.111.72.252/5355
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488166143 for Outside_VPN:198.111.72.64/80 to Inside-Trunk:10.22.8.39/54883 duration 0:00:04 bytes 1148 TCP FINs
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.84/445 to 10.22.8.219/60726 flags ACK  on interface inside
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168344 for DMZ-Inside:10.22.8.53/61682 to Inside-Trunk:10.22.8.174/40004 duration 0:00:00 bytes 5648 TCP FINs
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168345 for DMZ-Inside:10.22.8.16/31454 to Inside-Trunk:10.22.8.21/443 duration 0:00:00 bytes 756 TCP FINs
+<182>Jan  5 20:22:35 10.22.8.4 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.12/0 gaddr 10.22.8.45/1 laddr 10.22.8.45/1
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 50.111.72.230/80 to 204.111.72.254/53077 flags RST  on interface Outside_VPN
+<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603649 for outside:206.111.72.2/161 to inside:10.22.8.48/63297 duration 0:02:01 bytes 209
+<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603650 for outside:207.111.72.122/161 to inside:10.22.8.48/63298 duration 0:02:01 bytes 209
+<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603652 for outside:206.111.72.2/161 to inside:10.22.8.48/63300 duration 0:02:01 bytes 115
+<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-302016: Teardown UDP connection 17603657 for outside:206.111.72.2/161 to inside:10.22.8.48/63306 duration 0:02:01 bytes 115
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168436 for DMZ-Inside:10.22.8.51/51235 to Inside-Trunk:10.22.8.174/40004 duration 0:00:00 bytes 2497 TCP FINs
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167656 for Outside_VPN:69.111.72.70/21560 to DMZ-Inside:10.22.8.53/443 duration 0:00:01 bytes 11410 TCP FINs
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806050 for outside:10.22.8.62/53965 (10.22.8.62/53965)(LOCAL\user.name) to inside:10.22.8.85/53 (10.22.8.85/53) (user.name)
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806052 for outside:10.22.8.62/56500 (10.22.8.62/56500)(LOCAL\user.name) to inside:198.111.72.83/443 (198.111.72.83/443) (user.name)
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806054 for outside:10.22.8.62/56502 (10.22.8.62/56502)(LOCAL\user.name) to inside:50.111.72.252/443 (50.111.72.252/443) (user.name)
+<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-305011: Built dynamic TCP translation from inside:10.22.8.188/64340 to outside:206.111.72.41/2013
+<166>Jan  5 15:52:35 10.22.8.33 %ASA-6-305012: Teardown dynamic UDP translation from inside:192.111.72.2/62251 to outside:79.111.72.174/21311 duration 0:02:30
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806058 for outside:10.22.8.221/56631 (10.22.8.221/56631)(LOCAL\user.name) to inside:10.22.8.26/389 (10.22.8.26/389) (user.name)
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168189 for Outside_VPN:209.111.72.10/56619 to DMZ-Inside:10.22.8.53/443 duration 0:00:00 bytes 2477 TCP FINs
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.112/52235 to 198.111.72.227/80 flags ACK  on interface Inside-Trunk
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167192 for Outside_VPN:115.111.72.7/49196 to DMZ-Inside:10.22.8.57/443 duration 0:00:02 bytes 20588 TCP Reset-O
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212806055 for outside:10.22.8.62/55383(LOCAL\user.name) to inside:10.22.8.85/53 duration 0:00:00 bytes 349 (user.name)
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168380 for Outside_VPN:74.111.72.12/443 to Inside-Trunk:10.22.8.39/54894 duration 0:00:00 bytes 5701 TCP FINs
+<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245522 for outside:10.22.8.147/56343 (10.22.8.147/56343) to inside:209.111.72.151/443 (209.111.72.151/443) (user.name)
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168443 for Outside_VPN:23.111.72.27/80 to Inside-Trunk:10.22.8.81/64713 duration 0:00:00 bytes 2426 TCP FINs
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488111566 for Outside_VPN:131.111.72.49/443 to Inside-Trunk:10.22.8.127/56558 duration 0:01:57 bytes 3614 TCP Reset-O
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806061 for outside:10.22.8.17/58635 (10.22.8.17/58635)(LOCAL\user.name) to inside:10.22.8.12/389 (10.22.8.12/389) (user.name)
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806010 for outside:10.22.8.33/60223(LOCAL\user.name) to inside:10.22.8.86/389 duration 0:00:00 bytes 416 TCP Reset-I (user.name)
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806062 for outside:10.22.8.221/56632 (10.22.8.221/56632)(LOCAL\user.name) to inside:10.22.8.73/389 (10.22.8.73/389) (user.name)
+<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168231 for Outside_VPN:204.111.72.243/3011 to Inside-Trunk:10.22.8.208/60037 duration 0:00:00 bytes 19415 TCP FINs
+<166>Jan  5 16:52:35 10.22.8.41 %ASA-6-302013: Built inbound TCP connection 45476108 for Outside:10.22.8.97/53484 (10.22.8.97/53484)(LOCAL\user.name) to Inside:141.111.72.70/7576 (141.111.72.70/7576) (user.name)
+<174>Jan  5 14:52:35 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245527 for outside:10.22.8.97/65195 (10.22.8.97/65195) to inside:17.111.72.212/5223 (17.111.72.212/5223) (user.name)
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806018 for outside:10.22.8.17/58632(LOCAL\user.name) to inside:10.22.8.12/389 duration 0:00:00 bytes 0 TCP FINs (user.name)
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168562 for DMZ-Inside:10.22.8.51/51236 to Inside-Trunk:10.22.8.174/40004 duration 0:00:00 bytes 2273 TCP FINs
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806065 for outside:10.22.8.62/59829 (10.22.8.62/59829)(LOCAL\user.name) to inside:10.22.8.85/53 (10.22.8.85/53) (user.name)
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212806067 for outside:10.22.8.143/62675 (10.22.8.143/62675)(LOCAL\user.name) to inside:141.111.72.12/389 (141.111.72.12/389) (user.name)
+<167>Jan  5 08:52:35 10.22.8.216 %ASA-7-710005: UDP request discarded from 10.22.8.223/61122 to outside:224.111.72.252/5355
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.143/0(LOCAL\user.name) gaddr 141.111.72.12/0 laddr 141.111.72.12/0 (user.name)
+<142>Jan  5 08:52:35 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168547 for Outside_VPN:107.111.72.102/80 to Inside-Trunk:10.22.8.54/61676 duration 0:00:00 bytes 1030 TCP FINs
+<166>Jan  5 08:52:35 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806078 for outside:10.22.8.221/56633 (10.22.8.221/56633)(LOCAL\user.name) to inside:10.22.8.20/389 (10.22.8.20/389) (user.name)
+<166>Jan  5 09:52:35 10.22.8.12 %ASA-6-305011: Built dynamic TCP translation from inside:10.22.8.83/59915 to outside:206.111.72.41/22776
+<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168044 for Outside_VPN:50.111.72.39/80 to Inside-Trunk:10.22.8.75/60877 duration 0:00:01 bytes 13304 TCP FINs
+<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488118326 for Outside_VPN:23.111.72.27/80 to Inside-Trunk:10.22.8.229/57901 duration 0:01:45 bytes 1942 TCP FINs
+<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488160565 for Outside_VPN:72.111.72.29/80 to Inside-Trunk:10.22.8.42/57520 duration 0:00:15 bytes 1025 TCP FINs
+<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488096423 for Outside_VPN:72.111.72.43/80 to Inside-Trunk:10.22.8.127/59096 duration 0:02:27 bytes 99347 TCP Reset-O
+<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488095522 for Outside_VPN:72.111.72.43/80 to Inside-Trunk:10.22.8.127/59087 duration 0:02:29 bytes 154785 TCP Reset-O
+<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488106557 for Outside_VPN:72.111.72.43/80 to Inside-Trunk:10.22.8.127/59134 duration 0:02:09 bytes 25319 TCP Reset-O
+<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488096426 for Outside_VPN:72.111.72.43/80 to Inside-Trunk:10.22.8.127/59099 duration 0:02:27 bytes 26171 TCP Reset-O
+<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212806005 for outside:10.22.8.17/58630(LOCAL\user.name) to inside:10.22.8.12/389 duration 0:00:00 bytes 3942 TCP FINs (user.name)
+<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302015: Built inbound UDP connection 212806085 for outside:10.22.8.143/54018 (10.22.8.143/54018)(LOCAL\user.name) to inside:10.22.8.85/53 (10.22.8.85/53) (user.name)
+<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.96/2708 gaddr 10.22.8.30/0 laddr 10.22.8.30/0 (user.name)
+<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245537 for outside:10.22.8.110/49886 (10.22.8.110/49886) to inside:192.111.72.11/8612 (192.111.72.11/8612) (user.name)
+<166>Jan  5 16:52:36 10.22.8.41 %ASA-6-106015: Deny TCP (no connection) from 10.22.8.85/58359 to 10.22.8.11/88 flags RST ACK  on interface Outside
+<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.82/0(LOCAL\user.name) gaddr 10.22.8.205/0 laddr 10.22.8.205/0
+<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212799832 for outside:10.22.8.230/55549(LOCAL\user.name) to inside:10.22.8.11/389 duration 0:02:01 bytes 354 (user.name)
+<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212799867 for outside:10.22.8.240/138(LOCAL\user.name) to inside:10.22.8.255/138 duration 0:02:01 bytes 214 (user.name)
+<167>Jan  5 08:52:36 10.22.8.216 %ASA-7-609001: Built local-host inside:67.111.72.204
+<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245544 for outside:10.22.8.227/54540 (10.22.8.227/54540) to inside:63.111.72.124/80 (63.111.72.124/80) (user.name)
+<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168135 for Outside_VPN:198.111.72.66/36797 to DMZ-Inside:10.22.8.53/80 duration 0:00:01 bytes 89039 TCP FINs
+<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302014: Teardown TCP connection 212805836 for outside:10.22.8.62/56471(LOCAL\user.name) to inside:208.111.72.1/443 duration 0:00:04 bytes 1700 TCP FINs (user.name)
+<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245546 for outside:10.22.8.227/54542 (10.22.8.227/54542) to inside:63.111.72.124/80 (63.111.72.124/80) (user.name)
+<166>Jan  5 08:52:36 10.22.8.216 %ASA-6-302021: Teardown ICMP connection for faddr 10.22.8.74/0(LOCAL\user.name) gaddr 10.22.8.205/0 laddr 10.22.8.205/0
+<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302020: Built outbound ICMP connection for faddr 10.22.8.96/2708 gaddr 10.22.8.30/0 laddr 10.22.8.30/0
+<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168388 for DMZ-Inside:10.22.8.10/49771 to Inside-Trunk:10.22.8.128/443 duration 0:00:00 bytes 19132 TCP Reset-O
+<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488168692 for DMZ-Inside:10.22.8.53/61694 to Inside-Trunk:10.22.8.174/40004 duration 0:00:00 bytes 5660 TCP FINs
+<174>Jan  5 14:52:36 10.22.8.212 %ASA-6-302013: Built inbound TCP connection 76245552 for outside:10.22.8.92/51042 (10.22.8.92/51042) to inside:10.22.8.193/9100 (10.22.8.193/9100) (user.name)
+<166>Jan  5 16:52:36 10.22.8.41 %ASA-6-302016: Teardown UDP connection 45474680 for Outside:10.22.8.49/137(LOCAL\user.name) to Inside:10.22.8.12/137 duration 0:02:03 bytes 486 (user.name)
+<166>Jan  5 16:52:36 10.22.8.41 %ASA-6-302016: Teardown UDP connection 45474694 for Outside:10.22.8.49/138(LOCAL\user.name) to Inside:10.22.8.12/138 duration 0:02:01 bytes 184 (user.name)
+<142>Jan  5 08:52:36 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488167720 for Outside_VPN:198.111.72.75/1033 to DMZ-Inside:10.22.8.53/443 duration 0:00:01 bytes 9634 TCP FINs
+<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488165627 for Outside_VPN:170.111.72.22/27463 to DMZ-Inside:10.22.8.53/443 duration 0:00:01 bytes 9756 TCP FINs
+<166>Jan  5 08:52:32 10.22.8.216 %ASA-6-302016: Teardown UDP connection 212805854 for outside:10.22.8.62/54704(LOCAL\user.name) to inside:10.22.8.85/53 duration 0:00:00 bytes 114 (user.name)
+<166>Jan  5 09:52:32 10.22.8.12 %ASA-6-302020: Built inbound ICMP connection for faddr 207.111.72.122/0 gaddr 206.111.72.24/512 laddr 10.22.8.57/512
+<166>Jan  5 09:52:32 10.22.8.12 %ASA-6-302013: Built outbound TCP connection 17605397 for outside:69.111.72.0/80 (69.111.72.0/80) to inside:10.22.8.102/55659 (206.111.72.41/40627)
+<174>Jan  5 14:52:32 10.22.8.212 %ASA-6-302015: Built inbound UDP connection 76245230 for outside:10.22.8.96/123 (10.22.8.96/123) to inside:10.22.8.12/123 (10.22.8.12/123) (user.name)
+<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488031413 for Outside_VPN:184.111.72.216/50341 to DMZ-Inside:10.22.8.57/443 duration 0:05:01 bytes 13543 TCP Reset-O
+<166>Jan  5 16:52:32 10.22.8.41 %ASA-6-302020: Built inbound ICMP connection for faddr 10.22.8.95/1(LOCAL\user.name) gaddr 10.22.8.12/0 laddr 10.22.8.12/0 (user.name)
+<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488030393 for DMZ-Inside:[10.22.8.10/57109 to Inside-Trunk:10.22.8.128/443 duration 0:05:04 bytes 13541 TCP Reset-O
+<166>Jan  5 09:52:32 10.22.8.12 %ASA-6-305012: Teardown dynamic TCP translation from inside:10.22.8.149/62156 to outside:206.111.72.41/19576 duration 0:00:44
+<166>Jan  5 09:52:32 10.22.8.12 %ASA-6-305012: Teardown dynamic TCP translation from inside:10.22.8.149/62159 to outside:206.111.72.41/39634 duration 0:00:44
+<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488031793 for Outside_VPN:198.111.72.146/28026 to DMZ-Inside:10.22.8.53/443 duration 0:05:00 bytes 119 TCP FINs
+<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-302014: Teardown TCP connection 488030810 for DMZ-Inside:10.22.8.10/56930 to Inside-Trunk:10.22.8.128/443 duration 0:05:03 bytes 13543 TCP Reset-O
+<142>Jan  5 08:52:32 10.22.8.201 %ASA-6-106015: Deny TCP (no connection) from 186.111.72.11/80 to 204.111.72.199/61438 flags SYN ACK  on interface Outside_VPN
+<166>Jan  5 08:52:32 10.22.8.216 %ASA-6-302013: Built inbound TCP connection 212805863 for outside:10.22.8.144/61999 (10.22.8.144/61999)(LOCAL\user.name) to inside:10.22.8.163/80 (10.22.8.163/80) (user.name)
+<167>Jan  5 08:52:32 10.22.8.216 %ASA-7-609002: Teardown local-host inside:10.22.8.205 duration 0:00:00
\ No newline at end of file
diff --git a/metron-platform/metron-integration-test/src/main/sample/data/syslog5424/parsed/Syslog5424Parsed b/metron-platform/metron-integration-test/src/main/sample/data/syslog5424/parsed/Syslog5424Parsed
index e330204..ee1c6f6 100644
--- a/metron-platform/metron-integration-test/src/main/sample/data/syslog5424/parsed/Syslog5424Parsed
+++ b/metron-platform/metron-integration-test/src/main/sample/data/syslog5424/parsed/Syslog5424Parsed
@@ -1,3 +1,3 @@
-{"syslog.header.appName":"d0602076-b14a-4c55-852a-981e7afeed38","syslog.header.version":"1","syslog.header.hostName":"loggregator","original_string":"<14>1 2014-06-20T09:14:07+00:00 loggregator d0602076-b14a-4c55-852a-981e7afeed38 DEA - - Removing instance","syslog.header.facility":"1","syslog.header.msgId":"-","syslog.header.timestamp":"2014-06-20T09:14:07+00:00","syslog.message":"Removing instance","syslog.header.pri":"14","syslog.header.procId":"DEA","syslog.header.severity":"6","time [...]
-{"syslog.structuredData.exampleSDID@32480.iut":"4","syslog.structuredData.exampleSDID@32480.eventSource":"Other Application","syslog.header.hostName":"loggregator","syslog.header.facility":"1","syslog.structuredData.exampleSDID@32480.eventID":"2022","syslog.structuredData.exampleSDID@32473.eventSource":"Application","syslog.header.timestamp":"2014-06-20T09:14:08+00:00","syslog.message":"Removing instance","syslog.header.pri":"14","syslog.header.procId":"DEA","syslog.header.severity":"6", [...]
-{"syslog.structuredData.exampleSDID@32480.iut":"4","syslog.structuredData.exampleSDID@32480.eventSource":"Other Application","syslog.structuredData.exampleSDID@32474.iut":"3","syslog.structuredData.exampleSDID@32474.eventID":"1011","syslog.header.hostName":"loggregator","syslog.header.facility":"1","syslog.structuredData.exampleSDID@32480.eventID":"2022","syslog.header.timestamp":"2014-06-20T09:14:09+00:00","syslog.message":"Removing instance","syslog.header.pri":"14","syslog.header.proc [...]
\ No newline at end of file
+{"syslog.header.hostName":"loggregator","syslog.header.facility":"1","syslog.header.timestamp":"2014-06-20T09:14:07+00:00","syslog.message":"Removing instance","syslog.header.pri":"14","syslog.header.procId":"DEA","syslog.header.severity":"6","source.type":"syslog5424","syslog.header.appName":"d0602076-b14a-4c55-852a-981e7afeed38","syslog.header.version":"1","original_string":"<14>1 2014-06-20T09:14:07+00:00 loggregator d0602076-b14a-4c55-852a-981e7afeed38 DEA - - Removing instance","sys [...]
+{"syslog.structuredData.exampleSDID@32480.iut":"4","syslog.structuredData.exampleSDID@32480.eventSource":"Other Application","syslog.header.hostName":"loggregator","syslog.header.facility":"1","syslog.structuredData.exampleSDID@32480.eventID":"2022","syslog.structuredData.exampleSDID@32473.eventSource":"Application","syslog.header.timestamp":"2014-06-20T09:14:08+00:00","syslog.message":"Removing instance","syslog.header.pri":"14","syslog.header.procId":"DEA","syslog.header.severity":"6", [...]
+{"syslog.structuredData.exampleSDID@32480.iut":"4","syslog.structuredData.exampleSDID@32480.eventSource":"Other Application","syslog.structuredData.exampleSDID@32474.iut":"3","syslog.structuredData.exampleSDID@32474.eventID":"1011","syslog.header.hostName":"loggregator","syslog.header.facility":"1","syslog.structuredData.exampleSDID@32480.eventID":"2022","syslog.header.timestamp":"2014-06-20T09:14:09+00:00","syslog.message":"Removing instance","syslog.header.pri":"14","syslog.header.proc [...]
\ No newline at end of file
diff --git a/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/integration/Syslog3164ParserIntegrationTest.java b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/integration/Syslog3164ParserIntegrationTest.java
new file mode 100644
index 0000000..e1affe6
--- /dev/null
+++ b/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/integration/Syslog3164ParserIntegrationTest.java
@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.parsers.integration;
+
+import org.apache.metron.parsers.integration.validation.SampleDataValidation;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class Syslog3164ParserIntegrationTest extends ParserIntegrationTest {
+  @Override
+  String getSensorType() {
+    return "syslog3164";
+  }
+
+  @Override
+  List<ParserValidation> getValidations() {
+    return new ArrayList<ParserValidation>() {{
+      add(new SampleDataValidation());
+    }};
+  }
+}
diff --git a/metron-platform/metron-parsing/README.md b/metron-platform/metron-parsing/README.md
index 9a46532..9bbd39f 100644
--- a/metron-platform/metron-parsing/README.md
+++ b/metron-platform/metron-parsing/README.md
@@ -599,6 +599,7 @@ Java parser adapters are intended for higher-velocity topologies and are not eas
 * org.apache.metron.parsers.sourcefire.BasicSourcefireParser : Parse Sourcefire messages
 * org.apache.metron.parsers.lancope.BasicLancopeParser : Parse Lancope messages
 * org.apache.metron.parsers.syslog.Syslog5424Parser : Parse Syslog RFC 5424 messages
+* org.apache.metron.parsers.syslog.Syslog3164Parser : Parse Syslog RFC 3164 messages
 
 ### Grok Parser Adapters
 Grok parser adapters are designed primarily for someone who is not a Java coder for quickly standing up a parser adapter for lower velocity topologies.  Grok relies on Regex for message parsing, which is much slower than purpose-built Java parsers, but is more extensible.  Grok parsers are defined via a config file and the topplogy does not need to be recompiled in order to make changes to them.  Example of a Grok parsers are:
diff --git a/metron-platform/metron-parsing/metron-parsers-common/README.md b/metron-platform/metron-parsing/metron-parsers-common/README.md
index 0c5cf23..0949950 100644
--- a/metron-platform/metron-parsing/metron-parsers-common/README.md
+++ b/metron-platform/metron-parsing/metron-parsers-common/README.md
@@ -23,5 +23,6 @@ The included parsers are
 * Grok Parser
 * JSONMapParser
 * CSVParser
+* Syslog 3164 and 5424 parsers
 
 More details on these parsers and the overall architecture can be found in the metron-parsing [README](..#README.md) 
diff --git a/metron-platform/metron-parsing/metron-parsers-common/pom.xml b/metron-platform/metron-parsing/metron-parsers-common/pom.xml
index 617366a..8abc1ee 100644
--- a/metron-platform/metron-parsing/metron-parsers-common/pom.xml
+++ b/metron-platform/metron-parsing/metron-parsers-common/pom.xml
@@ -217,6 +217,11 @@
             <artifactId>json-path</artifactId>
             <version>2.3.0</version>
         </dependency>
+        <dependency>
+            <groupId>com.github.palindromicity</groupId>
+            <artifactId>simple-syslog</artifactId>
+            <version>${global_simple_syslog_version}</version>
+        </dependency>
     </dependencies>
     <build>
         <plugins>
diff --git a/metron-platform/metron-parsing/metron-parsers-common/src/main/config/zookeeper/parsers/syslog3164.json b/metron-platform/metron-parsing/metron-parsers-common/src/main/config/zookeeper/parsers/syslog3164.json
new file mode 100644
index 0000000..298e8cc
--- /dev/null
+++ b/metron-platform/metron-parsing/metron-parsers-common/src/main/config/zookeeper/parsers/syslog3164.json
@@ -0,0 +1,6 @@
+{
+  "parserClassName":"org.apache.metron.parsers.syslog.Syslog3164Parser",
+  "sensorTopic":"syslog3164",
+  "parserConfig": {
+  }
+}
\ No newline at end of file
diff --git a/metron-platform/metron-parsing/metron-parsers/src/main/config/zookeeper/parsers/syslog5424.json b/metron-platform/metron-parsing/metron-parsers-common/src/main/config/zookeeper/parsers/syslog5424.json
similarity index 100%
rename from metron-platform/metron-parsing/metron-parsers/src/main/config/zookeeper/parsers/syslog5424.json
rename to metron-platform/metron-parsing/metron-parsers-common/src/main/config/zookeeper/parsers/syslog5424.json
diff --git a/metron-platform/metron-parsing/metron-parsers/src/main/java/org/apache/metron/parsers/syslog/Syslog5424Parser.java b/metron-platform/metron-parsing/metron-parsers-common/src/main/java/org/apache/metron/parsers/syslog/BaseSyslogParser.java
similarity index 65%
rename from metron-platform/metron-parsing/metron-parsers/src/main/java/org/apache/metron/parsers/syslog/Syslog5424Parser.java
rename to metron-platform/metron-parsing/metron-parsers-common/src/main/java/org/apache/metron/parsers/syslog/BaseSyslogParser.java
index 77ebd18..c05b760 100644
--- a/metron-platform/metron-parsing/metron-parsers/src/main/java/org/apache/metron/parsers/syslog/Syslog5424Parser.java
+++ b/metron-platform/metron-parsing/metron-parsers-common/src/main/java/org/apache/metron/parsers/syslog/BaseSyslogParser.java
@@ -18,65 +18,81 @@
 
 package org.apache.metron.parsers.syslog;
 
-import com.github.palindromicity.syslog.AllowableDeviations;
-import com.github.palindromicity.syslog.NilPolicy;
 import com.github.palindromicity.syslog.SyslogParser;
-import com.github.palindromicity.syslog.SyslogParserBuilder;
 import com.github.palindromicity.syslog.dsl.SyslogFieldKeys;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.metron.parsers.DefaultMessageParserResult;
+import org.apache.metron.parsers.ParseException;
+import org.apache.metron.parsers.interfaces.MessageParser;
+import org.apache.metron.parsers.interfaces.MessageParserResult;
+import org.apache.metron.parsers.utils.SyslogUtils;
+import org.json.simple.JSONObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.Reader;
 import java.io.Serializable;
 import java.io.StringReader;
 import java.lang.invoke.MethodHandles;
+import java.time.Clock;
 import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.time.ZoneOffset;
 import java.time.format.DateTimeFormatter;
 import java.util.ArrayList;
-import java.util.EnumSet;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.metron.parsers.DefaultMessageParserResult;
-import org.apache.metron.parsers.interfaces.MessageParser;
-import org.apache.metron.parsers.interfaces.MessageParserResult;
-import org.json.simple.JSONObject;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.util.function.Consumer;
 
 
 /**
  * Parser for well structured RFC 5424 messages.
  */
-public class Syslog5424Parser implements MessageParser<JSONObject>, Serializable {
+public abstract class BaseSyslogParser implements MessageParser<JSONObject>, Serializable {
   protected static final Logger LOG = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-  public static final String NIL_POLICY_CONFIG = "nilPolicy";
+
+  private Optional<Consumer<JSONObject>> messageProcessorOptional = Optional.empty();
   private transient SyslogParser syslogParser;
 
-  @Override
-  public void configure(Map<String, Object> config) {
-    // Default to OMIT policy for nil fields
-    // this means they will not be in the returned field set
-    String nilPolicyStr = (String) config.getOrDefault(NIL_POLICY_CONFIG, NilPolicy.OMIT.name());
-    NilPolicy nilPolicy = NilPolicy.valueOf(nilPolicyStr);
-    syslogParser = new SyslogParserBuilder()
-            .withNilPolicy(nilPolicy)
-            .withDeviations(EnumSet.of(AllowableDeviations.PRIORITY,AllowableDeviations.VERSION))
-            .build();
+  protected Clock deviceClock;
+
+
+  protected void setSyslogParser(SyslogParser syslogParser) {
+    this.syslogParser = syslogParser;
   }
 
+  protected void setMessageProcessor(Consumer<JSONObject> function) {
+    this.messageProcessorOptional = Optional.of(function);
+  }
+
+  protected abstract SyslogParser buildSyslogParser( Map<String,Object> config);
+
   @Override
-  public void init() {
+  public void configure(Map<String, Object> parserConfig) {
+    // we'll pull out the clock stuff ourselves
+    String timeZone = (String) parserConfig.get("deviceTimeZone");
+    if (timeZone != null)
+      deviceClock = Clock.system(ZoneId.of(timeZone));
+    else {
+      deviceClock = Clock.systemUTC();
+      LOG.warn("[Metron] No device time zone provided; defaulting to UTC");
+    }
+    syslogParser = buildSyslogParser(parserConfig);
   }
 
   @Override
+  public void init(){}
+
+  @Override
   public boolean validate(JSONObject message) {
-    JSONObject value = message;
-    if (!(value.containsKey("original_string"))) {
+    if (!(message.containsKey("original_string"))) {
       LOG.trace("[Metron] Message does not have original_string: {}", message);
       return false;
-    } else if (!(value.containsKey("timestamp"))) {
+    } else if (!(message.containsKey("timestamp"))) {
       LOG.trace("[Metron] Message does not have timestamp: {}", message);
       return false;
     } else {
@@ -94,7 +110,7 @@ public class Syslog5424Parser implements MessageParser<JSONObject>, Serializable
       }
 
       String originalString = new String(rawMessage);
-      List<JSONObject> returnList = new ArrayList<>();
+      final List<JSONObject> returnList = new ArrayList<>();
       Map<Object,Throwable> errorMap = new HashMap<>();
       try (Reader reader = new BufferedReader(new StringReader(originalString))) {
         syslogParser.parseLines(reader, (m) -> {
@@ -102,7 +118,13 @@ public class Syslog5424Parser implements MessageParser<JSONObject>, Serializable
           // be sure to put in the original string, and the timestamp.
           // we wil just copy over the timestamp from the syslog
           jsonObject.put("original_string", originalString);
-          setTimestamp(jsonObject);
+          try {
+            setTimestamp(jsonObject);
+          } catch (ParseException pe) {
+            errorMap.put(originalString,pe);
+            return;
+          }
+          messageProcessorOptional.ifPresent((c) -> c.accept(jsonObject));
           returnList.add(jsonObject);
         },errorMap::put);
 
@@ -116,12 +138,15 @@ public class Syslog5424Parser implements MessageParser<JSONObject>, Serializable
   }
 
   @SuppressWarnings("unchecked")
-  private void setTimestamp(JSONObject message) {
+  private void setTimestamp(JSONObject message) throws ParseException {
     String timeStampString = (String) message.get(SyslogFieldKeys.HEADER_TIMESTAMP.getField());
     if (!StringUtils.isBlank(timeStampString) && !timeStampString.equals("-")) {
-      message.put("timestamp", timeStampString);
+      message.put("timestamp", SyslogUtils.parseTimestampToEpochMillis(timeStampString, deviceClock));
     } else {
-      message.put("timestamp", LocalDateTime.now().format(DateTimeFormatter.ISO_DATE_TIME));
+      message.put(
+          "timestamp",
+          LocalDateTime.now()
+              .toEpochSecond(ZoneOffset.UTC));
     }
   }
 }
diff --git a/metron-platform/metron-parsing/metron-parsers-common/src/main/java/org/apache/metron/parsers/syslog/Syslog3164Parser.java b/metron-platform/metron-parsing/metron-parsers-common/src/main/java/org/apache/metron/parsers/syslog/Syslog3164Parser.java
new file mode 100644
index 0000000..632bcfd
--- /dev/null
+++ b/metron-platform/metron-parsing/metron-parsers-common/src/main/java/org/apache/metron/parsers/syslog/Syslog3164Parser.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.metron.parsers.syslog;
+
+import com.github.palindromicity.syslog.AllowableDeviations;
+import com.github.palindromicity.syslog.SyslogParser;
+import com.github.palindromicity.syslog.SyslogParserBuilder;
+import com.github.palindromicity.syslog.SyslogSpecification;
+
+import java.io.Serializable;
+import java.util.EnumSet;
+import java.util.Map;
+
+
+/**
+ * Parser for RFC 3164 messages.
+ */
+public class Syslog3164Parser extends BaseSyslogParser implements Serializable {
+
+  @Override
+  public SyslogParser buildSyslogParser(Map<String, Object> config) {
+    return new SyslogParserBuilder()
+            .forSpecification(SyslogSpecification.RFC_3164)
+            .withDeviations(EnumSet.of(AllowableDeviations.PRIORITY, AllowableDeviations.VERSION))
+            .build();
+  }
+}
diff --git a/metron-platform/metron-parsing/metron-parsers-common/src/main/java/org/apache/metron/parsers/syslog/Syslog5424Parser.java b/metron-platform/metron-parsing/metron-parsers-common/src/main/java/org/apache/metron/parsers/syslog/Syslog5424Parser.java
new file mode 100644
index 0000000..cacb0e4
--- /dev/null
+++ b/metron-platform/metron-parsing/metron-parsers-common/src/main/java/org/apache/metron/parsers/syslog/Syslog5424Parser.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.metron.parsers.syslog;
+
+import com.github.palindromicity.syslog.AllowableDeviations;
+import com.github.palindromicity.syslog.NilPolicy;
+import com.github.palindromicity.syslog.SyslogParser;
+import com.github.palindromicity.syslog.SyslogParserBuilder;
+import com.github.palindromicity.syslog.SyslogSpecification;
+
+import java.io.Serializable;
+import java.util.EnumSet;
+import java.util.Map;
+
+
+/**
+ * Parser for well structured RFC 5424 messages.
+ */
+public class Syslog5424Parser extends BaseSyslogParser implements Serializable {
+  public static final String NIL_POLICY_CONFIG = "nilPolicy";
+
+  @Override
+  public SyslogParser buildSyslogParser(Map<String, Object> config) {
+    // Default to OMIT policy for nil fields
+    // this means they will not be in the returned field set
+    String nilPolicyStr = (String) config.getOrDefault(NIL_POLICY_CONFIG, NilPolicy.OMIT.name());
+    NilPolicy nilPolicy = NilPolicy.valueOf(nilPolicyStr);
+    return new SyslogParserBuilder()
+            .forSpecification(SyslogSpecification.RFC_5424)
+            .withNilPolicy(nilPolicy)
+            .withDeviations(EnumSet.of(AllowableDeviations.PRIORITY, AllowableDeviations.VERSION))
+            .build();
+  }
+}
+
diff --git a/metron-platform/metron-parsing/metron-parsers-common/src/test/java/org/apache/metron/parsers/syslog/Syslog3164ParserTest.java b/metron-platform/metron-parsing/metron-parsers-common/src/test/java/org/apache/metron/parsers/syslog/Syslog3164ParserTest.java
new file mode 100644
index 0000000..6e8fb40
--- /dev/null
+++ b/metron-platform/metron-parsing/metron-parsers-common/src/test/java/org/apache/metron/parsers/syslog/Syslog3164ParserTest.java
@@ -0,0 +1,187 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.metron.parsers.syslog;
+
+import com.github.palindromicity.syslog.dsl.SyslogFieldKeys;
+import org.apache.metron.parsers.interfaces.MessageParserResult;
+import org.json.simple.JSONObject;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.time.Instant;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.function.Consumer;
+
+import static org.junit.Assert.assertTrue;
+
+public class Syslog3164ParserTest {
+
+  private static final String SYSLOG_LINE_ALL = "<181>2018-09-14T00:54:09+00:00 lzpqrst-admin.in.mycompany.com.lg CISE_RADIUS_Accounting 0018032501 1 0 2018-09-14 10:54:09.095 +10:00 0221114759 3002 NOTICE Radius-Accounting: RADIUS Accounting watchdog update, ConfigVersionId=73, Device IP Address=00.00.000.0, RequestLatency=2, NetworkDeviceName=foo, User-Name=ACCOUNT-01\\\\\\\\D622322, NAS-IP-Address=00.00.000.0, NAS-Port=50742, Framed-IP-Address=00.00.000.000, Class=CACS:0A3D720400016DB [...]
+  private static final String SYSLOG_LINE_MISSING = "2018-09-14T00:54:09+00:00 lzpqrst-admin.in.mycompany.com.lg CISE_RADIUS_Accounting 0018032501 1 0 2018-09-14 10:54:09.095 +10:00 0221114759 3002 NOTICE Radius-Accounting: RADIUS Accounting watchdog update, ConfigVersionId=73, Device IP Address=00.00.000.0, RequestLatency=2, NetworkDeviceName=foo, User-Name=ACCOUNT-01\\\\\\\\D622322, NAS-IP-Address=00.00.000.0, NAS-Port=50742, Framed-IP-Address=00.00.000.000, Class=CACS:0A3D720400016DBF [...]
+  private static final String expectedMessage1 = "CISE_RADIUS_Accounting 0018032501 1 0 2018-09-14 10:54:09.095"
+          + " +10:00 0221114759 3002 NOTICE Radius-Accounting: RADIUS Accounting watchdog update, ConfigVersionId=73, "
+          + "Device IP Address=00.00.000.0, RequestLatency=2, NetworkDeviceName=foo, "
+          + "User-Name=ACCOUNT-01\\\\\\\\D622322, NAS-IP-Address=00.00.000.0, NAS-Port=50742, "
+          + "Framed-IP-Address=00.00.000.000, Class=CACS:0A3D720400016DBFE530A22E:lzpqrst/323409315/14578982, "
+          + "Called-Station-ID=00-CA-E5-B1-21-AA, Calling-Station-ID=54-E1-AD-A1-27-72, Acct-Status-Type=Interim-Update, "
+          + "Acct-Delay-Time=10, Acct-Input-Octets=379294, Acct-Output-Octets=1053336, Acct-Session-Id=00025EB8, "
+          + "Acct-Input-Packets=1657, Acct-Output-Packets=2018, Event-Timestamp=1536886439, NAS-Port-Type=Ethernet, "
+          + "NAS-Port-Id=GigabitEthernet7/0/42, cisco-av-pair=dc-profile-name=Microsoft-Workstation, "
+          + "cisco-av-pair=dc-device-name=MSFT 5.0, cisco-av-pair=dc-device-class-tag=Workstation:Microsoft-Workstation, "
+          + "cisco-av-pair=dc-certainty-metric=10, "
+          + "cisco-av-pair=dc-opaque=\\000\\000\\000\\002\\000\\000\\000\\001\\000\\000\\000\\000, "
+          + "cisco-av-pair=dc-protocol-map=9, "
+          + "cisco-av-pair=dhcp-option=pad="
+          + "1b:2e:01:08:ff:2e:01:08:ff:0a:90:84:51:0a:2c:08:0a:d0:52:31:0a:d0:5a:1b:2e:01:08:ff:2e:01:08:ff:79:f9:2b:"
+          + "ff:43:17:73:6d:73:62:6f:6f:74:5c:78:38:36:5c:77:64:73:6e:62:70:2e:63:6f:6d:00:ff:6f:6d:00:ff:00:00:00:00:00:"
+          + "00:00:00:00:00:00:00:00:00:00:00:00:00:00:22:23:54:00:00, cisco-av-pair=dhcp-option=00:ff:00:00, "
+          + "cisco-av-pair=dhcp-option=dhcp-parameter-request-list="
+          + "1\\\\, 15\\\\, 3\\\\, 6\\\\, 44\\\\, 46\\\\, 47\\\\, 31\\\\, 33\\\\, 121\\\\, 249\\\\, 43\\\\, 252,"
+          + " cisco-av-pair=dhcp-option=dhcp-class-identifier=MSFT 5.0, cisco-av-pair=dhcp-option=host-name=W00000PC0R1JC3,"
+          + " cisco-av-pair=dhcp-option=dhcp-client-identifier=01:54:e1:ad:a1:27:72,"
+          + " cisco-av-pair=dhcp-option=dhcp-message-type=8, cisco-av-pair=audit-session-id=0A3D720400016DBFE530A22E,"
+          + " cisco-av-pair=method=dot1x, AcsSessionID=lzpqrst/323409315/14579377, SelectedAccessService=PEAP_MAB,"
+          + " Step=11004, Step=11017, Step=15049, Step=15008, Step=22094, Step=11005, NetworkDeviceGroups=Stage#Deployment"
+          + " Type#Secure Mode D2, NetworkDeviceGroups=Location#All Locations#Placename#500 Exhibition St"
+          + " CompanyPlace#Level 18, NetworkDeviceGroups=Device Type#All Device Types#Access Switch#Catalyst 3850,"
+          + " NetworkDeviceGroups=Location Type#Location Type#Office, CPMSessionID=0A3D720400016DBFE530A22E,"
+          + " Stage=Stage#Deployment Type#Secure Mode D2, Location=Location#All Locations#Placename#500 Exhibition St"
+          + " CompanyPlace#Level 18, Device Type=Device Type#All Device Types#Access Switch#Catalyst 3850, Network Device"
+          + " Profile=Cisco, Location Type=Location Type#Location Type#Office";
+
+  private static final String expectedHostNameOne = "lzpqrst-admin.in.mycompany.com.lg";
+  private static final String expectedPriOne = "181";
+  private static final String expectedTimestampOne = "2018-09-14T00:54:09+00:00";
+  private static final String expectedFacilityOne = "22";
+  private static final String expectedSeverityOne = "5";
+
+  private static final String expectedHostNameTwo = "10.34.84.145";
+  private static final String expectedMessage2 = "Aug  7 00:45:43 stage-pdp01 CISE_Profiler 0000024855 1 0 "
+          + "2014-08-07 00:45:43.741 -07:00 0000288542 80002 INFO  Profiler: Profiler EndPoint profiling event occurred, "
+          + "ConfigVersionId=113, EndpointCertainityMetric=10, EndpointIPAddress=10.56.111.14, "
+          + "EndpointMacAddress=3C:97:0E:C3:F8:F1, EndpointMatchedPolicy=Nortel-Device, EndpointNADAddress=10.56.72.127, "
+          + "EndpointOUI=Wistron InfoComm(Kunshan)Co.\\,Ltd., EndpointPolicy=Nortel-Device, "
+          + "EndpointProperty=StaticAssignment=false\\,PostureApplicable=Yes\\,PolicyVersion=402\\,"
+          + "IdentityGroupID=0c1d9270-68a6-11e1-bc72-0050568e013c\\,Total Certainty Factor=10\\,"
+          + "BYODRegistration=Unknown\\,FeedService=false\\,EndPointPolicyID=49054ed0-68a6-11e1-bc72-0050568e013c\\,"
+          + "FirstCollection=1407397543718\\,MatchedPolicyID=49054ed0-68a6-11e1-bc72-0050568e013c\\,TimeToProfile=19\\,"
+          + "StaticGroupAssignment=false\\,NmapSubnetScanID=0\\,DeviceRegistrationStatus=NotRegistered\\,PortalUser=, "
+          + "EndpointSourceEvent=SNMPQuery Probe, EndpointIdentityGroup=Profiled, ProfilerServer=stage-pdp01.cisco.com,";
+  private static final String expectedPriTwo = "181";
+  private static final String expectedTimestampTwo = "Aug  6 17:26:31";
+  private static final String expectedFacilityTwo = "22";
+  private static final String expectedSeverityTwo = "5";
+
+
+  @Test
+  public void testConfigureDefault() {
+    Map<String, Object> parserConfig = new HashMap<>();
+    Syslog3164Parser testParser = new Syslog3164Parser();
+    testParser.configure(parserConfig);
+    testParser.init();
+    assertTrue(testParser.deviceClock.getZone().equals(ZoneOffset.UTC));
+  }
+
+  @Test
+  public void testConfigureTimeZoneOffset() {
+    Map<String, Object> parserConfig = new HashMap<>();
+    parserConfig.put("deviceTimeZone", "UTC-05:00");
+    Syslog3164Parser testParser = new Syslog3164Parser();
+    testParser.configure(parserConfig);
+    testParser.init();
+    ZonedDateTime deviceTime = ZonedDateTime.ofInstant(Instant.ofEpochSecond(1475323200), testParser.deviceClock.getZone());
+    ZonedDateTime referenceTime = ZonedDateTime.ofInstant(Instant.ofEpochSecond(1475323200), ZoneOffset.ofHours(-5));
+    assertTrue(deviceTime.isEqual(referenceTime));
+  }
+
+  @Test
+  public void testConfigureTimeZoneText() {
+    Map<String, Object> parserConfig = new HashMap<>();
+    parserConfig.put("deviceTimeZone", "America/New_York");
+    Syslog3164Parser testParser = new Syslog3164Parser();
+    testParser.configure(parserConfig);
+    testParser.init();
+    ZonedDateTime deviceTime = ZonedDateTime.ofInstant(Instant.ofEpochSecond(1475323200), testParser.deviceClock.getZone());
+    ZonedDateTime referenceTime = ZonedDateTime.ofInstant(Instant.ofEpochSecond(1475323200), ZoneOffset.ofHours(-5));
+    assertTrue(deviceTime.isEqual(referenceTime));
+  }
+
+  @Test
+  public void testHappyPath() {
+    test(expectedMessage1, (message) -> Assert.assertEquals(expectedHostNameOne, message.get(SyslogFieldKeys.HEADER_HOSTNAME.getField())));
+  }
+
+
+  @Test()
+  public void testNotValid() {
+    test( "not valid", (message) -> Assert.assertTrue(false));
+  }
+
+  public void test( String line, Consumer<JSONObject> msgIdChecker) {
+    Syslog3164Parser parser = new Syslog3164Parser();
+    Map<String, Object> config = new HashMap<>();
+    parser.configure(config);
+    parser.parseOptionalResult(line.getBytes());
+  }
+
+  @Test
+  public void testReadMultiLine() throws Exception {
+    Syslog3164Parser parser = new Syslog3164Parser();
+    Map<String, Object> config = new HashMap<>();
+    parser.configure(config);
+    StringBuilder builder = new StringBuilder();
+    builder
+            .append(SYSLOG_LINE_ALL)
+            .append("\n")
+            .append(SYSLOG_LINE_MISSING)
+            .append("\n")
+            .append(SYSLOG_LINE_ALL);
+    Optional<MessageParserResult<JSONObject>> resultOptional = parser.parseOptionalResult(builder.toString().getBytes());
+    Assert.assertNotNull(resultOptional);
+    Assert.assertTrue(resultOptional.isPresent());
+    List<JSONObject> parsedList = resultOptional.get().getMessages();
+    Assert.assertEquals(3,parsedList.size());
+  }
+
+  @Test
+  public void testReadMultiLineWithErrors() throws Exception {
+    Syslog3164Parser parser = new Syslog3164Parser();
+    Map<String, Object> config = new HashMap<>();
+    parser.configure(config);
+    StringBuilder builder = new StringBuilder();
+    builder
+            .append("HEREWEGO!!!!\n")
+            .append(SYSLOG_LINE_ALL)
+            .append("\n")
+            .append(SYSLOG_LINE_MISSING)
+            .append("\n")
+            .append("BOOM!\n")
+            .append(SYSLOG_LINE_ALL)
+            .append("\nOHMY!");
+    Optional<MessageParserResult<JSONObject>> output = parser.parseOptionalResult(builder.toString().getBytes());
+    Assert.assertTrue(output.isPresent());
+    Assert.assertEquals(3,output.get().getMessages().size());
+    Assert.assertEquals(3,output.get().getMessageThrowables().size());
+  }
+}
\ No newline at end of file
diff --git a/metron-platform/metron-parsing/metron-parsers/src/test/java/org/apache/metron/parsers/syslog/Syslog5424ParserTest.java b/metron-platform/metron-parsing/metron-parsers-common/src/test/java/org/apache/metron/parsers/syslog/Syslog5424ParserTest.java
similarity index 80%
rename from metron-platform/metron-parsing/metron-parsers/src/test/java/org/apache/metron/parsers/syslog/Syslog5424ParserTest.java
rename to metron-platform/metron-parsing/metron-parsers-common/src/test/java/org/apache/metron/parsers/syslog/Syslog5424ParserTest.java
index b3e4507..3c6c72f 100644
--- a/metron-platform/metron-parsing/metron-parsers/src/test/java/org/apache/metron/parsers/syslog/Syslog5424ParserTest.java
+++ b/metron-platform/metron-parsing/metron-parsers-common/src/test/java/org/apache/metron/parsers/syslog/Syslog5424ParserTest.java
@@ -25,6 +25,9 @@ import org.json.simple.JSONObject;
 import org.junit.Assert;
 import org.junit.Test;
 
+import java.time.Instant;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
 import java.util.HashMap;
 import java.util.List;
@@ -32,6 +35,8 @@ import java.util.Map;
 import java.util.Optional;
 import java.util.function.Consumer;
 
+import static org.junit.Assert.assertTrue;
+
 public class Syslog5424ParserTest {
   private static final String SYSLOG_LINE_ALL = "<14>1 2014-06-20T09:14:07+00:00 loggregator"
           + " d0602076-b14a-4c55-852a-981e7afeed38 DEA MSG-01"
@@ -66,6 +71,40 @@ public class Syslog5424ParserTest {
   private static final String expectedEventID1 = "1011";
   private static final String expectedEventID2 = "2022";
 
+
+  @Test
+  public void testConfigureDefault() {
+    Map<String, Object> parserConfig = new HashMap<>();
+    Syslog5424Parser testParser = new Syslog5424Parser();
+    testParser.configure(parserConfig);
+    testParser.init();
+    assertTrue(testParser.deviceClock.getZone().equals(ZoneOffset.UTC));
+  }
+
+  @Test
+  public void testConfigureTimeZoneOffset() {
+    Map<String, Object> parserConfig = new HashMap<>();
+    parserConfig.put("deviceTimeZone", "UTC-05:00");
+    Syslog5424Parser testParser = new Syslog5424Parser();
+    testParser.configure(parserConfig);
+    testParser.init();
+    ZonedDateTime deviceTime = ZonedDateTime.ofInstant(Instant.ofEpochSecond(1475323200), testParser.deviceClock.getZone());
+    ZonedDateTime referenceTime = ZonedDateTime.ofInstant(Instant.ofEpochSecond(1475323200), ZoneOffset.ofHours(-5));
+    assertTrue(deviceTime.isEqual(referenceTime));
+  }
+
+  @Test
+  public void testConfigureTimeZoneText() {
+    Map<String, Object> parserConfig = new HashMap<>();
+    parserConfig.put("deviceTimeZone", "America/New_York");
+    Syslog5424Parser testParser = new Syslog5424Parser();
+    testParser.configure(parserConfig);
+    testParser.init();
+    ZonedDateTime deviceTime = ZonedDateTime.ofInstant(Instant.ofEpochSecond(1475323200), testParser.deviceClock.getZone());
+    ZonedDateTime referenceTime = ZonedDateTime.ofInstant(Instant.ofEpochSecond(1475323200), ZoneOffset.ofHours(-5));
+    assertTrue(deviceTime.isEqual(referenceTime));
+  }
+
   @Test
   public void testHappyPath() {
     test(null, SYSLOG_LINE_ALL, (message) -> Assert.assertEquals(expectedMessageId, message.get(SyslogFieldKeys.HEADER_MSGID.getField())));
@@ -151,13 +190,13 @@ public class Syslog5424ParserTest {
   public void testMissingTimestamp() {
     Syslog5424Parser parser = new Syslog5424Parser();
     Map<String, Object> config = new HashMap<>();
+    String timeStampString = null;
     config.put(Syslog5424Parser.NIL_POLICY_CONFIG, NilPolicy.DASH.name());
     parser.configure(config);
     Optional<MessageParserResult<JSONObject>> output  = parser.parseOptionalResult(SYSLOG_LINE_MISSING_DATE.getBytes());
     Assert.assertNotNull(output);
     Assert.assertTrue(output.isPresent());
-    String timeStampString = output.get().getMessages().get(0).get("timestamp").toString();
-    DateTimeFormatter.ISO_DATE_TIME.parse(timeStampString);
+    Assert.assertNotNull(output.get().getMessages().get(0).get("timestamp").toString());
     config.clear();
     config.put(Syslog5424Parser.NIL_POLICY_CONFIG, NilPolicy.NULL.name());
     parser.configure(config);
@@ -165,8 +204,7 @@ public class Syslog5424ParserTest {
     Assert.assertNotNull(output);
     Assert.assertTrue(output.isPresent());
     timeStampString = output.get().getMessages().get(0).get("timestamp").toString();
-    DateTimeFormatter.ISO_DATE_TIME.parse(timeStampString);
-
+    Assert.assertNotNull(timeStampString);
     config.clear();
     config.put(Syslog5424Parser.NIL_POLICY_CONFIG, NilPolicy.OMIT.name());
     parser.configure(config);
@@ -174,8 +212,5 @@ public class Syslog5424ParserTest {
     output = parser.parseOptionalResult(SYSLOG_LINE_MISSING_DATE.getBytes());
     Assert.assertNotNull(output);
     Assert.assertTrue(output.isPresent());
-
-    timeStampString = output.get().getMessages().get(0).get("timestamp").toString();
-    DateTimeFormatter.ISO_DATE_TIME.parse(timeStampString);
   }
 }
\ No newline at end of file
diff --git a/metron-platform/metron-parsing/metron-parsers/README.md b/metron-platform/metron-parsing/metron-parsers/README.md
index 98e0094..aac66b0 100644
--- a/metron-platform/metron-parsing/metron-parsers/README.md
+++ b/metron-platform/metron-parsing/metron-parsers/README.md
@@ -29,7 +29,6 @@ The included parsers are:
 * PaloAlto
 * Snort
 * Sourcefire
-* Syslog
 * Websphere
 
 The basic parsers and their details can be found at [README](../metron-parsers-common#README.md).
diff --git a/metron-platform/metron-parsing/metron-parsers/pom.xml b/metron-platform/metron-parsing/metron-parsers/pom.xml
index d8b6825..c3f5d30 100644
--- a/metron-platform/metron-parsing/metron-parsers/pom.xml
+++ b/metron-platform/metron-parsing/metron-parsers/pom.xml
@@ -64,11 +64,6 @@
       </exclusions>
     </dependency>
     <dependency>
-      <groupId>com.github.palindromicity</groupId>
-      <artifactId>simple-syslog-5424</artifactId>
-      <version>${global_simple_syslog_version}</version>
-    </dependency>
-    <dependency>
       <groupId>org.apache.metron</groupId>
       <artifactId>metron-parsers-common</artifactId>
       <version>${project.parent.version}</version>
diff --git a/metron-platform/metron-parsing/metron-parsing-storm/src/main/resources/META-INF/NOTICE b/metron-platform/metron-parsing/metron-parsing-storm/src/main/resources/META-INF/NOTICE
index c773ab7..767d1ac 100644
--- a/metron-platform/metron-parsing/metron-parsing-storm/src/main/resources/META-INF/NOTICE
+++ b/metron-platform/metron-parsing/metron-parsing-storm/src/main/resources/META-INF/NOTICE
@@ -37,4 +37,10 @@ Copyright 2006-2011 Google, Inc.
        Apache Software Foundation that were originally developed at iClick, Inc.,
        software copyright (c) 1999.
 
+ (ASLv2) simple-syslog
+    The following NOTICE information applies:
 
+        simple-syslog
+        https://github.com/palindromicity/simple-syslog
+
+        Copyright 2018 simple-syslog authors.
diff --git a/pom.xml b/pom.xml
index c352813..ab9dfa4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -121,7 +121,7 @@
         <global_reflections_version>0.9.10</global_reflections_version>
         <global_checkstyle_version>8.0</global_checkstyle_version>
         <global_log4j_core_version>2.1</global_log4j_core_version>
-        <global_simple_syslog_version>0.0.9</global_simple_syslog_version>
+        <global_simple_syslog_version>0.0.1</global_simple_syslog_version>
         <global_spark_version>2.3.1</global_spark_version>
         <global_httpclient_version>4.3.2</global_httpclient_version>
         <global_aesh_version>0.66.19</global_aesh_version>


Mime
View raw message