Fixes for new 7.10 rsa2elk datasets #21240
Merged
Commits on Sep 23, 2020
-
Fix bad unicode character used in juniper/netscreen
Some parsers from netwitness wrongly use ’ XML entity as a quote character. This entity translates to UNICODE codepoint U+0092 (PRIVATE USE 2), which is not printable and can cause problems. My understanding is that this is the result of either: - Device logs are encoded in the windows-1252 codepage, or - Log parsers originally written in windows-1252 codepage. In this codepage, \x92 represents a quotation mark similar to the ASCII \x27 single quotation mark ('). I believe someone misunderstood XML's &#xNNN entity as escaping a byte value, instead of a UNICODE codepoint. As it is unclear if the original logs contain this special quote, or it's the result of writting the parsers in a Windows editor, it's better to replace it's usage with empty captures that skip over this quote. -
Update pipelines for new 7.10 rsa2elk datasets
The original pipelines had been generated with some debugging comments in them, which made them much larger than necessary.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.