Parser override for RSA ClearTrust timestamp issue

Document created by deathbywedgie on Dec 21, 2011
Version 1Show Document
  • View in full screen mode

We recently discovered that the native parser for RSA ClearTrust has a typo in it for the timestamp definition... it uses lowercase "m" for both the month and minute in the timestamp, so the month is always wrong in deviceReceiptTime, endTime, etc. As a workaround until ArcSight resolves this issue in a future connector release I have created a parser override (attached).

 

To use this override:

 

  1. Go to the ../current/user/agent/ folder and create a subfolder called "cleartrust_file"
  2. Place this file (the parser override) into the newly created "cleartrust_file" folder
  3. Restart the connector


That's all there is to it.

Outcomes