Skip to content

Commit

Permalink
[cisco_ios] Fix FQDN parsing (elastic#11731)
Browse files Browse the repository at this point in the history
* [cisco_ios] Fix FQDN parsing

* Update changelog PR number
  • Loading branch information
aleksmaus authored Nov 18, 2024
1 parent f87f02e commit 70b41e1
Show file tree
Hide file tree
Showing 14 changed files with 62 additions and 11 deletions.
5 changes: 5 additions & 0 deletions packages/cisco_ios/changelog.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.28.1"
changes:
- description: Fix FQDN parsing.
type: bugfix
link: https://github.com/elastic/integrations/pull/11731
- version: "1.28.0"
changes:
- description: Add support for ISO 8601 timestamps.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -525,4 +525,4 @@
]
}
]
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -364,4 +364,4 @@
]
}
]
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -1681,4 +1681,4 @@
]
}
]
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -125,4 +125,4 @@
]
}
]
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -747,4 +747,4 @@
]
}
]
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
<189>Oct 16 07:41:48 foo-bar-host.foo.bar.gov 157475316: *Oct 16 2024 07:39:09.425 UTC: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface GigabitEthernet1/0/13, new MAC address (0015.5d9c.3d01) is seen.AuditSessionID Unassigned
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
{
"expected": [
{
"@timestamp": "2024-10-16T07:39:09.425Z",
"cisco": {
"ios": {
"facility": "AUTHMGR",
"sequence": "157475316"
}
},
"ecs": {
"version": "8.11.0"
},
"event": {
"category": [
"network"
],
"code": "SECURITY_VIOLATION",
"original": "<189>Oct 16 07:41:48 foo-bar-host.foo.bar.gov 157475316: *Oct 16 2024 07:39:09.425 UTC: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface GigabitEthernet1/0/13, new MAC address (0015.5d9c.3d01) is seen.AuditSessionID Unassigned",
"provider": "firewall",
"sequence": 157475316,
"severity": 5,
"type": [
"info"
]
},
"log": {
"level": "notification",
"syslog": {
"hostname": "foo-bar-host.foo.bar.gov",
"priority": 189
}
},
"message": "Security violation on the interface GigabitEthernet1/0/13, new MAC address (0015.5d9c.3d01) is seen.AuditSessionID Unassigned",
"observer": {
"product": "IOS",
"type": "firewall",
"vendor": "Cisco"
},
"tags": [
"preserve_original_event"
]
}
]
}
Original file line number Diff line number Diff line change
Expand Up @@ -723,4 +723,4 @@
]
}
]
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -714,4 +714,4 @@
]
}
]
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -43,4 +43,4 @@
]
}
]
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,4 @@
]
}
]
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ processors:
CISCO_TIMESTAMP: '[*]?%{CISCOTIMESTAMP_EX:_temp_.cisco_timestamp}(?: %{CISCO_TZ:_temp_.tz})?'
CISCOTIMESTAMP_EX: '(%{CISCOTIMESTAMP})|(%{YEAR} %{MONTH} %{MONTHDAY} %{TIME})'
CISCO_UPTIME: '[0-9a-zA-Z]+'
CISCO_HOSTNAME: '[a-zA-Z][0-9a-zA-Z_-]{0,61}[0-9a-zA-Z]?'
CISCO_HOSTNAME: '[a-zA-Z][.0-9a-zA-Z_-]{0,253}[0-9a-zA-Z]?'
CISCO_TZ: '[a-zA-Z]{1,4}([+-]\d{1,2}|[+-]\d{2}:\d{2})?'
- grok:
field: _temp_.message
Expand Down
2 changes: 1 addition & 1 deletion packages/cisco_ios/manifest.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: "3.0.3"
name: cisco_ios
title: Cisco IOS
version: "1.28.0"
version: "1.28.1"
description: Collect logs from Cisco IOS with Elastic Agent.
type: integration
categories:
Expand Down

0 comments on commit 70b41e1

Please sign in to comment.