-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Filebeat - Cisco ASA Module rejected messages #14034
Comments
This patch makes the Cisco ASA and FTD ingest pipeline handle the case where a domain name is found for a field where an IP is expected according to the documentation. To do so it follows ECS guidelines, setting .address to be the raw value and .ip or .domain from it, depending if it's a valid IP address or not. Fixes elastic#14034
This patch makes the Cisco ASA and FTD ingest pipeline handle the case where a domain name is found for a field where an IP is expected according to the documentation. To do so it follows ECS guidelines, setting .address to be the raw value and .ip or .domain from it, depending if it's a valid IP address or not. Fixes #14034
This patch makes the Cisco ASA and FTD ingest pipeline handle the case where a domain name is found for a field where an IP is expected according to the documentation. To do so it follows ECS guidelines, setting .address to be the raw value and .ip or .domain from it, depending if it's a valid IP address or not. Fixes elastic#14034 (cherry picked from commit a678bc9)
…d domain names (#14040) This patch makes the Cisco ASA and FTD ingest pipeline handle the case where a domain name is found for a field where an IP is expected according to the documentation. To do so it follows ECS guidelines, setting .address to be the raw value and .ip or .domain from it, depending if it's a valid IP address or not. Fixes #14034 (cherry picked from commit a678bc9)
Same here for field [source.nat.ip]. Filebeat Version 7.5.2
|
Anything new here? Still waiting for a fix. Currently using Version 7.6.2 |
…expected domain names (elastic#14040) This patch makes the Cisco ASA and FTD ingest pipeline handle the case where a domain name is found for a field where an IP is expected according to the documentation. To do so it follows ECS guidelines, setting .address to be the raw value and .ip or .domain from it, depending if it's a valid IP address or not. Fixes elastic#14034 (cherry picked from commit 9f20d7c)
Elasticsearch is refusing to index certain documents that ASA's may generate.
The raw message is here:
The reason for this happening I believe is due to the parsing rule for 106100.
I wonder if we can add an option to capture the name field to the dissect message?
The text was updated successfully, but these errors were encountered: