Infoblox nios wrong syslog parsing #23272
Comments
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
adriansr
added a commit
to adriansr/beats
that referenced
this issue
Dec 23, 2020
This reorders the syslog headers parsers for the infoblox/nios dataset so that the simpler header is picked up first. Otherwise it will fail to properly parse logs. Fixes elastic#23272
2 tasks
adriansr
added a commit
that referenced
this issue
Dec 28, 2020
* Reorder headers for infoblox module This reorders the syslog headers parsers for the infoblox/nios dataset so that the simpler header is picked up first. Otherwise it will fail to properly parse logs. Fixes #23272 * Changelog entry
adriansr
added a commit
to adriansr/beats
that referenced
this issue
Dec 28, 2020
* Reorder headers for infoblox module This reorders the syslog headers parsers for the infoblox/nios dataset so that the simpler header is picked up first. Otherwise it will fail to properly parse logs. Fixes elastic#23272 * Changelog entry (cherry picked from commit 27d0f08)
2 tasks
adriansr
added a commit
to adriansr/beats
that referenced
this issue
Dec 28, 2020
* Reorder headers for infoblox module This reorders the syslog headers parsers for the infoblox/nios dataset so that the simpler header is picked up first. Otherwise it will fail to properly parse logs. Fixes elastic#23272 * Changelog entry (cherry picked from commit 27d0f08)
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For confirmed bugs, please report:
The infoblox/nios dataset can't parse logs in the following format:
It works if a hostname is added before the IP address:
This is due the conflicting ordering of headers in the original device parser:
https://github.com/adriansr/nwdevice2filebeat/blob/1c1d0f6610f5d0e7b859dd4c81130012a49dcafb/devices/infobloxnios/infobloxniosmsg.xml#L12-L20
The text was updated successfully, but these errors were encountered: