Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regression to #19627 for Security Events with Source IP "LOCAL" #34263

Closed
MakoWish opened this issue Jan 14, 2023 · 2 comments · Fixed by #34295
Closed

Regression to #19627 for Security Events with Source IP "LOCAL" #34263

MakoWish opened this issue Jan 14, 2023 · 2 comments · Fixed by #34295

Comments

@MakoWish
Copy link
Contributor

There is a regression to #19627 in Winlogbeat versions 8.x after moving from .js parsing to Ingest Pipeline.

  • Version: 8.x
  • Operating System: Windows (all)
  • Steps to Reproduce: Install Winlogbeat and monitor console output for failure to ingest do to source.ip: "LOCAL" or source.ip: "Unknown" not being valid IP addresses.

I have submit PR #34252 which would validate "LOCAL" to a valid and synonymous IP "127.0.0.1". Values of "Unknown" would be skipped from being copied to source.ip.

Eric
@MakoWish MakoWish changed the title Regression to [#19627](https://github.com/elastic/beats/issues/19627) for Security Events with Source IP "LOCAL" Regression to #19627 for Security Events with Source IP "LOCAL" Jan 14, 2023
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jan 14, 2023
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Mar 20, 2023
@efd6
Copy link
Contributor

efd6 commented Mar 20, 2023

This was fixed by #34295 which incorrectly marks itself as fixing #19627.

@MakoWish Please comment here if you believe this is incorrect.

@efd6 efd6 closed this as completed Mar 20, 2023
@MakoWish MakoWish mentioned this issue Mar 21, 2023
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Validate Source IP "LOCAL" or "Unknown" in Windows Security Logs MakoWish/beats
4 participants
@P1llus @elasticmachine @MakoWish @efd6