Cherry-pick #19375 to 7.x: [Filebeat] Pass-thru other panw.panos log types

[andrewkroh]

Cherry-pick of PR #19375 to 7.x branch. Original message:

What does this PR do?

This removes the drop processor from the ingest node pipeline that drops events other than THREAT and TRAFFIC.
This way we can retain the other log data but don't necessarily handle the parsing of it.

Why is it important?

We want to keep data from panos even if the messages are not explicitly handled by the module. The data may not have all the ECS mappings, but at least it won't be lost. #15603 tracks adding parsing support for additional message types.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

• Closes [Filebeat] PANW Module - Pass-through other log types #16815

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)

[elasticmachine]

❕ Build Aborted

Either there was a build timeout or someone aborted the build.'}

Expand to view the summary

Build stats

• Build Cause: [Pull request #19473 updated]

• Start Time: 2020-07-14T18:28:40.607+0000

• Duration: 128 min 21 sec

Test stats 🧪

Test	Results
Failed	0
Passed	2201
Skipped	385
Total	2586

Log output

Expand to view the last 100 lines of log output

[2020-07-14T19:56:15.286Z] + '[' -f metricbeat/build/coverage/full.cov ']'
[2020-07-14T19:56:15.286Z] + for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat
[2020-07-14T19:56:15.286Z] + FILE=packetbeat/build/coverage/full.cov
[2020-07-14T19:56:15.286Z] + '[' -f packetbeat/build/coverage/full.cov ']'
[2020-07-14T19:56:15.286Z] + for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat
[2020-07-14T19:56:15.286Z] + FILE=winlogbeat/build/coverage/full.cov
[2020-07-14T19:56:15.286Z] + '[' -f winlogbeat/build/coverage/full.cov ']'
[2020-07-14T19:56:15.286Z] + for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat
[2020-07-14T19:56:15.286Z] + FILE=journalbeat/build/coverage/full.cov
[2020-07-14T19:56:15.286Z] + '[' -f journalbeat/build/coverage/full.cov ']'
[2020-07-14T19:56:16.443Z] Post stage
[2020-07-14T19:56:16.450Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19473/src/github.com/elastic/beats
[2020-07-14T19:56:17.284Z] Starting "default"...
[2020-07-14T19:56:17.284Z] Machine "default" is already running.
[2020-07-14T19:57:58.295Z] Error checking TLS connection: ssh command error:
[2020-07-14T19:57:58.295Z] command : ip addr show
[2020-07-14T19:57:58.295Z] err     : exit status 255
[2020-07-14T19:57:58.295Z] output  : 
[2020-07-14T19:57:58.295Z] Client: Docker Engine - Community
[2020-07-14T19:57:58.295Z]  Version:           19.03.1
[2020-07-14T19:57:58.295Z]  API version:       1.40
[2020-07-14T19:57:58.295Z]  Go version:        go1.12.5
[2020-07-14T19:57:58.295Z]  Git commit:        74b1e89
[2020-07-14T19:57:58.295Z]  Built:             Thu Jul 25 21:18:17 2019
[2020-07-14T19:57:58.295Z]  OS/Arch:           darwin/amd64
[2020-07-14T19:57:58.295Z]  Experimental:      false
[2020-07-14T19:57:58.295Z] Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
[2020-07-14T19:57:58.296Z] It requires Docker daemon to be installed and running
[2020-07-14T20:36:19.597Z] Cancelling nested steps due to timeout
[2020-07-14T20:36:19.602Z] ...........Sending interrupt signal to process
[2020-07-14T20:36:21.992Z] Sending interrupt signal to process
[2020-07-14T20:36:36.933Z] failed to run compiled magefile: signal: terminated
[2020-07-14T20:36:36.940Z] script returned exit code 255
[2020-07-14T20:36:37.008Z] Recording test results
[2020-07-14T20:36:38.571Z] Stashed 3 file(s)
[2020-07-14T20:36:38.580Z] Archiving artifacts
[2020-07-14T20:36:39.447Z] + curl -sSLo codecov https://codecov.io/bash
[2020-07-14T20:36:39.706Z] + FILE=auditbeat/build/coverage/full.cov
[2020-07-14T20:36:39.706Z] + [ -f auditbeat/build/coverage/full.cov ]
[2020-07-14T20:36:39.706Z] + FILE=filebeat/build/coverage/full.cov
[2020-07-14T20:36:39.706Z] + [ -f filebeat/build/coverage/full.cov ]
[2020-07-14T20:36:39.706Z] + FILE=heartbeat/build/coverage/full.cov
[2020-07-14T20:36:39.706Z] + [ -f heartbeat/build/coverage/full.cov ]
[2020-07-14T20:36:39.706Z] + FILE=libbeat/build/coverage/full.cov
[2020-07-14T20:36:39.706Z] + [ -f libbeat/build/coverage/full.cov ]
[2020-07-14T20:36:39.706Z] + FILE=metricbeat/build/coverage/full.cov
[2020-07-14T20:36:39.706Z] + [ -f metricbeat/build/coverage/full.cov ]
[2020-07-14T20:36:39.706Z] + FILE=packetbeat/build/coverage/full.cov
[2020-07-14T20:36:39.706Z] + [ -f packetbeat/build/coverage/full.cov ]
[2020-07-14T20:36:39.706Z] + FILE=winlogbeat/build/coverage/full.cov
[2020-07-14T20:36:39.706Z] + [ -f winlogbeat/build/coverage/full.cov ]
[2020-07-14T20:36:39.706Z] + FILE=journalbeat/build/coverage/full.cov
[2020-07-14T20:36:39.706Z] + [ -f journalbeat/build/coverage/full.cov ]
[2020-07-14T20:36:40.984Z] Failed in branch Filebeat x-pack
[2020-07-14T20:36:41.112Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19473/src/github.com/elastic/beats
[2020-07-14T20:36:41.422Z] + find . -type f -name TEST*.xml -path */build/* -delete
[2020-07-14T20:36:41.434Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19473/src/github.com/elastic/beats/Lint
[2020-07-14T20:36:41.515Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19473/src/github.com/elastic/beats/Filebeat-x-pack-Windows
[2020-07-14T20:36:41.587Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19473/src/github.com/elastic/beats/Filebeat-x-pack-Mac-OS-X
[2020-07-14T20:36:41.666Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19473/src/github.com/elastic/beats/Filebeat-x-pack
[2020-07-14T20:36:42.026Z] + cat
[2020-07-14T20:36:42.026Z] + /usr/local/bin/runbld ./runbld-script
[2020-07-14T20:36:42.026Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-07-14T20:36:48.619Z] runbld>>> runbld started
[2020-07-14T20:36:48.619Z] runbld>>> 1.6.12/f45d832f2ba0aa2722ab4ec1fda8ad140f027f8b
[2020-07-14T20:36:50.007Z] runbld>>> The following profiles matched the job 'Beats/beats/PR-19473' in order of occurrence in the config (last value wins).
[2020-07-14T20:36:51.397Z] runbld>>> Debug logging enabled.
[2020-07-14T20:36:51.397Z] runbld>>> Storing result
[2020-07-14T20:36:51.660Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-07-14T20:36:51.660Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200714203651-A6B11C31
[2020-07-14T20:36:51.660Z] runbld>>> Adding system facts.
[2020-07-14T20:36:52.606Z] runbld>>> Adding vcs info for the latest commit:  f19ac0f1d49adf71e09cca38e4707640213a1726
[2020-07-14T20:36:52.606Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-07-14T20:36:52.606Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-07-14T20:36:52.606Z] + echo 'Processing JUnit reports with runbld...'
[2020-07-14T20:36:52.606Z] Processing JUnit reports with runbld...
[2020-07-14T20:36:52.870Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-07-14T20:36:52.870Z] runbld>>> DURATION: 35ms
[2020-07-14T20:36:52.870Z] runbld>>> STDOUT: 40 bytes
[2020-07-14T20:36:52.870Z] runbld>>> STDERR: 49 bytes
[2020-07-14T20:36:52.870Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-07-14T20:36:52.870Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats_PR-19473/src/github.com/elastic/beats
[2020-07-14T20:36:53.818Z] runbld>>> Storing build metadata: 
[2020-07-14T20:36:53.818Z] runbld>>> Adding test report.
[2020-07-14T20:36:53.818Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats_PR-19473/src/github.com/elastic/beats
[2020-07-14T20:36:54.765Z] runbld>>> Found 7 test output files
[2020-07-14T20:36:55.339Z] runbld>>> Test output logs contained: Errors: 0 Failures: 0 Tests: 2586 Skipped: 363
[2020-07-14T20:36:55.339Z] runbld>>> Storing result
[2020-07-14T20:36:55.339Z] runbld>>> FAILURES: 0
[2020-07-14T20:36:55.601Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-07-14T20:36:55.601Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200714203651-A6B11C31
[2020-07-14T20:36:55.862Z] runbld>>> Email notification disabled by environment variable.
[2020-07-14T20:36:55.862Z] runbld>>> Slack notification disabled by environment variable.
[2020-07-14T20:37:01.409Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats_PR-19473
[2020-07-14T20:37:01.514Z] [INFO] getVaultSecret: Getting secrets
[2020-07-14T20:37:01.592Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-07-14T20:37:02.328Z] + chmod 755 generate-build-data.sh
[2020-07-14T20:37:02.328Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19473/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19473/runs/5 ABORTED 7701461
[2020-07-14T20:37:02.328Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19473/runs/5/steps/?limit=10000 -o steps-info.json
[2020-07-14T20:37:02.578Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19473/runs/5/tests/?status=FAILED -o tests-errors.json

[adriansr]

LGTM, please correct changelog

[adriansr]

Extra changelog entry

[andrewkroh]

The python integration tests timed-out. It's passing locally.