Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

junipersrx-module initial release #20017

Merged
merged 15 commits into from
Oct 6, 2020
Merged

Conversation

StefanSa
Copy link
Contributor

What does this PR do?

This PR Introduces the JuniperSRX filebeat module. Focusing currently on JuniperSRX Firewall, but should include other Juniper products as separate PR's later on.

Why is it important?

Adding more supported products to the filebeat portfolio.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

INTEGRATION_TESTS=1 BEAT_STRICT_PERMS=false TESTING_FILEBEAT_MODULES=junipersrx nosetests -v -s tests/system/test_xpack_modules.py

@elasticmachine
Copy link
Collaborator

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

1 similar comment
@elasticmachine
Copy link
Collaborator

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jul 17, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jul 20, 2020
@andrewkroh andrewkroh added the Filebeat Filebeat label Jul 20, 2020
@P1llus
Copy link
Member

P1llus commented Aug 6, 2020

This is an initial community review that Stefan has shared that I will be helping out with

@elasticmachine
Copy link
Collaborator

elasticmachine commented Aug 6, 2020

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #20017 updated]

  • Start Time: 2020-10-06T07:42:14.487+0000

  • Duration: 63 min 44 sec

Test stats 🧪

Test Results
Failed 0
Passed 4416
Skipped 564
Total 4980

@P1llus
Copy link
Member

P1llus commented Sep 3, 2020

Jenkins test this please

1 similar comment
@P1llus
Copy link
Member

P1llus commented Sep 8, 2020

Jenkins test this please

@adriansr
Copy link
Contributor

I've removed some fields under juniper.srx that were unused because the pipeline will rename them into ECS fields. Now it's below the 1MB index-pattern limit (just a few bytes left though)

@P1llus
Copy link
Member

P1llus commented Oct 5, 2020

Jenkins test this please

@marc-gr marc-gr merged commit 6c0a786 into elastic:master Oct 6, 2020
@marc-gr marc-gr added the v7.10.0 label Oct 6, 2020
marc-gr pushed a commit to marc-gr/beats that referenced this pull request Oct 6, 2020
* junipersrx-module initial release

* stashing changes for later

* Initial MVP release ready for review

* updating a comment in pipeline.yml

* updating filebeat.reference.yml

* Small fix for docs

* Fix parsing of juniper.srx.timestamp

* Fix bad samples

* Remove some fields to make the index-pattern smaller

* Missing update

* Fix var.tags and disable_host when forwarded

* Add related fields

* Add changelog entry

* Remove unused file

Co-authored-by: StefanSa <StefanSa@users.noreply.github.com>
Co-authored-by: P1llus <pillus@chasenet.org>
Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com>
(cherry picked from commit 6c0a786)
marc-gr added a commit that referenced this pull request Oct 6, 2020
* junipersrx-module initial release

* stashing changes for later

* Initial MVP release ready for review

* updating a comment in pipeline.yml

* updating filebeat.reference.yml

* Small fix for docs

* Fix parsing of juniper.srx.timestamp

* Fix bad samples

* Remove some fields to make the index-pattern smaller

* Missing update

* Fix var.tags and disable_host when forwarded

* Add related fields

* Add changelog entry

* Remove unused file

Co-authored-by: StefanSa <StefanSa@users.noreply.github.com>
Co-authored-by: P1llus <pillus@chasenet.org>
Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com>
(cherry picked from commit 6c0a786)

Co-authored-by: StefanSa <6105075+StefanSa@users.noreply.github.com>
v1v added a commit to v1v/beats that referenced this pull request Oct 6, 2020
* upstream/master:
  [CI] Setup git config globally (elastic#21562)
  docs: update generate_fields_docs.py (elastic#21359)
  Add support for additional fields from V2 ALB logs (elastic#21540)
  Move Prometheus query & remote_write to GA (elastic#21507)
  feat: add a new step to run the e2e tests for certain parts of Beats (elastic#21100)
  [Elastic Agent] Add elastic agent ID and version to events from filebeat and metricbeat. (elastic#21543)
  Release cloudfoundry input and processor as GA (elastic#21525)
  [Packetbeat] New SIP protocol (elastic#21221)
  [Filebeat][New Module] Add support for Microsoft MTP / 365 Defender (elastic#21446)
  [Beats][pytest] Asserting if filebeat logs include errors (elastic#20999)
  junipersrx-module initial release (elastic#20017)
  Add a persistent cache for cloudfoundry metadata based on badger (elastic#20775)
  Add missing changelog entry for cisco umbrella (elastic#21550)
  [Elastic Agent] Add upgrade CLI to initiate upgrade of Agent locally (elastic#21425)
  Enable filestream input (elastic#21533)
  Add filestream input reader (elastic#21481)
  [CI] fix 'no matches found within 10000' (elastic#21466)
  Fix billing.go aws.GetStartTimeEndTime (elastic#21531)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants