Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Filebeat][Cisco ASA] log enhancement and performance #24744

Merged
merged 23 commits into from
Apr 19, 2021
Merged

[Filebeat][Cisco ASA] log enhancement and performance #24744

merged 23 commits into from
Apr 19, 2021

Commits on Aug 27, 2020

  1. ecs fix - more message pattern 

    - Fixed some ECS issues

- added anchors on grok patterns for performance

- added messages:
-------------------------
434004
434002
713905
750002
750003
110002
419002
602304
602303
713120
713202
713901
713904
713906
713905
-------------------------

- with the messages pattern added also this commit add four new event action types in the script that mapped event actions to the event.kind/category/type

- added set processor for adding outcome, action and protocol if necessary for the new messages
    @pcosic
    pcosic committed Aug 27, 2020
    Configuration menu
    Copy the full SHA
    769af9d View commit details
    Browse the repository at this point in the history

Commits on Aug 31, 2020

  1. Update asa-ftd-pipeline.yml

    @pcosic
    pcosic authored Aug 31, 2020
    Configuration menu
    Copy the full SHA
    8e0491e View commit details
    Browse the repository at this point in the history

Commits on Sep 2, 2020

  1. Update asa-ftd-pipeline.yml 

    fix parsing error
and add enhancements
    @pcosic
    pcosic authored Sep 2, 2020
    Configuration menu
    Copy the full SHA
    b13af6e View commit details
    Browse the repository at this point in the history

  2. Update asa-ftd-pipeline.yml 

    fix 602303
    @pcosic
    pcosic authored Sep 2, 2020
    Configuration menu
    Copy the full SHA
    eafaae2 View commit details
    Browse the repository at this point in the history

Commits on Sep 8, 2020

  1. testing for PR and some minor fixes

    @pcosic
    pcosic committed Sep 8, 2020
    Configuration menu
    Copy the full SHA
    40814cc View commit details
    Browse the repository at this point in the history

Commits on Sep 18, 2020

  1. commit for requested changes

    @pcosic
    pcosic committed Sep 18, 2020
    Configuration menu
    Copy the full SHA
    b992fcd View commit details
    Browse the repository at this point in the history

  2. newline

    @pcosic
    pcosic committed Sep 18, 2020
    Configuration menu
    Copy the full SHA
    5386064 View commit details
    Browse the repository at this point in the history

Commits on Oct 20, 2020

  1. test

    @pcosic
    pcosic committed Oct 20, 2020
    Configuration menu
    Copy the full SHA
    1775792 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'master' into ingestCiscoMessagePattern

    @pcosic
    pcosic committed Oct 20, 2020
    Configuration menu
    Copy the full SHA
    14aebc0 View commit details
    Browse the repository at this point in the history

  3. make test commit 

    commit after running tests.
    @pcosic
    pcosic committed Oct 20, 2020
    Configuration menu
    Copy the full SHA
    029083f View commit details
    Browse the repository at this point in the history

Commits on Oct 21, 2020

  1. Fix parsing on 106014 with an additional ${SPACE} in grok pattern, so… 

    … space in between is optional in log message
    @pcosic
    pcosic committed Oct 21, 2020
    Configuration menu
    Copy the full SHA
    e398834 View commit details
    Browse the repository at this point in the history

Commits on Oct 30, 2020

  1. fixed 106014 finally 

    This fixing finally 106014.
We have, afaik, two options. Use IPORHOST to not match '(type' or using '(?<destination.address>[^ (]*)' so we only dispense on space or '(' for the case destination.address is weird.
NOTSPACE is not work in this case.
    @pcosic
    pcosic committed Oct 30, 2020
    Configuration menu
    Copy the full SHA
    1e9da38 View commit details
    Browse the repository at this point in the history

  2. Merge remote-tracking branch 'upstream/master' into ingestCiscoMessag… 

    …ePattern
    @pcosic
    pcosic committed Oct 30, 2020
    Configuration menu
    Copy the full SHA
    e664cd6 View commit details
    Browse the repository at this point in the history

  3. after test commit

    @pcosic
    pcosic committed Oct 30, 2020
    Configuration menu
    Copy the full SHA
    babe7b5 View commit details
    Browse the repository at this point in the history

Commits on Dec 17, 2020

  1. Merge remote-tracking branch 'upstream/master' into ingestCiscoMessag… 

    …ePattern
    @pcosic
    pcosic committed Dec 17, 2020
    Configuration menu
    Copy the full SHA
    faf2659 View commit details
    Browse the repository at this point in the history

  2. Test after merge

    @pcosic
    pcosic committed Dec 17, 2020
    Configuration menu
    Copy the full SHA
    763132e View commit details
    Browse the repository at this point in the history

Commits on Mar 24, 2021

  1. Merge branch 'ingestCiscoMessagePattern' of https://github.com/evoila… 

    …/beats into evoila-ingestCiscoMessagePattern
    @andrewkroh
    andrewkroh committed Mar 24, 2021
    Configuration menu
    Copy the full SHA
    195e645 View commit details
    Browse the repository at this point in the history

  2. Update generated

    @andrewkroh
    andrewkroh committed Mar 24, 2021
    Configuration menu
    Copy the full SHA
    24aef0f View commit details
    Browse the repository at this point in the history

  3. Add changelog

    @andrewkroh
    andrewkroh committed Mar 24, 2021
    Configuration menu
    Copy the full SHA
    0abf355 View commit details
    Browse the repository at this point in the history

Commits on Mar 25, 2021

  1. Undo meraki generated file changes

    @andrewkroh
    andrewkroh committed Mar 25, 2021
    Configuration menu
    Copy the full SHA
    9b154e4 View commit details
    Browse the repository at this point in the history

Commits on Apr 19, 2021

  1. Merge remote-tracking branch 'elastic/master' into evoila-ingestCisco… 

    …MessagePattern
    @andrewkroh
    andrewkroh committed Apr 19, 2021
    Configuration menu
    Copy the full SHA
    1bf67a2 View commit details
    Browse the repository at this point in the history

  2. Merge remote-tracking branch 'elastic/master' into evoila-ingestCisco… 

    …MessagePattern
    @andrewkroh
    andrewkroh committed Apr 19, 2021
    Configuration menu
    Copy the full SHA
    a5d8c88 View commit details
    Browse the repository at this point in the history

  3. Update generated

    @andrewkroh
    andrewkroh committed Apr 19, 2021
    Configuration menu
    Copy the full SHA
    0b32165 View commit details
    Browse the repository at this point in the history