[Filebeat][Cisco ASA] log enhancement and performance (backport #24744) #25158
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![mergify[bot]](https://avatars.githubusercontent.com/in/10562?s=60&v=4){kind=small}
botelastic
bot
added
the
needs_team
|
This pull request doesn't have a |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
* ecs fix - more message pattern
- Fixed some ECS issues
- added anchors on grok patterns for performance
- added messages:
-------------------------
434004
434002
713905
750002
750003
110002
419002
602304
602303
713120
713202
713901
713904
713906
713905
-------------------------
- with the messages pattern added also this commit add four new event action types in the script that mapped event actions to the event.kind/category/type
- added set processor for adding outcome, action and protocol if necessary for the new messages
* Update asa-ftd-pipeline.yml
* Update asa-ftd-pipeline.yml
fix parsing error
and add enhancements
* Update asa-ftd-pipeline.yml
fix 602303
* testing for PR and some minor fixes
* commit for requested changes
* newline
* test
* make test commit
commit after running tests.
* Fix parsing on 106014 with an additional ${SPACE} in grok pattern, so space in between is optional in log message
* fixed 106014 finally
This fixing finally 106014.
We have, afaik, two options. Use IPORHOST to not match '(type' or using '(?<destination.address>[^ (]*)' so we only dispense on space or '(' for the case destination.address is weird.
NOTSPACE is not work in this case.
* after test commit
* Test after merge
* Update generated
* Add changelog
* Undo meraki generated file changes
* Update generated
Co-authored-by: pcosic <pcosic@evoila.de>
Co-authored-by: pcosic <69909732+pcosic@users.noreply.github.com>
(cherry picked from commit 226485b)
andrewkroh
force-pushed
the
mergify/bp/7.x/pr-24744
branch
from
8c26753
to
b973e25
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is an automatic backport of pull request #24744 done by Mergify.
Mergify commands and options
More conditions and actions can be found in the documentation.
You can also trigger Mergify actions by commenting on this pull request:
@Mergifyio refreshwill re-evaluate the rules@Mergifyio rebasewill rebase this PR on its base branch@Mergifyio updatewill merge the base branch into this PR@Mergifyio backport <destination>will backport this PR on<destination>branchAdditionally, on Mergify dashboard you can:
Finally, you can contact us on https://mergify.io/