Cherry-pick #21063 to 7.x: [Filebeat] Add Pensando DFW Module #24045
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
botelastic
bot
added
the
needs_team
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
botelastic
bot
removed
the
needs_team
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
* Add Pensando module init * explicitly define the ECS version per testing * updates to docs from make update * updates for pensando module * updates to documentation and db screenshot * add dashboard export to repo * update to add pensando beat * Update filebeat/module/pensando/dfw/config/dfw.yml Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> * Update pipeline.yml Condensed all "remove" fields to 1 list of fields. * Update pipeline.yml Do not remove the payload_raw field. * Update filebeat/module/pensando/_meta/docs.asciidoc Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co> * Update config.yml Added syslog_host and syslog_port values as suggested. * Update docs.asciidoc Added documentation for syslog_host and syslog_port as suggested. * Update pipeline.yml Removing payload_raw - this and json are, essentially, the same field and no longer needed after parsing. * Update pipeline.yml Changed checks if values are != null to use the filebeat specific ignore_empty_value: true instead. * Remove set of event.module Remove the set param for event.module. Filebeat should add this automatically. * Apply suggestions from code review Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co> * Update test.log * Use convert instead of set for some fields Changed ECS sets for IP addresses and ports to converts of type ip and integer respectively. * Updates for geoip and autonomous system * add pensando dfw fields * fixes from make -C filebeat update * fixes for filebeat check * make update changes * Update filebeat/module/pensando/dfw/config/dfw.yml Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> * Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> * Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> * Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> * Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> * remove old json file * ran tests * Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> * gen after run of 'mage -v pythonIntegTest' * Update fields.yml * mage fmt update request Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co> (cherry picked from commit 4194408)
marc-gr
force-pushed
the
backport_21063_7.x
branch
from
c5e66ad
to
3c5ab4d
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Cherry-pick of PR #21063 to 7.x branch. Original message:
What does this PR do?
Utilized the instructions found here: https://www.elastic.co/guide/en/beats/devguide/current/filebeat-modules-devguide.html
This adds the Pensando distributed firewall (fileset) beat to the release.
Why is it important?
Many of our customers want an easy way to implement our FW logging in/on their Elastic instances.
Checklist
- [ ] I have commented my code, particularly in hard-to-understand areasCHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Author's Checklist
How to test this PR locally
All tests were run using these guidelines to verify logs worked correctly: https://www.elastic.co/guide/en/beats/devguide/current/filebeat-modules-devguide.html#_test
Related issues
None
Use cases
Screenshots
Logs