Merge pull request #468 from Cargill/a10-proxy-update

A10 proxy update
Cargill · Jan 12, 2024 · 716a78b · 716a78b
2 parents a7691c7 + 52b504d
commit 716a78b
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/config/processors/syslog_audit_a10.proxy.conf b/config/processors/syslog_audit_a10.proxy.conf
@@ -28,7 +28,7 @@ filter {
     }
     grok {
       tag_on_failure => "_parsefailure_body2"
-      match => { "actual_msg" => "^((?<[month]>.*?)(\s)? (?<[date]>.*?) (?<[time]>.*?) (?<[host][hostname]>.*?) (?<[process][name]>.*?)\: \[(?<[event][provider]>.*?)\]\<(?<[log][syslog][severity][code]>.*?)\>)?(?<[event][type]>.*?):(?<[user_agent][original]>.*)(\, (?<[url][path]>.*?)(\] (?<[source][ip]>.*?)))?$" }
+      match => { "actual_msg" => "^((?<[month]>.*?)(\s)? (?<[date]>.*?) (?<[time]>.*?) (?<[host][hostname]>.*?) (?<[process][name]>.*?)\: \[(?<[event][provider]>.*?)\]\<(?<[log][syslog][severity][code]>.*?)\>)?(?<[event][type]>.*?):(?<[user_agent][original]>.*?)(\, (?<[url][path]>\S*)(\] (?<[source][ip]>.*?)))?$" }
       timeout_millis => 500
     }
     if [month] and [date] and [time] {
@@ -89,7 +89,7 @@ filter {
     }
   }
   mutate {
-    remove_field => [ "actual_msg", "month", "date", "time" ]
+    remove_field => ["actual_msg", "month", "date", "time" ]
   }
 }
 output {

diff --git a/doc/elastic_common_schema/ecs_1.9_with_custom_fields.csv b/doc/elastic_common_schema/ecs_1.9_with_custom_fields.csv
@@ -73,6 +73,16 @@ custom,TRUE,client,client.user.title,[client][user][title],keyword,Custom Field,
 1.9.0-dev,TRUE,cmdb,cmdb.application.status,[cmdb][application][status],keyword,extended,,,
 1.9.0-dev,TRUE,cmdb,cmdb.application.type,[cmdb][application][type],keyword,extended,,,
 1.9.0-dev,TRUE,cmdb,cmdb.class.name,[cmdb][class][name],keyword,extended,,,
+1.9.0-dev,TRUE,cmdb,cmdb.destination.application.criticality,[cmdb][destination][application][criticality],keyword,extended,,,
+1.9.0-dev,TRUE,cmdb,cmdb.destination.application.name,[cmdb][destination][application][name],keyword,extended,,,
+1.9.0-dev,TRUE,cmdb,cmdb.destination.application.owner.id,[cmdb][destination][application][owner][id],keyword,extended,,,
+1.9.0-dev,TRUE,cmdb,cmdb.destination.application.owner.name,[cmdb][destination][application][owner][name],keyword,extended,,,
+1.9.0-dev,TRUE,cmdb,cmdb.destination.application.sensitivity,[cmdb][destination][application][sensitivity],keyword,extended,,,
+1.9.0-dev,TRUE,cmdb,cmdb.source.application.criticality,[cmdb][source][application][criticality],keyword,extended,,,
+1.9.0-dev,TRUE,cmdb,cmdb.source.application.name,[cmdb][source][application][name],keyword,extended,,,
+1.9.0-dev,TRUE,cmdb,cmdb.source.application.owner.id,[cmdb][source][application][owner][id],keyword,extended,,,
+1.9.0-dev,TRUE,cmdb,cmdb.source.application.owner.name,[cmdb][source][application][owner][name],keyword,extended,,,
+1.9.0-dev,TRUE,cmdb,cmdb.source.application.sensitivity,[cmdb][source][application][sensitivity],keyword,extended,,,
 1.9.0-dev,TRUE,container,container.id,[container][id],keyword,core,,,Unique container id.
 1.9.0-dev,TRUE,container,container.image.name,[container][image][name],keyword,extended,,,Name of the image the container was built on.
 1.9.0-dev,TRUE,container,container.image.tag,[container][image][tag],keyword,extended,array,,Container image tags.