Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Update Fortinet Firewall pipeline.yml to include space #5614

Closed
6 tasks done
jamiehynds opened this issue Mar 21, 2023 · 0 comments · Fixed by #9898
Closed
6 tasks done

[Bug] Update Fortinet Firewall pipeline.yml to include space #5614

jamiehynds opened this issue Mar 21, 2023 · 0 comments · Fixed by #9898
Assignees
@taylor-swanson
Labels
bug Something isn't working good first issue Good for newcomers Integration:Fortinet Team:Security-Deployment and Devices Deployment and Devices Security team

Comments

@jamiehynds
Copy link

@Rdago commented on Fri Feb 03 2023

When sending logs from the Fortinet Analyzer to the Pipeline the message has a space after the %{SYSLOG5424PRI}.

What does this PR do?

I added it as optional to the grok to make the pipeline work again.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

@cla-checker-service[bot] commented on Fri Feb 03 2023

❌ Author of the following commits did not sign a Contributor Agreement:
20d2336cbcaedd6f57b19473be1f6de626165a83

Please, read and sign the above mentioned agreement if you want to contribute to this project

@mergify[bot] commented on Fri Feb 03 2023

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @Rdago? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

@Rdago commented on Fri Feb 03 2023

Processing without the change:
image

@elasticmachine commented on Fri Feb 03 2023

❕ Build Aborted

The PR is not allowed to run in the CI yet

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Start Time: 2023-02-03T09:59:29.719+0000

  • Duration: 6 min 16 sec

Steps errors 2

Expand to view the steps failures

Load a resource file from a library
  • Took 0 min 0 sec . View more details here
  • Description: approval-list/elastic/beats.yml
Error signal
  • Took 0 min 0 sec . View more details here
  • Description: githubApiCall: The REST API call https://api.github.com/orgs/elastic/members/Rdago return the message : java.lang.Exception: httpRequest: Failure connecting to the service https://api.github.com/orgs/elastic/members/Rdago : httpRequest: Failure connecting to the service https://api.github.com/orgs/elastic/members/Rdago : Code: 404Error: {"message":"User does not exist or is not a member of the organization","documentation_url":"https://docs.github.com/rest/reference/orgs#check-organization-membership-for-a-user"}

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@elasticmachine commented on Wed Mar 01 2023

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@taylor-swanson taylor-swanson

Labels
bug Something isn't working good first issue Good for newcomers Integration:Fortinet Team:Security-Deployment and Devices Deployment and Devices Security team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[fortinet_fortigate] Tolerate space between syslog priority and message taylor-swanson/integrations
3 participants
@narph @jamiehynds @taylor-swanson