Merge pull request #43 from ZachChristensen28/development

Version 1.4.1
ZachChristensen28 · May 28, 2021 · 404a312 · 404a312
2 parents e0d896b + 0f9eb9b
commit 404a312
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 
  Info | Description
 ------|----------
-Version | 1.4.0 - See on [Splunkbase](https://splunkbase.splunk.com/app/4538/)
+Version | 1.4.1 - See on [Splunkbase](https://splunkbase.splunk.com/app/4538/)
 Vendor Product Version | [OPNsense® 21.1](https://opnsense.org/)
 Add-on has a web UI | No. This add-on does not contain any views.
 
@@ -14,11 +14,10 @@ Add-on has a web UI | No. This add-on does not contain any views.
 The TA-opnsense Add-on allows Splunk data administrators to map the OPNsense® firewall events to the [CIM](https://docs.splunk.com/Splexicon:CommonInformationModel) enabling the data to be used with other Splunk Apps, such as Enterprise Security.
 
 ```TEXT
-Version 1.4.0
+Version 1.4.1
 
-- Added modular input to pull system information (Available Updates, Versions, Installed Packages/Plugins).
-- Updated the suricata sourcetyper to recognize the json data without the standard syslog message header.
-- Fixed ipv6 ICMP events not extracting properly - issue #37
+- Fixed incorrect sourcetype transform for modular input - issue #41
+- Increased the truncate limit to allow large events.
 ```
 
 ## Documentation

diff --git a/app.manifest b/app.manifest
@@ -5,7 +5,7 @@
     "id": {
       "group": null,
       "name": "TA-opnsense",
-      "version": "1.4.0"
+      "version": "1.4.1"
     },
     "author": [
       {
@@ -58,4 +58,4 @@
   "targetWorkloads": [
     "*"
   ]
-}
+}
diff --git a/default/app.conf b/default/app.conf
@@ -15,12 +15,12 @@ label = OPNsense Add-on for Splunk
 [launcher]
 author = Zach Christensen
 description = This Technology Add-on provides CIM compliant field extractions, eventtypes and tags for the OPNsense Firewall
-version = 1.4.0
+version = 1.4.1
 
 [package]
 id = TA-opnsense
 
 [triggers]
 reload.ta_opnsense_account = simple
 reload.ta_opnsense_settings = simple
-reload.passwords = simple
+reload.passwords = simple
diff --git a/default/props.conf b/default/props.conf
@@ -190,6 +190,7 @@ INDEXED_EXTRACTIONS = json
 ANNOTATE_PUNCT      = false
 KV_MODE             = none
 DATETIME_CONFIG     = CURRENT
+TRUNCATE            = 99999
 
 [source::...ta-opnsense*.log*]
 SHOULD_LINEMERGE = true

diff --git a/default/transforms.conf b/default/transforms.conf
@@ -66,7 +66,7 @@ REGEX    = suricata\S+\:\s[{]
 FORMAT   = sourcetype::opnsense:suricata:json
 
 [opnsense_sourcetype_suricata_json_alt]
-INGEST_EVAL = sourcetype=if(json_valid(_raw), "opnsense:suricata:json", sourcetype)
+INGEST_EVAL = sourcetype=if(json_valid(_raw) AND match(_raw, "^\{\"timestamp\":"), "opnsense:suricata:json", sourcetype)
 
 [opnsense_sourcetype_syslog]
 DEST_KEY = MetaData:Sourcetype