Adding Cisco support for the Syslog parser #10760
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add support for the "sequence" number in the log format send by cisco devices. Fixes: elastic#10654
|
@webmat I am currently extracting the sequence number generated from Cisco switch (syslog variant), I've looked at ECS, I saw there was a proposal to add an |
andrewkroh
reviewed
Feb 14, 2019
|
@andrewkroh I've made the changes, I think that should be ok |
andrewkroh
approved these changes
Feb 14, 2019
| @@ -81,7 +81,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d | |||
| - The `elasticsearch/deprecation` fileset now indexes the `component` field under `elasticsearch` instead of `elasticsearch.server`. {pull}10445[10445] | |||
| - Remove field `kafka.log.trace.full` from kafka.log fielset. {pull}10398[10398] | |||
| - Change field `kafka.log.class` for kafka.log fileset from text to keyword. {pull}10398[10398] | |||
| - Address add_kubernetes_metadata processor issue where old source field is | |||
| - Address add_kubernetes_metadata processor issue where old source field is | |||
There was a problem hiding this comment.
Is this change intended?
There was a problem hiding this comment.
Well, I presume I wont be the only one removing the additional space, I propose we make the change :)
|
jenkins test this please |
|
Yes, I like this change. I've made a note to introduce officially to ECS. I agree with the datatype and the name. Go for it! |
kvch
approved these changes
Feb 18, 2019
|
Hi @ph Is there any chance this can be backported to 6.7? |
|
@inqueue I can backport it, in retrospect is more of a bug than a new feature. |
ph
added a commit
to ph/beats
that referenced
this pull request
Apr 29, 2019
* Adding Cisco support for the Syslog parser Add support for the "sequence" number in the log format send by Cisco switch devices. Fixes: elastic#10654 (cherry picked from commit dd92b6f)
webmat
pushed a commit
to elastic/ecs
that referenced
this pull request
May 1, 2019
- Added `event.code` (See elastic/beats#10333) - Added `event.sequence` (See #129, elastic/beats#10760) - Added `event.provider` (See #321) - Note: Beats modules currently put the Syslog "programname" in `process.name` which is sometimes accurate, sometimes not (e.g. "kernel"). event.provider would be a better field for this. - Explain event.module and event.dataset without mentioning Beats
hrak
pushed a commit
to hrak/beats
that referenced
this pull request
Mar 4, 2020
Adding Cisco support for the Syslog parser * Adding Cisco support for the Syslog parser Add support for the "sequence" number in the log format send by Cisco switch devices. Fixes: elastic#10654, elastic#15979 (cherry picked from commit dd92b6f)
andrewkroh
removed
the
needs_backport
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add support for the "sequence" number in the log format send by cisco devices.
The number will be extracted to "event.sequence"
Fixes: #10654