New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Filebeat] rfc6587 framing for fortinet firewall #23837
Conversation
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
- use rfc6587 framing when transferring fortinet firewall logs via syslog over TCP - use rfc6587 framing when transferring fortinet clientendpoint logs via syslog over TCP
dca2fe4
to
5424334
Compare
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
- use rfc6587 framing when transferring fortinet firewall logs via syslog over TCP - use rfc6587 framing when transferring fortinet clientendpoint logs via syslog over TCP (cherry picked from commit ed01b8f)
What does this PR do?
Changes fortinet firewall & clientendpoint filesets to use rfc6587
framing when transferring logs via syslog over TCP
Why is it important?
This is necessary to support syslog messages inside TLS and over TCP
if octet counting is used.
Checklist
- [ ] My code follows the style guidelines of this project- [ ] I have commented my code, particularly in hard-to-understand areas- [ ] I have made corresponding changes to the documentationCHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.How to test this PR locally
Use pysyslogclient or other syslog client that can send using octet counting.