Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
18 changed files
with
1,195 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
packages/barracuda/data_stream/waf/_dev/test/pipeline/test-audit.log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
<134>2023-03-29 16:24:13.484 +0200 barracuda AUDIT elastic GUI 81.2.69.144 64197 LOGIN 0 login global - - "" "" [] | ||
<134>2023-03-29 16:23:51.998 +0200 barracuda AUDIT elastic GUI 81.2.69.144 63685 LOGOUT 0 logout global - - "" "" [] |
3 changes: 3 additions & 0 deletions
3
packages/barracuda/data_stream/waf/_dev/test/pipeline/test-audit.log-config.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
fields: | ||
tags: | ||
- preserve_original_event |
122 changes: 122 additions & 0 deletions
122
packages/barracuda/data_stream/waf/_dev/test/pipeline/test-audit.log-expected.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,122 @@ | ||
{ | ||
"expected": [ | ||
{ | ||
"@timestamp": "2023-03-29T14:24:13.484Z", | ||
"barracuda": { | ||
"waf": { | ||
"client_type": "GUI", | ||
"command_name": "login", | ||
"log_type": "AUDIT", | ||
"object_type": "global", | ||
"transaction_id": 0, | ||
"transaction_type": "LOGIN", | ||
"unit_name": "barracuda" | ||
} | ||
}, | ||
"client": { | ||
"geo": { | ||
"city_name": "London", | ||
"continent_name": "Europe", | ||
"country_iso_code": "GB", | ||
"country_name": "United Kingdom", | ||
"location": { | ||
"lat": 51.5142, | ||
"lon": -0.0931 | ||
}, | ||
"region_iso_code": "GB-ENG", | ||
"region_name": "England" | ||
}, | ||
"ip": "81.2.69.144", | ||
"port": 64197, | ||
"user": { | ||
"name": "elastic" | ||
} | ||
}, | ||
"ecs": { | ||
"version": "8.6.0" | ||
}, | ||
"event": { | ||
"category": [ | ||
"authentication", | ||
"configuration" | ||
], | ||
"created": "2023-03-29T14:24:13.484Z", | ||
"kind": "event", | ||
"original": "\u003c134\u003e2023-03-29 16:24:13.484 +0200 barracuda AUDIT elastic GUI 81.2.69.144 64197 LOGIN 0 login global - - \"\" \"\" []", | ||
"type": [ | ||
"access" | ||
] | ||
}, | ||
"related": { | ||
"ip": [ | ||
"81.2.69.144" | ||
], | ||
"user": [ | ||
"elastic" | ||
] | ||
}, | ||
"tags": [ | ||
"preserve_original_event" | ||
] | ||
}, | ||
{ | ||
"@timestamp": "2023-03-29T14:23:51.998Z", | ||
"barracuda": { | ||
"waf": { | ||
"client_type": "GUI", | ||
"command_name": "logout", | ||
"log_type": "AUDIT", | ||
"object_type": "global", | ||
"transaction_id": 0, | ||
"transaction_type": "LOGOUT", | ||
"unit_name": "barracuda" | ||
} | ||
}, | ||
"client": { | ||
"geo": { | ||
"city_name": "London", | ||
"continent_name": "Europe", | ||
"country_iso_code": "GB", | ||
"country_name": "United Kingdom", | ||
"location": { | ||
"lat": 51.5142, | ||
"lon": -0.0931 | ||
}, | ||
"region_iso_code": "GB-ENG", | ||
"region_name": "England" | ||
}, | ||
"ip": "81.2.69.144", | ||
"port": 63685, | ||
"user": { | ||
"name": "elastic" | ||
} | ||
}, | ||
"ecs": { | ||
"version": "8.6.0" | ||
}, | ||
"event": { | ||
"category": [ | ||
"authentication", | ||
"configuration" | ||
], | ||
"created": "2023-03-29T14:23:51.998Z", | ||
"kind": "event", | ||
"original": "\u003c134\u003e2023-03-29 16:23:51.998 +0200 barracuda AUDIT elastic GUI 81.2.69.144 63685 LOGOUT 0 logout global - - \"\" \"\" []", | ||
"type": [ | ||
"access" | ||
] | ||
}, | ||
"related": { | ||
"ip": [ | ||
"81.2.69.144" | ||
], | ||
"user": [ | ||
"elastic" | ||
] | ||
}, | ||
"tags": [ | ||
"preserve_original_event" | ||
] | ||
} | ||
] | ||
} |
9 changes: 9 additions & 0 deletions
9
packages/barracuda/data_stream/waf/_dev/test/pipeline/test-system.log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
<134>2023-03-30 03:11:07.915 +0200 barracuda SYS APS INFO 19034 Num clients to walk : 0 | ||
<133>2023-03-30 03:02:21.053 +0200 barracuda SYS APS NOTI 19034 Adding the Fingerprint:[g_448b2101c2af40186876949d97713f2f] to the Lockout Table | ||
<129>2023-03-30 03:00:56.251 +0200 barracuda SYS ABP_SVC ALER 62001 Advanced Bot Protection Service [Provisioning] timed out. Error: Timed out while waiting for socket to become ready for reading | ||
<129>2023-03-30 03:00:56.251 +0200 barracuda SYS ABP_SVC ALER 62004 Failed to receive Symmetric key for Supply Chain. Error: HASH(0xce04b10) | ||
<133>2023-03-30 03:00:49.732 +0200 barracuda SYS APS NOTI 19034 Adding the Fingerprint:[g_6ddfd29093fc8264ddd87bcf7eeda6db] to the Lockout Table | ||
<134>2023-03-30 02:53:07.902 +0200 barracuda SYS APS INFO 19032 [10.9.0.4:443] OnDDOSProtectionReqH: No entry found for the IP in the captcha tables, checking if its verified or making one | ||
<134>2023-03-30 02:31:27.553 +0200 barracuda SYS APS INFO 19032 [10.9.0.4:443] EvalClientBehaviour: Found the entry 0x7fd2c7caefc0 and captcha entry 0x0 and temp entry 0x0, run idx 0 | ||
<133>2023-03-30 02:18:21.494 +0200 barracuda SYS APS NOTI 19034 Num clients walked and displayed : 1 | ||
<129>2023-03-30 02:00:56.026 +0200 barracuda SYS ABP_SVC ALER 62004 Failed to receive Symmetric key for Supply Chain. Error: HASH(0xbb6cd88) |
3 changes: 3 additions & 0 deletions
3
packages/barracuda/data_stream/waf/_dev/test/pipeline/test-system.log-config.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
fields: | ||
tags: | ||
- preserve_original_event |
Oops, something went wrong.