Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[microsoft_dhcp] Add DHCPv6 support #2473

Merged
merged 7 commits into from
Jan 13, 2022
Merged

[microsoft_dhcp] Add DHCPv6 support #2473

merged 7 commits into from
Jan 13, 2022

Conversation

taylor-swanson
Copy link
Contributor

@taylor-swanson taylor-swanson commented Jan 6, 2022
edited
Loading

What does this PR do?

  • Add support for ingesting logs from Microsoft DHCPv6 Server
  • Split pipeline into DHCPv4 and DHCPv6 handlers, switches on filename
  • Filter out header lines using filebeat processor
  • Add observer metadata using filebeat processor
  • Add pipeline and system tests

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

cd packages/microsoft_dhcp && elastic-package test

Related issues

@taylor-swanson
Add DHCPv6 support
e52b9e0 
- Add support for ingesting logs from Microsoft DHCPv6 Server
- Split pipeline into DHCPv4 and DHCPv6 handlers, switches on filename
- Filter out header lines using filebeat processor
- Add observer metadata using filebeat processor
- Add pipeline and system tests
@elasticmachine
Copy link

elasticmachine commented Jan 6, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-01-11T16:00:43.137+0000

  • Duration: 15 min 9 sec

  • Commit: 4418ced

Test stats 🧪

Test Results
Failed 0
Passed 6
Skipped 0
Total 6

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@taylor-swanson taylor-swanson marked this pull request as ready for review January 10, 2022 15:09
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

andrewkroh
andrewkroh reviewed Jan 10, 2022
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few minor comments.

packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml Show resolved Hide resolved
packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/dhcp.yml Show resolved Hide resolved
packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/dhcpv6.yml Outdated Show resolved Hide resolved
packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/dhcpv6.yml Outdated Show resolved Hide resolved
@taylor-swanson
Review comments
48f3159
@taylor-swanson
Clean up DHCP pipeline, update tests, add headers to DHCP system test…
a7d16e8 
… file

- DHCP pipeline now uses similar method of assigning ECS fields like DHCPv6
- Added header lines to DHCP system test file
- Switched event.action to string instead of array
- Updated expected test result files
@taylor-swanson
Use append for host.mac
4418ced
@taylor-swanson
Copy link
Contributor Author

I also reworked the DHCP pipeline to use a similar method of setting ECS fields. It should be clearer now what event IDs are being enriched and it should also be easier moving forward to add more metadata as needed.

One change I made was removing the user event type. The events that these were being applied to only related to (potentially) rogue DHCP servers, not users. If we really need this event type, I can re-add it, but it seems wrong.

andrewkroh
andrewkroh approved these changes Jan 13, 2022
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@taylor-swanson taylor-swanson merged commit f4d2fe7 into elastic:master Jan 13, 2022
@taylor-swanson taylor-swanson deleted the ms-dhcpv6 branch January 13, 2022 15:22
@andrewkroh andrewkroh mentioned this pull request Feb 9, 2022
Merged
eyalkraft pushed a commit to build-security/integrations that referenced this pull request Mar 30, 2022
@taylor-swanson
[microsoft_dhcp] Add DHCPv6 support (elastic#2473)
9bfa975 
- Add support for ingesting logs from Microsoft DHCPv6 Server
- Split pipeline into DHCPv4 and DHCPv6 handlers, switches on filename
- Filter out header lines using filebeat processor
- Add observer metadata using filebeat processor
- Add pipeline and system tests
- DHCP pipeline now uses similar method of assigning ECS fields like DHCPv6
- Added header lines to DHCP system test file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[microsoft_dhcp] Handle DHCPv6 logs
3 participants
@taylor-swanson @elasticmachine @andrewkroh