Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Snort test #2914

Merged
merged 3 commits into from
Mar 30, 2022
Merged

Fix Snort test #2914

merged 3 commits into from
Mar 30, 2022

Conversation

r00tu53r
Copy link
Contributor

@r00tu53r r00tu53r commented Mar 30, 2022
edited
Loading

What does this PR do?

The PR appends a newline character to the last line of the log. Without this filebeat didn't send the entire multiline block which broke the pipeline and hence the failing system tests reported in CI.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

elastic-package test system -v

Related issues

@r00tu53r r00tu53r added bug Something isn't working, use only for issues Team:Security-External Integrations labels Mar 30, 2022
@r00tu53r r00tu53r requested a review from a team as a code owner March 30, 2022 00:52
@r00tu53r r00tu53r self-assigned this Mar 30, 2022
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@elasticmachine
Copy link

elasticmachine commented Mar 30, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-03-30T05:51:52.212+0000

  • Duration: 15 min 38 sec

Test stats 🧪

Test Results
Failed 0
Passed 11
Skipped 0
Total 11

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

efd6
efd6 reviewed Mar 30, 2022
View reviewed changes
packages/snort/_dev/deploy/docker/sample_logs/test-full.log
Type:8 Code:0 ID:101 Seq:1 ECHO

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this need to be two newlines?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not required. The defined pattern is ^\[\*\*\]. So this works too.

[**] [1:1000004:0] Pinging... [**]
[Classification: Attempted Information Leak] [Priority: 2]
09/04-21:53:15.299988 10.100.10.190 -> 175.16.199.1
ICMP TTL:64 TOS:0x0 ID:6922 IpLen:20 DgmLen:84 DF
Type:8  Code:0  ID:101   Seq:1  ECHO
[**] [1:1000005:0] Pinging... [**]
[Classification: Attempted Information Leak] [Priority: 3]
09/04-21:53:15.299988 10.200.11.90 -> 17.16.99.11
ICMP TTL:64 TOS:0x0 ID:6922 IpLen:20 DgmLen:84 DF
Type:8  Code:0  ID:101   Seq:1  ECHO

@r00tu53r
Copy link
Contributor Author

/test

@r00tu53r r00tu53r merged commit 8548bef into elastic:main Mar 30, 2022
eyalkraft pushed a commit to build-security/integrations that referenced this pull request Mar 30, 2022
@r00tu53r
Fix Snort test (elastic#2914)
379bdc7 
* append a newline character to the last line of the log 
  enabling filebeat log input multiline reader to pass the entire
  block to the pipeline.
@andrewkroh andrewkroh mentioned this pull request Apr 5, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees

@r00tu53r r00tu53r

Labels
bug Something isn't working, use only for issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[snort] grok parse failure in system test
3 participants
@r00tu53r @elasticmachine @efd6