New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Arista NG Firewall] Bug fixes for initial release #6854
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/test |
MakoWish
force-pushed
the
arista_bug_fixes
branch
from
July 12, 2023 15:43
53bdf43
to
b057a31
Compare
Pinging @efd6 . |
/test |
diff --git a/packages/arista_ngfw/data_stream/log/fields/ecs.yml b/packages/arista_ngfw/data_stream/log/fields/ecs.yml
index 63ac7c32b..26c4196ed 100755
--- a/packages/arista_ngfw/data_stream/log/fields/ecs.yml
+++ b/packages/arista_ngfw/data_stream/log/fields/ecs.yml
@@ -240,8 +240,6 @@
name: source.geo.country_iso_code
- external: ecs
name: source.geo.country_name
-- external: ecs
- name: source.geo.dma_code
- external: ecs
name: source.geo.location
- external: ecs
diff --git a/packages/arista_ngfw/docs/README.md b/packages/arista_ngfw/docs/README.md
index 032d22507..595d31f35 100755
--- a/packages/arista_ngfw/docs/README.md
+++ b/packages/arista_ngfw/docs/README.md
@@ -15,6 +15,7 @@ Arista NG Firewall supports several syslog output rules that may be configured o
* Interface Stat Event
* Intrusion Prevention Log Event
* Session Event
+* Session Stats Event
* System Stat Event
* Web Filter Event
@@ -210,6 +211,7 @@ An example event for `log` looks as following:
| event.dataset | Event dataset | constant_keyword |
| event.duration | Duration of the event in nanoseconds. If event.start and event.end are known this value should be the difference between the end and start time. | long |
| event.end | event.end contains the date when the event ended or when the activity was last observed. | date |
+| event.id | Unique ID to describe the event. | keyword |
| event.ingested | Timestamp when an event arrived in the central data store. This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` \< `event.created` \< `event.ingested`. | date |
| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword |
| event.module | Event module | constant_keyword |
@@ -316,6 +318,7 @@ An example event for `log` looks as following:
| source.geo.country_iso_code | Country ISO code. | keyword |
| source.geo.country_name | Country name. | keyword |
| source.geo.location | Longitude and latitude. | geo_point |
+| source.geo.postal_code | Postal code associated with the location. Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. | keyword |
| source.geo.region_iso_code | Region ISO code. | keyword |
| source.geo.region_name | Region name. | keyword |
| source.ip | IP address of the source (IPv4 or IPv6). | ip | |
efd6
reviewed
Jul 26, 2023
/test |
efd6
reviewed
Jul 27, 2023
/test |
🌐 Coverage report
|
efd6
approved these changes
Jul 27, 2023
Package arista_ngfw - 0.1.2 containing this change is available at https://epr.elastic.co/search?package=arista_ngfw |
gizas
pushed a commit
that referenced
this pull request
Sep 5, 2023
…d field types (#6854) - prevent _conf duplication in stream template - fix up names of vars in manifest - ensure correct types of fields
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Type of Change
What does this PR do?
_conf
fieldChecklist
changelog.yml
file.Author's Checklist
_conf
field in bothtcp.yml.hbs
andudp.yml.hbs
agent configurations.Related issues