Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[IIS] Update document with supported ingest patterns for access_log #6892

Merged
merged 3 commits into from
Jul 19, 2023
Merged

[IIS] Update document with supported ingest patterns for access_log #6892

merged 3 commits into from
Jul 19, 2023

Conversation

muthu-mps
Copy link
Contributor

@muthu-mps muthu-mps commented Jul 10, 2023
edited by shmsr
Loading

What does this PR do?

The IIS access_log provides flexibility for the customer to edit the default logging fields and add new fields. The IIS integration currently supports the default and a few custom selections. The supported patterns are captured in the document.

How to test this PR locally

Verify the documentation in the access_log section and make sure that the supported patterns are captured.

Related issues

@muthu-mps muthu-mps self-assigned this Jul 10, 2023
@elasticmachine
Copy link

elasticmachine commented Jul 10, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-07-19T06:54:45.730+0000

  • Duration: 16 min 57 sec

Test stats 🧪

Test Results
Failed 0
Passed 29
Skipped 0
Total 29

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented Jul 10, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (2/2) 💚
Files 100.0% (2/2) 💚
Classes 100.0% (2/2) 💚
Methods 85.714% (30/35) 👎 -14.286
Lines 93.772% (271/289) 👎 -6.228
Conditionals 100.0% (0/0) 💚

@muthu-mps muthu-mps marked this pull request as ready for review July 10, 2023 11:00
@muthu-mps muthu-mps requested a review from a team as a code owner July 10, 2023 11:00
@shmsr shmsr self-requested a review July 17, 2023 17:17
shmsr
shmsr requested changes Jul 17, 2023
View reviewed changes
Copy link
Member

@shmsr shmsr left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please refer to this: https://www.crowdstrike.com/cybersecurity-101/observability/iis-logs/

Did we miss a format (see the blog by Crowdstrike)? And can we elaborate on some points like in this blog? Also, we have not referenced any official document or so. Please add some links so that users can cross-check what's written here.

Also, see: https://github.com/ossec/ossec-hids/blob/7b3e12bc9dddac561da2d10331a482d501af74b0/etc/decoder.xml#L1868

packages/iis/_dev/build/docs/README.md Outdated Show resolved Hide resolved
packages/iis/docs/README.md Outdated Show resolved Hide resolved
@shmsr shmsr added the enhancement New feature or request label Jul 17, 2023
@shmsr shmsr changed the title [IIS] Update document with access_log supported ingest patterns [IIS] Update document with supported ingest patterns for access_log Jul 17, 2023
shmsr
shmsr reviewed Jul 17, 2023
View reviewed changes
packages/iis/changelog.yml Outdated Show resolved Hide resolved
@shmsr
Copy link
Member

shmsr commented Jul 18, 2023

Did you check this comment: #6892 (review)?

@muthu-mps
Copy link
Contributor Author

Please refer to this: https://www.crowdstrike.com/cybersecurity-101/observability/iis-logs/

Did we miss a format (see the blog by Crowdstrike)? And can we elaborate on some points like in this blog? Also, we have not referenced any official document or so. Please add some links so that users can cross-check what's written here.

Also, see: https://github.com/ossec/ossec-hids/blob/7b3e12bc9dddac561da2d10331a482d501af74b0/etc/decoder.xml#L1868

You mean the log format like W3C, We have captured the supported log formats in the document already. Its not necessary to cover the logging formats what IIS provides in detail as of now as we don't support them right now.

We have the IIS logging official document link included.

shmsr
shmsr requested changes Jul 19, 2023
View reviewed changes
packages/iis/_dev/build/docs/README.md Outdated Show resolved Hide resolved
packages/iis/_dev/build/docs/README.md Show resolved Hide resolved
shmsr
shmsr approved these changes Jul 19, 2023
View reviewed changes
Copy link
Member

@shmsr shmsr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

@shmsr shmsr merged commit eeb463e into elastic:main Jul 19, 2023
@elasticmachine
Copy link

Package iis - 1.14.0 containing this change is available at https://epr.elastic.co/search?package=iis

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shmsr shmsr shmsr approved these changes

Assignees

@muthu-mps muthu-mps

Labels
enhancement New feature or request Integration:iis IIS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[IIS] Add access-log logging information in the document
4 participants
@muthu-mps @elasticmachine @shmsr @andrewkroh