Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Juniper SRX] Fix grok patterns for system logs #7280

Merged
merged 13 commits into from Aug 14, 2023
Merged

[Juniper SRX] Fix grok patterns for system logs #7280

merged 13 commits into from Aug 14, 2023

Conversation

kcreddy
Copy link
Contributor

@kcreddy kcreddy commented Aug 6, 2023
edited

What does this PR do?

Fixes existing grok patterns for system logs

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • Waiting for the user who raised the request to get back on the issue comment. There are several instances where logs are not correctly formatted, or deviating from the standard.
    Examples from test-system.log:

    • line 2: , Traffic-selector: FC Name: has no comma between fields
    • line 3: , VR-ID: 5: Role: Initiator has : instead of , for field separator
    • line 6: , VPN: IPSEC-NIKON-TUN1-PROD-VPN Gateway: IKE-NIKON-TUN1-GW, has instead of , for field separator. Also present in multiple places.
      Confirmed by user that these can be ignored - [Juniper SRX] Issues with System message groks #6963 (comment)

How to test this PR locally

Related issues

Screenshots

@elasticmachine
Copy link

elasticmachine commented Aug 6, 2023
edited

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-08-14T05:46:50.314+0000

  • Duration: 18 min 40 sec

Test stats 🧪

Test Results
Failed 0
Passed 14
Skipped 0
Total 14

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (1/1) 💚
Files 100.0% (8/8) 💚 3.392
Classes 100.0% (8/8) 💚 3.392
Methods 98.276% (57/58) 👍 6.355
Lines 60.86% (1712/2813) 👎 -27.384
Conditionals 100.0% (0/0) 💚

@elasticmachine
Copy link

elasticmachine commented Aug 6, 2023
edited

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (1/1) 💚
Files 100.0% (8/8) 💚 3.422
Classes 100.0% (8/8) 💚 3.422
Methods 100.0% (59/59) 💚 8.212
Lines 67.677% (1987/2936) 👎 -20.579
Conditionals 100.0% (0/0) 💚

@kcreddy kcreddy mentioned this pull request Aug 7, 2023
Closed
@kcreddy kcreddy marked this pull request as ready for review August 10, 2023 07:39
@kcreddy kcreddy requested a review from a team as a code owner August 10, 2023 07:39
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@kcreddy kcreddy self-assigned this Aug 10, 2023
chemamartinez
chemamartinez approved these changes Aug 10, 2023
View reviewed changes
Copy link
Contributor

@chemamartinez chemamartinez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added two small suggestions but overall it looks good to me.

packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/system.yml Outdated Show resolved Hide resolved
packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/system.yml Outdated Show resolved Hide resolved
@kcreddy kcreddy requested a review from P1llus August 10, 2023 15:33
@kcreddy
Copy link
Contributor Author

kcreddy commented Aug 10, 2023

Thanks @chemamartinez!
I think Marius might also want to take look. Lets wait for couple more days and merge once he is back and reviewed it.

@kcreddy kcreddy merged commit 52269e0 into elastic:main Aug 14, 2023
4 checks passed
@elasticmachine
Copy link

Package juniper_srx - 1.14.1 containing this change is available at https://epr.elastic.co/search?package=juniper_srx

gizas pushed a commit that referenced this pull request Sep 5, 2023
@kcreddy @gizas
[Juniper SRX] Fix grok patterns for system logs (#7280)
ba04014 
* Fix grok patterns for Juniper System logs

* update pr num

* update negotiation grok

* Fix FW groks

* Fix rtslib_dfwsm_get_async_cb

* Add reth_scan

* Non pid structured

* Fix other patterns

* Refactor

* Add required fields

* update readme

* PR comments

* Address PR comments
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@P1llus P1llus P1llus approved these changes

@chemamartinez chemamartinez chemamartinez approved these changes

@efd6 efd6 efd6 approved these changes

Assignees

@kcreddy kcreddy

Labels
bugfix Integration:Juniper SRX
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Juniper SRX] Issues with System message groks
5 participants
@kcreddy @elasticmachine @P1llus @chemamartinez @efd6