Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fortigate logs parsing with kafka logstash #9438

Merged
merged 4 commits into from
Mar 26, 2024
Merged

Fortigate logs parsing with kafka logstash #9438

merged 4 commits into from
Mar 26, 2024

Conversation

jrmolin
Copy link
Contributor

@jrmolin jrmolin commented Mar 25, 2024
edited
Loading

Proposed commit message

[fortigate] Log parsing error fix
In some pipelines, the `event.original_message` field is set before the integration gets the event, which blocks the processor from copying `message` into that field. As there is no need to preserve whatever was already put into that field, we replace the `rename` to a `set` and `remove`.

- A new test was added to verify the problem is addressed
- Existing tests continue to pass

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

elastic-package test pipeline in the packages/fortinet_fortigate directory verifies the update and new test case.

Related issues

Screenshots

@jrmolin
[fortigate] Log parsing error fix
3a7ec59 
- At some point, the `event.original_message` field is populated before
  the integration gets the event, causing the integration to not perform
  the copy from `message`, which breaks all the processing. This changes
  the copy to a `set` and `remove`, since we do not actually care what
  was in `event.original_message` before the integration gets the event.
- Added a test that looks very much like what the customer was seeing.
- Old tests continue to pass; new test passes.
@jrmolin
[fortigate] add changelog, manifest
d7eca1b
@jrmolin
update PR link
720eb52
@jrmolin jrmolin added bugfix Pull request that fixes a bug issue bug Something isn't working, use only for issues labels Mar 25, 2024
@elasticmachine
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@jrmolin jrmolin marked this pull request as ready for review March 25, 2024 19:49
@jrmolin jrmolin requested a review from a team as a code owner March 25, 2024 19:49
taylor-swanson
taylor-swanson approved these changes Mar 25, 2024
View reviewed changes
Copy link
Contributor

@taylor-swanson taylor-swanson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Just a minor nit about the changelog message.

packages/fortinet_fortigate/changelog.yml Outdated Show resolved Hide resolved
@jrmolin @taylor-swanson
Update packages/fortinet_fortigate/changelog.yml
50d3e71 
Co-authored-by: Taylor Swanson <90622908+taylor-swanson@users.noreply.github.com>
@elasticmachine
Copy link

💚 Build Succeeded

History

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
100.0% 100.0% Coverage on New Code
0.0% 0.0% Duplication on New Code

See analysis details on SonarQube

@jrmolin jrmolin merged commit 2e66957 into elastic:main Mar 26, 2024
5 checks passed
@elasticmachine
Copy link

Package fortinet_fortigate - 1.25.1 containing this change is available at https://epr.elastic.co/search?package=fortinet_fortigate

@taylor-swanson taylor-swanson mentioned this pull request Jun 26, 2024
Merged
4 tasks
@andrewkroh andrewkroh added the Integration:fortinet_fortigate Fortinet FortiGate Firewall Logs label Jul 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taylor-swanson taylor-swanson taylor-swanson approved these changes

Assignees
No one assigned
Labels
bug Something isn't working, use only for issues bugfix Pull request that fixes a bug issue Integration:fortinet_fortigate Fortinet FortiGate Firewall Logs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jrmolin @elasticmachine @taylor-swanson @andrewkroh