removes mapping change in favor of rewriting summary

cron/defaultMappingTemplate.json

@@ -90,7 +90,7 @@
               "type": "geo_point"
             },
             "success": {
-              "type": "keyword"
+              "type": "boolean"
             },
             "sourceport": {
               "type": "keyword"

mq/plugins/broFixup.py

@@ -518,17 +518,24 @@ def onMessage(self, message, metadata):
                         newmessage['details']['client'] = 'unknown'
                     if 'service' not in newmessage['details']:
                         newmessage['details']['service'] = 'unknown'
-                    if 'success' not in newmessage['details']:
-                        newmessage['details']['success'] = 'unknown'
                     if 'error_msg' not in newmessage['details']:
                         newmessage['details']['error_msg'] = ''
-                    newmessage['summary'] = (
-                        '{sourceipaddress} -> '
-                        '{destinationipaddress}:'
-                        '{destinationport} '
-                        'request {request_type} '
-                        'success {success}'
-                    ).format(**newmessage['details'])
+                    if 'success' not in newmessage['details']:
+                        newmessage['summary'] = (
+                            '{sourceipaddress} -> '
+                            '{destinationipaddress}:'
+                            '{destinationport} '
+                            'request {request_type} '
+                            'success unknown'
+                        ).format(**newmessage['details'])
+                    else:
+                        newmessage['summary'] = (
+                            '{sourceipaddress} -> '
+                            '{destinationipaddress}:'
+                            '{destinationport} '
+                            'request {request_type} '
+                            'success {success}'
+                        ).format(**newmessage['details'])
                     return (newmessage, metadata)
 
                 if logtype == 'ntlm':
@@ -548,17 +555,24 @@ def onMessage(self, message, metadata):
                         del(newmessage['details']['username'])
                     else:
                         newmessage['details']['ntlm']['username'] = 'unknown'
-                    if 'success' not in newmessage['details']:
-                        newmessage['details']['success'] = 'unknown'
                     if 'status' not in newmessage['details']:
                         newmessage['details']['status'] = 'unknown'
-                    newmessage['summary'] = (
-                        'NTLM: {sourceipaddress} -> '
-                        '{destinationipaddress}:'
-                        '{destinationport} '
-                        'success {success} '
-                        'status {status}'
-                    ).format(**newmessage['details'])
+                    if 'success' not in newmessage['details']:
+                        newmessage['summary'] = (
+                            'NTLM: {sourceipaddress} -> '
+                            '{destinationipaddress}:'
+                            '{destinationport} '
+                            'success unknown '
+                            'status {status}'
+                        ).format(**newmessage['details'])
+                    else:
+                        newmessage['summary'] = (
+                            'NTLM: {sourceipaddress} -> '
+                            '{destinationipaddress}:'
+                            '{destinationport} '
+                            'success {success} '
+                            'status {status}'
+                        ).format(**newmessage['details'])
                     return (newmessage, metadata)
 
                 if logtype == 'smb_files':

tests/mq/plugins/test_broFixup.py

@@ -1854,10 +1854,10 @@ def test_kerberos_log(self):
         self.verify_metadata(metadata)
         assert toUTC(MESSAGE['ts']).isoformat() == result['utctimestamp']
         assert toUTC(MESSAGE['ts']).isoformat() == result['timestamp']
+        assert 'success' not in result['details']
         for key in MESSAGE.keys():
             if not key.startswith('id.'):
                 assert key in result['details']
-                assert MESSAGE[key] == result['details'][key]
         assert result['summary'] == '10.26.40.121 -> 10.22.69.21:88 request TGS success unknown'
 
     def test_kerberos_log2(self):
@@ -1876,7 +1876,7 @@ def test_kerberos_log2(self):
             "request_type":"AS",
             "client":"valid_client_principal/VLADG.NET",
             "service":"krbtgt/VLADG.NET",
-            "success":'true',
+            "success":'True',
             "till":1421708111.0,
             "cipher":"aes256-cts-hmac-sha1-96",
             "forwardable":'false',
@@ -1889,11 +1889,12 @@ def test_kerberos_log2(self):
         self.verify_metadata(metadata)
         assert toUTC(MESSAGE['ts']).isoformat() == result['utctimestamp']
         assert toUTC(MESSAGE['ts']).isoformat() == result['timestamp']
+        assert MESSAGE['success'] == result['details']['success']
         for key in MESSAGE.keys():
             if not key.startswith('id.'):
                 assert key in result['details']
                 assert MESSAGE[key] == result['details'][key]
-        assert result['summary'] == '192.168.1.31 -> 192.168.1.32:88 request AS success true'
+        assert result['summary'] == '192.168.1.31 -> 192.168.1.32:88 request AS success True'
 
     def test_kerberos_log3(self):
         event = {
@@ -1911,7 +1912,7 @@ def test_kerberos_log3(self):
             "request_type":"TGS",
             "client":"valid_client_principal/VLADG.NET",
             "service":"krbtgt/VLADG.NET",
-            "success":'false',
+            "success":'False',
             "error_msg":"TICKET NOT RENEWABLE",
             "till":1421708111.0,
             "forwardable":'false',
@@ -1924,11 +1925,12 @@ def test_kerberos_log3(self):
         self.verify_metadata(metadata)
         assert toUTC(MESSAGE['ts']).isoformat() == result['utctimestamp']
         assert toUTC(MESSAGE['ts']).isoformat() == result['timestamp']
+        assert MESSAGE['success'] == result['details']['success']
         for key in MESSAGE.keys():
             if not key.startswith('id.'):
                 assert key in result['details']
                 assert MESSAGE[key] == result['details'][key]
-        assert result['summary'] == '192.168.1.31 -> 192.168.1.32:88 request TGS success false'
+        assert result['summary'] == '192.168.1.31 -> 192.168.1.32:88 request TGS success False'
 
     def test_ntlm_log(self):
         event = {
@@ -1946,7 +1948,7 @@ def test_ntlm_log(self):
             "username":"T-W864-IX-018$",
             "hostname":"T-W864-IX-018",
             "domainname":"RELENG",
-            "success":'true',
+            "success":'True',
             "status":"SUCCESS",
         }
         event['MESSAGE'] = json.dumps(MESSAGE)
@@ -1961,7 +1963,7 @@ def test_ntlm_log(self):
         assert MESSAGE['domainname'] == result['details']['ntlm']['domainname']
         assert MESSAGE['success'] == result['details']['success']
         assert MESSAGE['status'] == result['details']['status']
-        assert result['summary'] == 'NTLM: 10.26.40.48 -> 10.22.69.18:445 success true status SUCCESS'
+        assert result['summary'] == 'NTLM: 10.26.40.48 -> 10.22.69.18:445 success True status SUCCESS'
 
     def test_ntlm_log2(self):
         event = {
@@ -1987,7 +1989,7 @@ def test_ntlm_log2(self):
         assert 'username' in result['details']['ntlm']
         assert 'hostname' in result['details']['ntlm']
         assert 'domainname' in result['details']['ntlm']
-        assert 'success' in result['details']
+        assert 'success' not in result['details']
         assert 'status' in result['details']
         assert result['summary'] == 'NTLM: 10.26.40.48 -> 10.22.69.18:445 success unknown status unknown'