Merge pull request #128 from ZachChristensen28/development

Version 1.5.5

README.md

@@ -7,7 +7,7 @@
 [![Splunkbase App](https://img.shields.io/badge/Splunkbase-TA--opnsense-blue)](https://splunkbase.splunk.com/app/4538/)
 [![Splunk CIM Version](https://img.shields.io/badge/Splunk%20CIM%20Version-5.x%20-success)](https://docs.splunk.com/Documentation/CIM/latest/User/Overview)
 ![Splunk Cloud Compatibility](https://img.shields.io/badge/Splunk%20Cloud%20Ready-Victoria%20|%20Classic-informational?logo=splunk)
-[![OPNsense Compatibility](https://img.shields.io/badge/OPNsense%20Compatibility-22,23-orange?logo=opnsense)](https://opnsense.org/)
+[![OPNsense Compatibility](https://img.shields.io/badge/OPNsense%20Compatibility-23,24-orange?logo=opnsense)](https://opnsense.org/)
 
 ## Documentation
 
@@ -17,8 +17,8 @@ Full documentation can be found at [https://splunk-opnsense-ta.ztsplunker.com](h
 
  Info | Description
 ------|----------
-Version | 1.5.4 - See on [Splunkbase](https://splunkbase.splunk.com/app/4538/)
-Vendor Product Version | [OPNsense® 22.x, 23.x](https://opnsense.org/)
+Version | 1.5.5 - See on [Splunkbase](https://splunkbase.splunk.com/app/4538/)
+Vendor Product Version | [OPNsense® 23.x, 24.x](https://opnsense.org/)
 Add-on has a web UI | Yes, this add-on has a view to setup a modular input.
 
 Try the [OPNsense App for Splunk](https://splunkbase.splunk.com/app/5372/).

docs/landing-page.md

@@ -24,7 +24,7 @@ This documentation assumes the following:
 
 Info | Description
 ------|----------
-Version | 1.5.4 - [Splunkbase](https://splunkbase.splunk.com/app/4538/) \| [GitHub](https://github.com/ZachChristensen28/TA-opnsense)
+Version | 1.5.5 - [Splunkbase](https://splunkbase.splunk.com/app/4538/) \| [GitHub](https://github.com/ZachChristensen28/TA-opnsense)
 CIM | 5.x, 4.x
 Vendor Product Version | [OPNsense® 22, 23](https://opnsense.org/)
 

docs/reference/releases/index.md

@@ -1,11 +1,11 @@
 # Release notes for the OPNsense Add-on for Splunk
 
-## v1.5.4 <small>October 5, 2023</small>
+## v1.5.5 <small>May 29, 2024</small>
 
 ### What's changed
 
-- Updated Splunk Add-on version to 4.1.3.
-- Updated Splunk Python SDK to version 1.7.4
+- Fixed logging for openvpn logs - [#127](https://github.com/ZachChristensen28/TA-opnsense/issues/127) by [ChrisSiedler](https://github.com/ChrisSiedler)
+- Updated License to SGT
 
 ### Known issues
 

docs/reference/releases/release-history.md

@@ -1,6 +1,13 @@
 # Release history for the OPNsense addon for Splunk
 
-The latest version of the OPNsense addon for Splunk is version 1.5.4. See [Release notes for the OPNsense addon for Splunk](../../releases/) of the latest version.
+The latest version of the OPNsense addon for Splunk is version 1.5.5. See [Release notes for the OPNsense addon for Splunk](../../releases/) of the latest version.
+
+## v1.5.4 <small>October 5, 2023</small>
+
+### What's changed
+
+- Updated Splunk Add-on version to 4.1.3.
+- Updated Splunk Python SDK to version 1.7.4
 
 ## v1.5.3 <small>May 14, 2023</small>
 

docs/requirements.txt

@@ -1,4 +1,4 @@
 mkdocs==1.5.3
-mkdocs-git-revision-date-localized-plugin==1.2.0
-mkdocs-material==9.1.21
-mkdocs-minify-plugin==0.7.1
+mkdocs-git-revision-date-localized-plugin==1.2.4
+mkdocs-material==9.5.12
+mkdocs-minify-plugin==0.8.0

mkdocs.yml

@@ -34,8 +34,8 @@ markdown_extensions:
       anchor_linenums: true
   - pymdownx.inlinehilite
   - pymdownx.emoji:
-      emoji_index: !!python/name:materialx.emoji.twemoji
-      emoji_generator: !!python/name:materialx.emoji.to_svg
+      emoji_index: !!python/name:material.extensions.emoji.twemoji
+      emoji_generator: !!python/name:material.extensions.emoji.to_svg
   - def_list
   - footnotes
   - pymdownx.betterem:

src/TA-opnsense/app.manifest

@@ -5,7 +5,7 @@
     "id": {
       "group": null,
       "name": "TA-opnsense",
-      "version": "1.5.4"
+      "version": "1.5.5"
     },
     "author": [
       {
@@ -30,9 +30,9 @@
       "Intrusion Detection": ">=4.18.0"
     },
     "license": {
-      "name": null,
+      "name": "SPLUNK GENERAL TERMS",
       "text": null,
-      "uri": null
+      "uri": "https://www.splunk.com/en_us/legal/splunk-general-terms.html"
     },
     "privacyPolicy": {
       "name": "Splunk Privacy Policy",

src/TA-opnsense/default/addon_builder.conf

@@ -1,6 +1,6 @@
 # this file is generated by add-on builder automatically
 # please do not edit it
 [base]
-builder_version = 4.1.3
+builder_version = 4.2.0
 builder_build = 0
 is_edited = 1

src/TA-opnsense/default/app.conf

@@ -6,16 +6,16 @@
 state_change_requires_restart = true
 is_configured = false
 state = enabled
-build = 10
+build = 11
 
 [launcher]
 author = ZachTheSplunker
-version = 1.5.4
+version = 1.5.5
 description = This Technology Add-on provides CIM compliant field extractions, eventtypes and tags for the OPNsense Firewall
 
 [id]
 name = TA-opnsense
-version = 1.5.4
+version = 1.5.5
 
 [ui]
 is_visible = 1

src/TA-opnsense/default/transforms.conf

@@ -52,7 +52,7 @@ FORMAT   = sourcetype::opnsense:lighttpd
 
 [opnsense_sourcetype_openvpn]
 DEST_KEY = MetaData:Sourcetype
-REGEX    = openvpn(?:\[[^\]]+\]):*
+REGEX    = openvpn\w*(?:\[[^\]]+\]):*
 FORMAT   = sourcetype::opnsense:openvpn
 
 [opnsense_sourcetype_squid]
@@ -200,10 +200,10 @@ FORMAT = user::$1 auth_method::$2
 REGEX = ifconfig\s+(?<dest_ip>\S+)
 
 [opnsense_openvpn_extract]
-REGEX = openvpn\[(?<pid>[^\]]+)\]:\s+(?<user>[^\/]+)\/(?<src_ip>[^:]+):(?<src_port>\d+)
+REGEX = openvpn(?:_(?<vpn_instance>[^\[\:]+))?(?:\[(?<pid>[^\]]+)\])?:\s+(?<user>[^\/]+)\/(?<src_ip>[^:]+):(?<src_port>\d+)
 
 [opnsense_openvpn_src]
-REGEX  = openvpn(?:\[([^\]]+)\]):*\s(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\:(?<src_port>\d+)\s
+REGEX  = openvpn(?:_(?<vpn_instance>[^\[\:]+))?(?:\[(?<pid>[^\]]+)\])?:*\s(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\:(?<src_port>\d+)\s
 
 #===========================================
 # Search Time Field Extractions:  SURICATA