fix: use type:tcp

elastic · May 26, 2020 · 4fb188c · 4fb188c
1 parent 6cc352a
commit 4fb188c
Show file tree

Hide file tree

Showing 14 changed files with 702 additions and 37 deletions.
diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml
diff --git a/filebeat/module/checkpoint/_meta/config.yml → ...le/checkpoint/checkpoint/_meta/config.yml b/filebeat/module/checkpoint/_meta/config.yml → ...le/checkpoint/checkpoint/_meta/config.yml
diff --git a/...eat/module/checkpoint/_meta/docs.asciidoc → ...checkpoint/checkpoint/_meta/docs.asciidoc b/...eat/module/checkpoint/_meta/docs.asciidoc → ...checkpoint/checkpoint/_meta/docs.asciidoc
diff --git a/filebeat/module/checkpoint/_meta/fields.yml → ...le/checkpoint/checkpoint/_meta/fields.yml b/filebeat/module/checkpoint/_meta/fields.yml → ...le/checkpoint/checkpoint/_meta/fields.yml
diff --git a/filebeat/module/checkpoint/fields.go → ...at/module/checkpoint/checkpoint/fields.go b/filebeat/module/checkpoint/fields.go → ...at/module/checkpoint/checkpoint/fields.go
diff --git a/...dule/checkpoint/firewall/_meta/fields.yml → ...oint/checkpoint/firewall/_meta/fields.yml b/...dule/checkpoint/firewall/_meta/fields.yml → ...oint/checkpoint/firewall/_meta/fields.yml
diff --git a/...e/checkpoint/firewall/config/firewall.yml → ...t/checkpoint/firewall/config/firewall.yml b/...e/checkpoint/firewall/config/firewall.yml → ...t/checkpoint/firewall/config/firewall.yml
@@ -6,19 +6,20 @@ protocol.udp:
   {{ if ne .pipeline "" }}
   pipeline: "{{.pipeline}}"
   {{ end }}
+
 {{ else if eq .input "tls" }}
-type: syslog
-protocol.tcp:
-  host: "{{.syslog_host}}:{{.syslog_port}}"
-  ssl:
-    enabled: true
-    certificate_authorities: ["{{.cafile}}"]
-    certificate: "{{.certfile}}"
-    key: "{{.keyfile}}"
-    client_authentication: "required"
-  {{ if ne .pipeline "" }}
-  pipeline: "{{.pipeline}}"
-  {{ end }}
+type: tcp
+host: "{{.syslog_host}}:{{.syslog_port}}"
+ssl:
+  enabled: true
+  certificate_authorities: ["{{.cafile}}"]
+  certificate: "{{.certfile}}"
+  key: "{{.keyfile}}"
+  client_authentication: "required"
+{{ if ne .pipeline "" }}
+pipeline: "{{.pipeline}}"
+{{ end }}
+
 {{ else if eq .input "file" }}
 
 type: log

diff --git a/.../checkpoint/firewall/ingest/pipeline.json → .../checkpoint/firewall/ingest/pipeline.json b/.../checkpoint/firewall/ingest/pipeline.json → .../checkpoint/firewall/ingest/pipeline.json
diff --git a/...t/module/checkpoint/firewall/manifest.yml → ...eckpoint/checkpoint/firewall/manifest.yml b/...t/module/checkpoint/firewall/manifest.yml → ...eckpoint/checkpoint/firewall/manifest.yml
diff --git a/...e/checkpoint/firewall/test/checkpoint.log → ...t/checkpoint/firewall/test/checkpoint.log b/...e/checkpoint/firewall/test/checkpoint.log → ...t/checkpoint/firewall/test/checkpoint.log
diff --git a/...irewall/test/checkpoint.log-expected.json → ...irewall/test/checkpoint.log-expected.json b/...irewall/test/checkpoint.log-expected.json → ...irewall/test/checkpoint.log-expected.json
diff --git a/filebeat/module/checkpoint/module.yml → ...t/module/checkpoint/checkpoint/module.yml b/filebeat/module/checkpoint/module.yml → ...t/module/checkpoint/checkpoint/module.yml
diff --git a/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml b/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml
@@ -6,19 +6,20 @@ protocol.udp:
   {{ if ne .pipeline "" }}
   pipeline: "{{.pipeline}}"
   {{ end }}
+
 {{ else if eq .input "tls" }}
-type: syslog
-protocol.tcp:
-  host: "{{.syslog_host}}:{{.syslog_port}}"
-  ssl:
-    enabled: true
-    certificate_authorities: ["{{.cafile}}"]
-    certificate: "{{.certfile}}"
-    key: "{{.keyfile}}"
-    client_authentication: "full"
-  {{ if ne .pipeline "" }}
-  pipeline: "{{.pipeline}}"
-  {{ end }}
+type: tcp
+host: "{{.syslog_host}}:{{.syslog_port}}"
+ssl:
+  enabled: true
+  certificate_authorities: ["{{.cafile}}"]
+  certificate: "{{.certfile}}"
+  key: "{{.keyfile}}"
+  client_authentication: "required"
+{{ if ne .pipeline "" }}
+pipeline: "{{.pipeline}}"
+{{ end }}
+
 {{ else if eq .input "file" }}
 
 type: log

diff --git a/x-pack/filebeat/modules.d/checkpoint.yml.disabled b/x-pack/filebeat/modules.d/checkpoint.yml.disabled
@@ -5,8 +5,7 @@
   firewall:
     enabled: true
 
-    # Set which input to use between syslog (default), file or tls
-    # if you set tls, also set cafile, certfile and keyfile to their respective file paths
+    # Set which input to use between syslog (default) or file.
     #var.input: syslog
 
     # The interface to listen to UDP based syslog traffic. Defaults to
@@ -19,7 +18,4 @@
     # Set the log level from 1 (alerts only) to 7 (include all messages).
     # Messages with a log level higher than the specified will be dropped.
     # See https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs-sev-level.html
-    #var.log_level: 7
-
-    # If using pipelines, specify the pipeline name
-    #var.pipeline: mypipeline
+    #var.log_level: 7