From 5b64e7192c525c0326ea850feb9062e0b141f7ea Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Thu, 10 Feb 2022 10:49:25 -0500
Subject: [PATCH] [Filebeat] Fix Cisco ASA/FTD configs that used var.input
 syslog (#30072) (#30327)

#26159 accidentally introduced a breaking change for existing users of Cisco ASA
and FTD that specified `var.input: syslog`. `syslog` was effectively an alias for the UDP
input and the alias support was removed.

This change allows `var.input: syslog` to continue working as it did before.

(cherry picked from commit 3ddfd1f063567b18e1e6b057e5c2959794788e11)

Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
---
 CHANGELOG.next.asciidoc                           | 7 +------
 x-pack/filebeat/module/cisco/asa/config/input.yml | 4 ++++
 x-pack/filebeat/module/cisco/ftd/config/input.yml | 4 ++++
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 2b0601b0f474..a28363a69466 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -48,17 +48,12 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 
 - tcp/unix input: Stop accepting connections after socket is closed. {pull}29712[29712]
 - aws-s3: fix race condition in states used by s3-poller. {issue}30123[30123] {pull}30131[30131]
+- cisco module: Fix change the broke ASA and FTD configs that used `var.input: syslog`. {pull}30072[30072]
 - Fix broken Kafka input {issue}29746[29746] {pull}30277[30277]
 
-*Heartbeat*
-
-
-*Filebeat*
-
 
 *Heartbeat*
 
-
 *Metricbeat*
 
 
diff --git a/x-pack/filebeat/module/cisco/asa/config/input.yml b/x-pack/filebeat/module/cisco/asa/config/input.yml
index cb9df5bd6ec4..b28c6bf9aabf 100644
--- a/x-pack/filebeat/module/cisco/asa/config/input.yml
+++ b/x-pack/filebeat/module/cisco/asa/config/input.yml
@@ -7,6 +7,10 @@ paths:
 {{ end }}
 exclude_files: [".gz$"]
 
+{{ else if eq .input "syslog" }}
+type: udp
+host: "{{.syslog_host}}:{{.syslog_port}}"
+
 {{ else }}
 
 type: {{.input}}
diff --git a/x-pack/filebeat/module/cisco/ftd/config/input.yml b/x-pack/filebeat/module/cisco/ftd/config/input.yml
index cb9df5bd6ec4..b28c6bf9aabf 100644
--- a/x-pack/filebeat/module/cisco/ftd/config/input.yml
+++ b/x-pack/filebeat/module/cisco/ftd/config/input.yml
@@ -7,6 +7,10 @@ paths:
 {{ end }}
 exclude_files: [".gz$"]
 
+{{ else if eq .input "syslog" }}
+type: udp
+host: "{{.syslog_host}}:{{.syslog_port}}"
+
 {{ else }}
 
 type: {{.input}}