Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Filebeat] Cisco ASA module failed to parse field [destination.port] of type [long] #14978

Closed
esbenvial opened this issue Dec 6, 2019 · 2 comments · Fixed by #20565
Closed

[Filebeat] Cisco ASA module failed to parse field [destination.port] of type [long] #14978

esbenvial opened this issue Dec 6, 2019 · 2 comments · Fixed by #20565
Labels
Filebeat Filebeat

Comments

@esbenvial
Copy link

esbenvial commented Dec 6, 2019
edited by andrewkroh
Loading

Our ASA sends the following:
%ASA-4-106023: Deny tcp src outside:x.x.xx/56444 dst srv:y.y.y.y/51635(hostname.domain) by access-group "global_access_1"

Filebeat reports
"Cannot index event publisher"
{"type":"mapper_parsing_exception","reason":"failed to parse field [destination.port] of type [long] in document with id 'mPsJ224BZPvwHfzAu5br'. Preview of field's value: '51635(hostname.domain)'","caused_by":{"type":"illegal_argument_exception","reason":"For input string: "51635(hostname.domain)""}

Filebeat version: 7.5.0
@kaiyan-sheng
Copy link
Contributor

Hi! Seems like cisco module is only supporting inside:172.31.98.44/8309 instead of dst srv:y.y.y.y/51635(hostname.domain).

@kaiyan-sheng kaiyan-sheng added Filebeat Filebeat Team:Integrations Label for the Integrations team labels Dec 6, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@andresrc andresrc removed the Team:Integrations Label for the Integrations team label Dec 16, 2019
@andrewkroh andrewkroh changed the title [Filebeat 7.5.0 module cisco] failed to parse field [destination.port] of type [long] [Filebeat] Cisco ASA module failed to parse field [destination.port] of type [long] Feb 11, 2020
@immon immon mentioned this issue May 11, 2020
Closed
@P1llus P1llus mentioned this issue Aug 11, 2020
Merged
6 tasks
This was referenced Aug 25, 2020
Merged
Merged
@zube zube bot removed the [zube]: Done label Nov 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Filebeat Filebeat
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Filebeat][Cisco Module] Adding various smaller hotfixes related to github issues P1llus/beats
4 participants
@andresrc @esbenvial @kaiyan-sheng @elasticmachine