Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Infoblox nios wrong syslog parsing #23272

Closed
adriansr opened this issue Dec 23, 2020 · 1 comment · Fixed by #23273
Closed

Infoblox nios wrong syslog parsing #23272

adriansr opened this issue Dec 23, 2020 · 1 comment · Fixed by #23273
Assignees
Labels

Comments

@adriansr
Copy link
Contributor

For confirmed bugs, please report:

  • Version: 7.9+
  • Operating System: -
  • Discuss Forum URL: -

The infoblox/nios dataset can't parse logs in the following format:

Mon Day hh:mm:ss ip service[pid]: [...]

It works if a hostname is added before the IP address:

Mon Day hh:mm:ss hostname ip service[pid]: [...]

This is due the conflicting ordering of headers in the original device parser:

https://github.com/adriansr/nwdevice2filebeat/blob/1c1d0f6610f5d0e7b859dd4c81130012a49dcafb/devices/infobloxnios/infobloxniosmsg.xml#L12-L20

@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@adriansr adriansr self-assigned this Dec 23, 2020
adriansr added a commit to adriansr/beats that referenced this issue Dec 23, 2020
This reorders the syslog headers parsers for the infoblox/nios dataset
so that the simpler header is picked up first. Otherwise it will
fail to properly parse logs.

Fixes elastic#23272
adriansr added a commit that referenced this issue Dec 28, 2020
* Reorder headers for infoblox module

This reorders the syslog headers parsers for the infoblox/nios dataset
so that the simpler header is picked up first. Otherwise it will
fail to properly parse logs.

Fixes #23272

* Changelog entry
adriansr added a commit to adriansr/beats that referenced this issue Dec 28, 2020
* Reorder headers for infoblox module

This reorders the syslog headers parsers for the infoblox/nios dataset
so that the simpler header is picked up first. Otherwise it will
fail to properly parse logs.

Fixes elastic#23272

* Changelog entry

(cherry picked from commit 27d0f08)
adriansr added a commit that referenced this issue Dec 28, 2020
* Reorder headers for infoblox module

This reorders the syslog headers parsers for the infoblox/nios dataset
so that the simpler header is picked up first. Otherwise it will
fail to properly parse logs.

Fixes #23272

* Changelog entry

(cherry picked from commit 27d0f08)
adriansr added a commit to adriansr/beats that referenced this issue Dec 28, 2020
* Reorder headers for infoblox module

This reorders the syslog headers parsers for the infoblox/nios dataset
so that the simpler header is picked up first. Otherwise it will
fail to properly parse logs.

Fixes elastic#23272

* Changelog entry

(cherry picked from commit 27d0f08)
adriansr added a commit that referenced this issue Dec 29, 2020
* Reorder headers for infoblox module

This reorders the syslog headers parsers for the infoblox/nios dataset
so that the simpler header is picked up first. Otherwise it will
fail to properly parse logs.

Fixes #23272

* Changelog entry

(cherry picked from commit 27d0f08)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants