Include log.source.address for unparseable syslog messages #15453

jsoriano · 2020-01-10T11:52:13Z

Continues with #13274, fixes #13268.

How to test:

Start filebeat with the syslog input
Send an invalid message to the open port
Check that the generated event for the invalid message includes the source address

Co-authored-by: Brian Candler [email protected]

ph

LGTM

…5453) Source address was being included in syslog events, but if the syslog message failed to be parsed the event was being generated without this information. Add it in any case. Co-authored-by: Brian Candler <[email protected]> (cherry picked from commit d552e90)

jsoriano · 2020-01-13T09:33:09Z

@ph I was not sure if backporting it for 7.5.2 too, as it could be also considered a bug. I have opened the PR by now, let me know what you think.

ph · 2020-01-13T13:32:53Z

@jsoriano I would yes/no but that would still improve the user behavior so I am ok to backport it to 7.5.2

… syslog messages (#15495) * Include log.source.address for unparseable syslog messages (#15453) Source address was being included in syslog events, but if the syslog message failed to be parsed the event was being generated without this information. Add it in any case. Co-authored-by: Brian Candler <[email protected]> (cherry picked from commit d552e90) * Fix changelog

…5453) Source address was being included in syslog events, but if the syslog message failed to be parsed the event was being generated without this information. Add it in any case. Co-authored-by: Brian Candler <[email protected]> (cherry picked from commit d552e90)

… syslog messages (#15494) Source address was being included in syslog events, but if the syslog message failed to be parsed the event was being generated without this information. Add it in any case. (cherry picked from commit d552e90) Co-authored-by: Brian Candler <[email protected]>

…15574) Source address was being included in syslog events, but if the syslog message failed to be parsed the event was being generated without this information. Add it in any case. (cherry picked from commit d552e90) Co-authored-by: Brian Candler <[email protected]>

ycombinator · 2020-01-16T19:25:47Z

Tested manually with BC1 and I see log.source.address in the output even when an invalid syslog message is sent to the input.

…rseable syslog messages (elastic#15495) * Include log.source.address for unparseable syslog messages (elastic#15453) Source address was being included in syslog events, but if the syslog message failed to be parsed the event was being generated without this information. Add it in any case. Co-authored-by: Brian Candler <[email protected]> (cherry picked from commit f16fdb1) * Fix changelog

candlerb and others added 3 commits January 10, 2020 12:47

Include log.source.address for unparseable syslog messages

09d4510

Fixes elastic#13268

Add test for log.source.address in invalid syslog messages

a573190

Add changelog entry

d7682e4

jsoriano added enhancement review Filebeat Filebeat needs_backport PR is waiting to be backported to other branches. [zube]: In Review test-plan Add this PR to be manual test plan v7.6.0 Team:Beats labels Jan 10, 2020

jsoriano requested a review from ph January 10, 2020 11:52

jsoriano self-assigned this Jan 10, 2020

jsoriano mentioned this pull request Jan 10, 2020

Include log.source.address for unparseable syslog messages #13274

Closed

jsoriano added 2 commits January 10, 2020 13:08

Add system test

02d3a18

Fix changelog

4e09057

ph approved these changes Jan 10, 2020

View reviewed changes

jsoriano added 2 commits January 10, 2020 16:44

Merge remote-tracking branch 'origin/master' into syslog-source-address

24d20f9

Merge remote-tracking branch 'origin/master' into syslog-source-address

699af39

jsoriano merged commit d552e90 into elastic:master Jan 13, 2020

jsoriano deleted the syslog-source-address branch January 13, 2020 09:24

zube bot added [zube]: Done and removed [zube]: In Review labels Jan 13, 2020

jsoriano mentioned this pull request Jan 13, 2020

Cherry-pick #15453 to 7.x: Include log.source.address for unparseable syslog messages #15494

Merged

jsoriano removed the needs_backport PR is waiting to be backported to other branches. label Jan 13, 2020

jsoriano mentioned this pull request Jan 13, 2020

Cherry-pick #15453 to 7.5: Include log.source.address for unparseable syslog messages #15495

Merged

jsoriano added the v7.5.2 label Jan 13, 2020

andresrc unassigned jsoriano Jan 14, 2020

ycombinator mentioned this pull request Jan 15, 2020

Palo Alto Module does not provide log.source.address #15375

Closed

jsoriano mentioned this pull request Jan 15, 2020

Cherry-pick #15453 to 7.6: Include log.source.address for unparseable syslog messages #15574

Merged

ycombinator self-assigned this Jan 15, 2020

ycombinator added the test-plan-ok This PR passed manual testing label Jan 16, 2020

andresrc removed the [zube]: Done label Jan 17, 2020

andresrc added the Team:Integrations Label for the Integrations team label Mar 6, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Include log.source.address for unparseable syslog messages #15453

Include log.source.address for unparseable syslog messages #15453

jsoriano commented Jan 10, 2020

ph left a comment

jsoriano commented Jan 13, 2020

ph commented Jan 13, 2020

ycombinator commented Jan 16, 2020

Include log.source.address for unparseable syslog messages #15453

Include log.source.address for unparseable syslog messages #15453

Conversation

jsoriano commented Jan 10, 2020

ph left a comment

Choose a reason for hiding this comment

jsoriano commented Jan 13, 2020

ph commented Jan 13, 2020

ycombinator commented Jan 16, 2020