diff --git a/packages/cisco_ios/changelog.yml b/packages/cisco_ios/changelog.yml index da20d9f899c..a7e4b7dbc57 100644 --- a/packages/cisco_ios/changelog.yml +++ b/packages/cisco_ios/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.28.0" + changes: + - description: Add support for ISO 8601 timestamps. + type: enhancement + link: https://github.com/elastic/integrations/pull/11497 - version: "1.27.2" changes: - description: Use triple-brace Mustache templating when referencing variables in ingest pipelines. diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log index dd9e7b3b6e8..16929865ec9 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log @@ -13,3 +13,4 @@ <189>1469087: chswitchm1: Mar 29 07:40:10.863 CDT: %ILPOWER-5-SENSE_POWER_INVALID: Interface Gi1/0/25: invalid power sense 78054 milliwatts current 515 mA voltage 151562 mV <189>1469087: ch_switch_m-1: Mar 29 07:40:10.863 CDT: %ILPOWER-5-SENSE_POWER_INVALID: Interface Gi1/0/25: invalid power sense 78054 milliwatts current 515 mA voltage 151562 mV <189>Jun 12 18:10:50 10.53.35.85 %ILPOWER-5-IEEE_DISCONNECT: Interface Gi1/0/20: PD removed +<189>2024-10-11T10:15:31.208321-05:00 TestDevice %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json index 09533925162..935288d60a4 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json @@ -673,6 +673,45 @@ "tags": [ "preserve_original_event" ] + }, + { + "@timestamp": "2024-10-11T10:15:31.208-05:00", + "cisco": { + "ios": { + "facility": "LINEPROTO" + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "category": [ + "network" + ], + "code": "UPDOWN", + "original": "<189>2024-10-11T10:15:31.208321-05:00 TestDevice %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up", + "provider": "firewall", + "severity": 5, + "type": [ + "info" + ] + }, + "log": { + "level": "notification", + "syslog": { + "hostname": "TestDevice", + "priority": 189 + } + }, + "message": "Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up", + "observer": { + "product": "IOS", + "type": "firewall", + "vendor": "Cisco" + }, + "tags": [ + "preserve_original_event" + ] } ] } \ No newline at end of file diff --git a/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 563b4d84dd8..dc76ff0f028 100644 --- a/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -35,6 +35,7 @@ processors: field: event.original tag: grok_header patterns: + - '^%{CISCO_PRIORITY_MSGCOUNT}?%{TIMESTAMP_ISO8601:_temp_.cisco_timestamp} %{NOTSPACE:log.syslog.hostname} %{GREEDYDATA:_temp_.message}$' - '^%{CISCO_PRIORITY_MSGCOUNT}?%{SYSLOGTIMESTAMP} %{IP} %{CISCO_HOSTNAME:log.syslog.hostname}: (?:%{NUMBER:cisco.ios.sequence}: )?(?:%{CISCO_UPTIME:cisco.ios.uptime}|%{CISCO_TIMESTAMP}): %{GREEDYDATA:_temp_.message}$' - '^%{CISCO_PRIORITY_MSGCOUNT}?%{SYSLOGTIMESTAMP} (?:%{IP}|%{CISCO_HOSTNAME:log.syslog.hostname}) %{NUMBER:cisco.ios.sequence}: (?:%{CISCO_UPTIME:cisco.ios.uptime}|%{CISCO_TIMESTAMP}): %{GREEDYDATA:_temp_.message}$' - '^%{CISCO_PRIORITY_MSGCOUNT}?(?:(?:%{CISCO_HOSTNAME:log.syslog.hostname}|%{IP})[:]? )?(?:%{NUMBER:cisco.ios.sequence}: )?(?:%{CISCO_UPTIME:cisco.ios.uptime}|%{CISCO_TIMESTAMP}): %{GREEDYDATA:_temp_.message}$' @@ -42,6 +43,8 @@ processors: - '^%{SYSLOGTIMESTAMP} (?:%{IP}|%{HOSTNAME:log.syslog.hostname}) %{CISCO_PRIORITY_MSGCOUNT}?(?:%{NUMBER:cisco.ios.sequence}: )(\\*)?(?:%{CISCO_UPTIME:cisco.ios.uptime}|%{CISCO_TIMESTAMP}): %{GREEDYDATA:_temp_.message}$' - '^%{SYSLOGTIMESTAMP} (?:%{IP}|%{HOSTNAME:log.syslog.hostname}) %{CISCO_PRIORITY_MSGCOUNT}?(?:%{NUMBER:cisco.ios.sequence}: )%{GREEDYDATA:_temp_.message}$' pattern_definitions: + ISO8601_TIMEZONE: "(?:Z|[+-]%{HOUR}(?::?%{MINUTE}))" + TIMESTAMP_ISO8601: "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE:_temp_.tz}?" CISCO_PRIORITY_MSGCOUNT: '<%{NONNEGINT:log.syslog.priority:long}>(?:%{NONNEGINT:cisco.ios.message_count})?(?:: )?' CISCO_TIMESTAMP: '[*]?%{CISCOTIMESTAMP_EX:_temp_.cisco_timestamp}(?: %{CISCO_TZ:_temp_.tz})?' CISCOTIMESTAMP_EX: '(%{CISCOTIMESTAMP})|(%{YEAR} %{MONTH} %{MONTHDAY} %{TIME})' @@ -128,6 +131,7 @@ processors: field: _temp_.cisco_timestamp tag: date_cisco_timestamp formats: + - "ISO8601" - "MMM d yyyy HH:mm:ss.SSS z" - "MMM d yyyy HH:mm:ss.SSS" - "MMM d yyyy HH:mm:ss z" diff --git a/packages/cisco_ios/manifest.yml b/packages/cisco_ios/manifest.yml index 6c766362f26..5a4bd94eb8e 100644 --- a/packages/cisco_ios/manifest.yml +++ b/packages/cisco_ios/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.3" name: cisco_ios title: Cisco IOS -version: "1.27.2" +version: "1.28.0" description: Collect logs from Cisco IOS with Elastic Agent. type: integration categories: