adding state_id IDs #1143
Merged
adding state_id IDs #1143
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: SashaSelin <[email protected]>
Signed-off-by: SashaSelin <[email protected]>
Signed-off-by: SashaSelin <[email protected]>
Signed-off-by: SashaSelin <[email protected]>
Signed-off-by: SashaSelin <[email protected]>
Signed-off-by: SashaSelin <[email protected]>
Signed-off-by: SashaSelin <[email protected]>
Signed-off-by: SashaSelin <[email protected]>
Signed-off-by: SashaSelin <[email protected]>
Signed-off-by: SashaSelin <[email protected]>
Signed-off-by: SashaSelin <[email protected]>
Signed-off-by: SashaSelin <[email protected]>
Signed-off-by: SashaSelin <[email protected]>
SashaSelin
requested review from
floydtree,
pagbabian-splunk,
Aniak5,
mikeradka and
zschmerber
as code owners
floydtree
previously approved these changes
Jul 30, 2024
zschmerber
previously approved these changes
Jul 30, 2024
pagbabian-splunk
previously approved these changes
Jul 30, 2024
Signed-off-by: Rajas <[email protected]>
floydtree
dismissed stale reviews from pagbabian-splunk, zschmerber, and themself
via
a7616c2
mikeradka
previously approved these changes
Jul 30, 2024
Signed-off-by: Rajas <[email protected]>
pagbabian-splunk
requested review from
jasonbreimer
and removed request for
jasonbreimer
floydtree
approved these changes
Jul 30, 2024
jasonbreimer
approved these changes
Jul 30, 2024
pagbabian-splunk
approved these changes
Jul 30, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related Issue:
Missing enable/disable state Ids
Description of changes:
added state id's to Device Config State Change Class.
Signed-off-by: Sasha Selin (Cyrebro) ([email protected])
Following closed PR #1076 (#1076), Ive created new PR to create disable/enable state to "device_config_state_change" class.
state “disable/enable” is very common when it comes to FortiGate logs, especially where the subtype=”system” and action=”add”.
The “status” field on this type of logs are represent the “cfgattr” (Configuration value changed) status.
Raw log for example:
<118>date=2024-05-01 time=11:43:38 devname="Test for OCSF" devid="FG11256985563" eventtime=1714553018203018280 tz="+0300" logid="0100044547" type="event" subtype="system" level="information" vd="North" logdesc="Object attribute configured" user="SashaS" ui="GUI(192.168.190.54)" action="Add" cfgtid=10691505 cfgpath="firewall.policy" cfgobj="136" cfgattr="status[disable]srcintf[OCSF-Test]dstintf[OCSF-Test]srcaddr[Sasha-selin-ocsf-test]dstaddr[Sasha-selin]srcaddr6[]dstaddr6[]src-vendor-mac[]action[accept]schedule[always]service[RDP]groups[]users[]fsso-groups[]comments[ (Copy of 148)]custom-log-fields[]" msg="Add firewall.policy 136"