Skip to content

Commit

Permalink
[cisco_ftd] Fixed grok errors on ftd message ID 305006. Added additio…
Browse files Browse the repository at this point in the history 
…nal matching patterns per specification. (#11780)

* Fixed grok errors on ftd message ID 305006. Added additional matching pattern per specification.

* Updated changelog with PR number
  • Loading branch information
@aleksmaus
aleksmaus authored Nov 20, 2024
1 parent 792f10a commit 22070e4
Show file tree
Hide file tree
Showing 22 changed files with 3,238 additions and 20 deletions.
5 changes: 5 additions & 0 deletions packages/cisco_ftd/changelog.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "3.4.4"
changes:
- description: Fixed grok errors on ftd message ID 305006. Added additional matching pattern per specification.
type: bugfix
link: https://github.com/elastic/integrations/pull/11780
- version: "3.4.3"
changes:
- description: Use triple-brace Mustache templating when referencing variables in ingest pipelines.
Expand Down
2 changes: 1 addition & 1 deletion packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -439,4 +439,4 @@
]
}
]
}
}
2 changes: 1 addition & 1 deletion packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22248,4 +22248,4 @@
]
}
]
}
}
2 changes: 1 addition & 1 deletion packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3046,4 +3046,4 @@
]
}
]
}
}
2 changes: 1 addition & 1 deletion packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,4 +86,4 @@
]
}
]
}
}
2 changes: 1 addition & 1 deletion .../cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1246,4 +1246,4 @@
]
}
]
}
}
27 changes: 27 additions & 0 deletions packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-ftd-305006.log
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
<163>%FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195/21 dst WAN-PROV:81.2.69.200 (type 3, code 0)
<163>%FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195 dst WAN-PROV:81.2.69.200/9234 (type 3, code 0)
<163>%FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195/21 dst WAN-PROV:81.2.69.200/9234 (type 3, code 0)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195(LOCAL\esurbey) dst Internet:81.2.69.200 (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195 (LOCAL\esurbey) dst Internet:81.2.69.200 (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195 dst Internet:81.2.69.200(host1\foobar) (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195 dst Internet:81.2.69.200 (host1\foobar) (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195(host1\foobar) dst Internet:81.2.69.200(LOCAL\esurbey) (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195 (host1\foobar) dst Internet:81.2.69.200 (LOCAL\esurbey) (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195/21(LOCAL\esurbey) dst Internet:81.2.69.200 (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195/21 (LOCAL\esurbey) dst Internet:81.2.69.200 (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195/21 dst Internet:81.2.69.200(host1\foobar) (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195/21 dst Internet:81.2.69.200 (host1\foobar) (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195/21(host1\foobar) dst Internet:81.2.69.200(LOCAL\esurbey) (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195/21 (host1\foobar) dst Internet:81.2.69.200 (LOCAL\esurbey) (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195(LOCAL\esurbey) dst Internet:81.2.69.200/9234 (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195 (LOCAL\esurbey) dst Internet:81.2.69.200/9234 (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195 dst Internet:81.2.69.200/9234(host1\foobar) (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195 dst Internet:81.2.69.200/9234 (host1\foobar) (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195(host1\foobar) dst Internet:81.2.69.200/9234(LOCAL\esurbey) (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195 (host1\foobar) dst Internet:81.2.69.200/9234 (LOCAL\esurbey) (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195/21(LOCAL\esurbey) dst Internet:81.2.69.200/9234 (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195/21 (LOCAL\esurbey) dst Internet:81.2.69.200/9234 (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195/21 dst Internet:81.2.69.200/9234(host1\foobar) (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195/21 dst Internet:81.2.69.200/9234 (host1\foobar) (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195/21(host1\foobar) dst Internet:81.2.69.200/9234(LOCAL\esurbey) (type 3, code 3)
<131>Nov 14 16:18:47 firepower : %FTD-3-305006: regular translation creation failed for icmp src any:81.2.69.195/21 (host1\foobar) dst Internet:81.2.69.200/9234 (LOCAL\esurbey) (type 3, code 3)
Loading

0 comments on commit 22070e4

Please sign in to comment.