Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x-pack/filebeat/module/cisco/{asa,ftd}: allow configuration of time z… #34436

Merged
merged 2 commits into from
Feb 2, 2023
Merged

x-pack/filebeat/module/cisco/{asa,ftd}: allow configuration of time z… #34436

merged 2 commits into from
Feb 2, 2023

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Feb 1, 2023
edited
Loading

…ones

What does this PR do?

Allows users to configure timezone for Cisco ASA and FTD modules.

Why is it important?

See related issue. elastic/integrations#5080

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

@efd6 efd6 self-assigned this Feb 1, 2023
@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Feb 1, 2023
efd6
efd6 commented Feb 1, 2023
View reviewed changes
x-pack/filebeat/module/cisco/ftd/test/dns.log-expected.json
@@ -1,6 +1,6 @@
[
{
"@timestamp": "2019-08-26T21:11:03.000-02:00",
"@timestamp": "2019-08-26T23:11:03.000Z",
Copy link
Contributor Author

@efd6 efd6 Feb 1, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that this change is actually a bugfix; Z is UTC, but was previously parsed in local.

Original event log line:

2019-08-26T23:11:03Z siem-ftd  %FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 175.16.199.1, SrcPort: 57379, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 145, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: a host address, DNS_TTL: 70

@elasticmachine
Copy link
Collaborator

elasticmachine commented Feb 1, 2023
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-02-02T22:07:55.426+0000

  • Duration: 74 min 6 sec

Test stats 🧪

Test Results
Failed 0
Passed 7241
Skipped 746
Total 7987

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@efd6 efd6 marked this pull request as ready for review February 1, 2023 02:45
@efd6 efd6 requested review from a team as code owners February 1, 2023 02:45
@efd6 efd6 requested review from fearful-symmetry and faec and removed request for a team February 1, 2023 02:45
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@mergify
Copy link
Contributor

mergify bot commented Feb 1, 2023

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b i5080-cisco upstream/i5080-cisco
git merge upstream/main
git push upstream i5080-cisco

andrewkroh
andrewkroh approved these changes Feb 2, 2023
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please add this new parameter to the docs at

@efd6 efd6 merged commit fc4a300 into elastic:main Feb 2, 2023
chrisberkhout pushed a commit that referenced this pull request Jun 1, 2023
@efd6 @chrisberkhout
x-pack/filebeat/module/cisco/{asa,ftd}: allow configuration of time z…
08effc3 
…ones (#34436)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

@fearful-symmetry fearful-symmetry Awaiting requested review from fearful-symmetry fearful-symmetry is a code owner automatically assigned from elastic/elastic-agent-data-plane

@faec faec Awaiting requested review from faec faec is a code owner automatically assigned from elastic/elastic-agent-data-plane

Assignees

@efd6 efd6

Labels
8.7-candidate backport-skip Skip notification from the automated backport with mergify enhancement Filebeat Filebeat Integration:Cisco
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Cisco ASA] Timezone Offset
3 participants
@efd6 @elasticmachine @andrewkroh