missed one

legoguy1000 · legoguy1000 · commit 28e08cc4a554 · 2021-06-25T14:18:32.000Z
diff --git a/x-pack/filebeat/module/snort/log/config/liblogparser.js b/x-pack/filebeat/module/snort/log/config/liblogparser.js
@@ -1088,8 +1088,8 @@ var ecs_mappings = {
     "rbytes": {convert: to_long, to:[{field: "destination.bytes", setter: fld_set}]},
     "referer": {to:[{field: "http.request.referrer", setter: fld_prio, prio: 1}]},
     "rulename": {to:[{field: "rule.name", setter: fld_set}]},
-    "saddr": {convert: to_ip, to:[{field: "source.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]},
-    "saddr_v6": {convert: to_ip, to:[{field: "source.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]},
+    "saddr": {convert: to_ip, to:[{field: "source.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]},
+    "saddr_v6": {convert: to_ip, to:[{field: "source.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]},
     "sbytes": {convert: to_long, to:[{field: "source.bytes", setter: fld_set}]},
     "sdomain": {to:[{field: "source.domain", setter: fld_prio, prio: 0}]},
     "service": {to:[{field: "service.name", setter: fld_prio, prio: 1}]},
diff --git a/x-pack/filebeat/module/snort/log/test/generated.log-expected.json b/x-pack/filebeat/module/snort/log/test/generated.log-expected.json
@@ -84,7 +84,9 @@
         "rule.name": "iatisu",
         "service.type": "snort",
         "source.bytes": 4512,
-        "source.ip": "10.38.77.13",
+        "source.ip": [
+            "10.38.77.13"
+        ],
         "source.port": 3971,
         "tags": [
             "forwarded",
@@ -233,7 +235,9 @@
         "rule.name": "doloremi",
         "service.type": "snort",
         "source.bytes": 651,
-        "source.ip": "10.182.199.231",
+        "source.ip": [
+            "10.182.199.231"
+        ],
         "source.port": 4478,
         "tags": [
             "forwarded",
@@ -353,7 +357,9 @@
         "rsa.time.event_time_str": "May 22 14:30:33 2016 UTC",
         "rsa.time.month": "May",
         "service.type": "snort",
-        "source.ip": "10.110.31.190",
+        "source.ip": [
+            "10.110.31.190"
+        ],
         "tags": [
             "forwarded",
             "snort.log"
@@ -845,7 +851,9 @@
         "rsa.time.month": "Dec",
         "service.type": "snort",
         "source.geo.country_name": "tur",
-        "source.ip": "10.182.213.195",
+        "source.ip": [
+            "10.182.213.195"
+        ],
         "source.port": 7119,
         "tags": [
             "forwarded",
@@ -900,7 +908,9 @@
         "rule.name": "eriam",
         "service.type": "snort",
         "source.bytes": 3465,
-        "source.ip": "10.210.180.142",
+        "source.ip": [
+            "10.210.180.142"
+        ],
         "source.port": 3015,
         "tags": [
             "forwarded",
@@ -969,7 +979,9 @@
         "rsa.time.day": "20",
         "rsa.time.month": "Jan",
         "service.type": "snort",
-        "source.ip": "10.165.33.19",
+        "source.ip": [
+            "10.165.33.19"
+        ],
         "tags": [
             "forwarded",
             "snort.log"
@@ -1018,7 +1030,9 @@
         "rsa.time.event_time_str": "Feb 3 21:16:50 2017 UTC",
         "rsa.time.month": "Feb",
         "service.type": "snort",
-        "source.ip": "10.52.190.18",
+        "source.ip": [
+            "10.52.190.18"
+        ],
         "source.port": 4411,
         "tags": [
             "forwarded",
@@ -1070,7 +1084,9 @@
         "rsa.time.event_time_str": "Feb 18 04:19:24 2017 UTC",
         "rsa.time.month": "Feb",
         "service.type": "snort",
-        "source.ip": "10.68.233.163",
+        "source.ip": [
+            "10.68.233.163"
+        ],
         "tags": [
             "forwarded",
             "snort.log"
@@ -1219,7 +1235,9 @@
         "rsa.time.event_time_str": "Apr 16 08:29:41 2017 UTC",
         "rsa.time.month": "Apr",
         "service.type": "snort",
-        "source.ip": "10.116.175.84",
+        "source.ip": [
+            "10.116.175.84"
+        ],
         "tags": [
             "forwarded",
             "snort.log"
@@ -1504,7 +1522,9 @@
         "rule.name": "emagnam",
         "service.type": "snort",
         "source.bytes": 1580,
-        "source.ip": "10.240.144.78",
+        "source.ip": [
+            "10.240.144.78"
+        ],
         "source.port": 2998,
         "tags": [
             "forwarded",
@@ -1649,7 +1669,9 @@
         "rule.name": "temse",
         "service.type": "snort",
         "source.bytes": 470,
-        "source.ip": "10.140.209.249",
+        "source.ip": [
+            "10.140.209.249"
+        ],
         "source.port": 1801,
         "tags": [
             "forwarded",
@@ -1734,7 +1756,9 @@
         "rsa.time.event_time_str": "Nov 2 11:05:41 2017 UTC",
         "rsa.time.month": "Nov",
         "service.type": "snort",
-        "source.ip": "10.198.44.231",
+        "source.ip": [
+            "10.198.44.231"
+        ],
         "tags": [
             "forwarded",
             "snort.log"
@@ -1788,7 +1812,9 @@
         "rule.name": "ffici",
         "service.type": "snort",
         "source.bytes": 3273,
-        "source.ip": "10.77.86.215",
+        "source.ip": [
+            "10.77.86.215"
+        ],
         "source.port": 5913,
         "tags": [
             "forwarded",
@@ -2113,7 +2139,9 @@
         "rsa.time.event_time_str": "Mar 25 09:31:24 2018 UTC",
         "rsa.time.month": "Mar",
         "service.type": "snort",
-        "source.ip": "10.28.105.106",
+        "source.ip": [
+            "10.28.105.106"
+        ],
         "tags": [
             "forwarded",
             "snort.log"
@@ -2223,7 +2251,9 @@
         "rsa.time.day": "7",
         "rsa.time.month": "May",
         "service.type": "snort",
-        "source.ip": "10.166.40.137",
+        "source.ip": [
+            "10.166.40.137"
+        ],
         "source.nat.ip": "10.65.144.119",
         "source.nat.port": 6233,
         "source.port": 5279,
@@ -2264,7 +2294,9 @@
         "rsa.time.day": "21",
         "rsa.time.month": "May",
         "service.type": "snort",
-        "source.ip": "10.104.78.147",
+        "source.ip": [
+            "10.104.78.147"
+        ],
         "tags": [
             "forwarded",
             "snort.log"
@@ -2302,7 +2334,9 @@
         "rsa.time.day": "4",
         "rsa.time.month": "Jun",
         "service.type": "snort",
-        "source.ip": "10.237.43.87",
+        "source.ip": [
+            "10.237.43.87"
+        ],
         "tags": [
             "forwarded",
             "snort.log"
@@ -2355,7 +2389,9 @@
         "rsa.time.month": "Jun",
         "service.type": "snort",
         "source.geo.country_name": "eos",
-        "source.ip": "10.234.234.205",
+        "source.ip": [
+            "10.234.234.205"
+        ],
         "source.port": 5714,
         "tags": [
             "forwarded",
@@ -2440,7 +2476,9 @@
         "rule.name": "iconseq",
         "service.type": "snort",
         "source.bytes": 1259,
-        "source.ip": "10.40.250.209",
+        "source.ip": [
+            "10.40.250.209"
+        ],
         "source.port": 3941,
         "tags": [
             "forwarded",
@@ -2512,7 +2550,9 @@
         "rsa.time.day": "15",
         "rsa.time.month": "Aug",
         "service.type": "snort",
-        "source.ip": "10.198.202.72",
+        "source.ip": [
+            "10.198.202.72"
+        ],
         "tags": [
             "forwarded",
             "snort.log"
@@ -2566,7 +2606,9 @@
         "rsa.time.event_time_str": "Aug 29 14:59:40 2018 UTC",
         "rsa.time.month": "Aug",
         "service.type": "snort",
-        "source.ip": "10.147.155.100",
+        "source.ip": [
+            "10.147.155.100"
+        ],
         "tags": [
             "forwarded",
             "snort.log"
@@ -2617,7 +2659,9 @@
         "rsa.time.event_time_str": "Sep 12 22:02:15 2018 UTC",
         "rsa.time.month": "Sep",
         "service.type": "snort",
-        "source.ip": "10.4.147.70",
+        "source.ip": [
+            "10.4.147.70"
+        ],
         "source.port": 3210,
         "tags": [
             "forwarded",
@@ -2759,7 +2803,9 @@
         "rsa.time.day": "9",
         "rsa.time.month": "Nov",
         "service.type": "snort",
-        "source.ip": "10.224.250.83",
+        "source.ip": [
+            "10.224.250.83"
+        ],
         "tags": [
             "forwarded",
             "snort.log"
@@ -2810,7 +2856,9 @@
         "rsa.time.month": "Nov",
         "service.type": "snort",
         "source.geo.country_name": "ipi",
-        "source.ip": "10.38.22.60",
+        "source.ip": [
+            "10.38.22.60"
+        ],
         "source.port": 653,
         "tags": [
             "forwarded",
@@ -2865,7 +2913,9 @@
         "rule.name": "tlab",
         "service.type": "snort",
         "source.bytes": 42,
-        "source.ip": "10.46.57.181",
+        "source.ip": [
+            "10.46.57.181"
+        ],
         "source.port": 3760,
         "tags": [
             "forwarded",
@@ -3020,7 +3070,9 @@
         "rule.name": "Secti",
         "service.type": "snort",
         "source.bytes": 4673,
-        "source.ip": "10.107.144.80",
+        "source.ip": [
+            "10.107.144.80"
+        ],
         "source.port": 703,
         "tags": [
             "forwarded",
@@ -3126,7 +3178,9 @@
         "rsa.time.day": "17",
         "rsa.time.month": "Mar",
         "service.type": "snort",
-        "source.ip": "10.198.207.31",
+        "source.ip": [
+            "10.198.207.31"
+        ],
         "source.port": 579,
         "tags": [
             "forwarded",
@@ -3388,7 +3442,9 @@
         "rule.name": "itsed",
         "service.type": "snort",
         "source.bytes": 2005,
-        "source.ip": "10.154.87.98",
+        "source.ip": [
+            "10.154.87.98"
+        ],
         "source.port": 2632,
         "tags": [
             "forwarded",
@@ -3443,7 +3499,9 @@
         "rule.name": "dantiu",
         "service.type": "snort",
         "source.bytes": 4338,
-        "source.ip": "10.35.59.140",
+        "source.ip": [
+            "10.35.59.140"
+        ],
         "source.port": 1832,
         "tags": [
             "forwarded",
@@ -3613,7 +3671,9 @@
         "rsa.time.day": "19",
         "rsa.time.month": "Sep",
         "service.type": "snort",
-        "source.ip": "10.14.46.141",
+        "source.ip": [
+            "10.14.46.141"
+        ],
         "tags": [
             "forwarded",
             "snort.log"
@@ -3798,7 +3858,9 @@
         "rsa.time.day": "30",
         "rsa.time.month": "Nov",
         "service.type": "snort",
-        "source.ip": "10.125.130.61",
+        "source.ip": [
+            "10.125.130.61"
+        ],
         "source.nat.ip": "10.32.195.34",
         "source.nat.port": 135,
         "source.port": 6154,
@@ -3839,7 +3901,9 @@
         "rsa.time.day": "14",
         "rsa.time.month": "Dec",
         "service.type": "snort",
-        "source.ip": "10.188.88.133",
+        "source.ip": [
+            "10.188.88.133"
+        ],
         "tags": [
             "forwarded",
             "snort.log"
