elastic · efd6 · Jun 15, 2022 · Jun 14, 2022 · Jun 14, 2022 · Jun 14, 2022
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.0.2"
+  changes:
+    - description: Update HAProxy log parsing to handle non HTTPS and TCP logs
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/3504
 - version: "1.0.1"
   changes:
     - description: Format client.mac as per ECS.

@@ -1,3 +1,7 @@
 <134>Aug 15 16:15:18 haproxy[41476]: 10.87.93.55:59607 [15/Aug/2021:16:15:18.502] TestFrontend~ TestBackend/TestServer 0/0/0/2/2 400 182 - - ---- 2/2/0/1/0 0/0 "GET /favicon.ico HTTP/1.1" 
 <134>Aug 15 16:17:18 haproxy[41476]: 10.87.93.55:59607 [15/Aug/2021:16:15:18.407] TestFrontend~ TestBackend/TestServer 0/0/0/3/3 400 182 - - ---- 2/2/0/1/0 0/0 "GET /login HTTP/1.1" 
-<134>Aug 15 16:18:40 haproxy[41476]: 10.87.93.55:58722 [15/Aug/2021:16:15:10.549] TestFrontend~ TestBackend/<NOSRV> -1/-1/-1/-1/30014 408 212 - - cR-- 2/2/0/0/0 0/0 "<BADREQ>" 
+<134>Aug 15 16:18:40 haproxy[41476]: 10.87.93.55:58722 [15/Aug/2021:16:15:10.549] TestFrontend~ TestBackend/<NOSRV> -1/-1/-1/-1/30014 408 212 - - cR-- 2/2/0/0/0 0/0 "<BADREQ>" 
+<134>Jun 13 20:53:10 pfSense haproxy[25571]: 10.0.200.110:50578 [13/Jun/2022:20:53:10.208] TestFrontend TestBackend_ipvANY/TestServer 0/0/0/433/537 200 65018 - - ---- 5/5/0/1/0 0/0 "GET /static/fonts/roboto/Roboto-Bold.woff2 HTTP/1.1"
+<134>Jun 13 20:56:55 pfSense haproxy[31709]: 10.0.200.110:50611 [13/Jun/2022:20:56:55.187] TestFrontend-copy TestBackend_ipvANY/TestServer 0/0/204 366 -- 2/2/1/1/0 0/0
+<134>Jun 13 20:53:49 pfSense haproxy[80917]: Connect from 10.50.11.19:50583 to 192.168.75.211:80 (ACME/HTTP)
+<134>1 2022-06-14T13:01:42.000000+02:00 haproxy.local haproxy 48723 - - 175.16.199.10:63605 [14/Jun/2022:12:41:42.440] URLS-merged/67.43.156.15:443: Timeout during SSL handshake
@@ -28,7 +28,7 @@
                     "retries": 0,
                     "server": 1
                 },
-                "frontend_name": "TestFrontend",
+                "frontend_name": "TestFrontend~",
                 "http": {
                     "request": {
                         "raw_request_line": "GET /favicon.ico HTTP/1.1",
@@ -79,7 +79,6 @@
             "tags": [
                 "preserve_original_event"
             ],
-            "temp": {},
             "url": {
                 "extension": "ico",
                 "original": "/favicon.ico",
@@ -114,7 +113,7 @@
                     "retries": 0,
                     "server": 1
                 },
-                "frontend_name": "TestFrontend",
+                "frontend_name": "TestFrontend~",
                 "http": {
                     "request": {
                         "raw_request_line": "GET /login HTTP/1.1",
@@ -165,7 +164,6 @@
             "tags": [
                 "preserve_original_event"
             ],
-            "temp": {},
             "url": {
                 "original": "/login",
                 "path": "/login"
@@ -199,7 +197,7 @@
                     "retries": 0,
                     "server": 0
                 },
-                "frontend_name": "TestFrontend",
+                "frontend_name": "TestFrontend~",
                 "http": {
                     "request": {
                         "raw_request_line": "\u003cBADREQ\u003e",
@@ -243,10 +241,292 @@
                 "ip": "10.87.93.55",
                 "port": 58722
             },
+            "tags": [
+                "preserve_original_event"
+            ]
+        },
+        {
+            "@timestamp": "2022-06-13T20:53:10.208-04:00",
+            "ecs": {
+                "version": "8.2.0"
+            },
+            "event": {
+                "category": [
+                    "web"
+                ],
+                "duration": 537000000,
+                "kind": "event",
+                "original": "\u003c134\u003eJun 13 20:53:10 pfSense haproxy[25571]: 10.0.200.110:50578 [13/Jun/2022:20:53:10.208] TestFrontend TestBackend_ipvANY/TestServer 0/0/0/433/537 200 65018 - - ---- 5/5/0/1/0 0/0 \"GET /static/fonts/roboto/Roboto-Bold.woff2 HTTP/1.1\"",
+                "outcome": "success",
+                "provider": "haproxy",
+                "timezone": "-04:00"
+            },
+            "haproxy": {
+                "backend_name": "TestBackend_ipvANY",
+                "backend_queue": 0,
+                "bytes_read": 65018,
+                "connection_wait_time_ms": 0,
+                "connections": {
+                    "active": 5,
+                    "backend": 0,
+                    "frontend": 5,
+                    "retries": 0,
+                    "server": 1
+                },
+                "frontend_name": "TestFrontend",
+                "http": {
+                    "request": {
+                        "raw_request_line": "GET /static/fonts/roboto/Roboto-Bold.woff2 HTTP/1.1",
+                        "time_wait_ms": 0,
+                        "time_wait_without_data_ms": 433
+                    },
+                    "response": {}
+                },
+                "server_name": "TestServer",
+                "server_queue": 0,
+                "termination_state": "----",
+                "total_waiting_time_ms": 0
+            },
+            "http": {
+                "request": {
+                    "method": "GET"
+                },
+                "response": {
+                    "bytes": 65018,
+                    "status_code": 200
+                },
+                "version": "1.1"
+            },
+            "log": {
+                "syslog": {
+                    "priority": 134
+                }
+            },
+            "message": "10.0.200.110:50578 [13/Jun/2022:20:53:10.208] TestFrontend TestBackend_ipvANY/TestServer 0/0/0/433/537 200 65018 - - ---- 5/5/0/1/0 0/0 \"GET /static/fonts/roboto/Roboto-Bold.woff2 HTTP/1.1\"",
+            "observer": {
+                "name": "pfSense",
+                "type": "firewall",
+                "vendor": "netgate"
+            },
+            "process": {
+                "name": "haproxy",
+                "pid": 25571
+            },
+            "related": {
+                "ip": [
+                    "10.0.200.110"
+                ]
+            },
+            "source": {
+                "address": "10.0.200.110",
+                "ip": "10.0.200.110",
+                "port": 50578
+            },
             "tags": [
                 "preserve_original_event"
             ],
-            "temp": {}
+            "url": {
+                "extension": "woff2",
+                "original": "/static/fonts/roboto/Roboto-Bold.woff2",
+                "path": "/static/fonts/roboto/Roboto-Bold.woff2"
+            }
+        },
+        {
+            "@timestamp": "2022-06-13T20:56:55.187-04:00",
+            "ecs": {
+                "version": "8.2.0"
+            },
+            "event": {
+                "duration": 204000000,
+                "kind": "event",
+                "original": "\u003c134\u003eJun 13 20:56:55 pfSense haproxy[31709]: 10.0.200.110:50611 [13/Jun/2022:20:56:55.187] TestFrontend-copy TestBackend_ipvANY/TestServer 0/0/204 366 -- 2/2/1/1/0 0/0",
+                "provider": "haproxy",
+                "timezone": "-04:00"
+            },
+            "haproxy": {
+                "backend_name": "TestBackend_ipvANY",
+                "backend_queue": 0,
+                "bytes_read": 366,
+                "connection_wait_time_ms": 0,
+                "connections": {
+                    "active": 2,
+                    "backend": 1,
+                    "frontend": 2,
+                    "retries": 0,
+                    "server": 1
+                },
+                "frontend_name": "TestFrontend-copy",
+                "server_name": "TestServer",
+                "server_queue": 0,
+                "termination_state": "--",
+                "total_waiting_time_ms": 0
+            },
+            "log": {
+                "syslog": {
+                    "priority": 134
+                }
+            },
+            "message": "10.0.200.110:50611 [13/Jun/2022:20:56:55.187] TestFrontend-copy TestBackend_ipvANY/TestServer 0/0/204 366 -- 2/2/1/1/0 0/0",
+            "observer": {
+                "name": "pfSense",
+                "type": "firewall",
+                "vendor": "netgate"
+            },
+            "process": {
+                "name": "haproxy",
+                "pid": 31709
+            },
+            "related": {
+                "ip": [
+                    "10.0.200.110"
+                ]
+            },
+            "source": {
+                "address": "10.0.200.110",
+                "ip": "10.0.200.110",
+                "port": 50611
+            },
+            "tags": [
+                "preserve_original_event"
+            ]
+        },
+        {
+            "@timestamp": "2022-06-13T20:53:49.000-04:00",
+            "destination": {
+                "address": "192.168.75.211",
+                "ip": "192.168.75.211",
+                "port": 80
+            },
+            "ecs": {
+                "version": "8.2.0"
+            },
+            "event": {
+                "category": [
+                    "web",
+                    "network"
+                ],
+                "kind": "event",
+                "original": "\u003c134\u003eJun 13 20:53:49 pfSense haproxy[80917]: Connect from 10.50.11.19:50583 to 192.168.75.211:80 (ACME/HTTP)",
+                "provider": "haproxy",
+                "timezone": "-04:00",
+                "type": [
+                    "connection"
+                ]
+            },
+            "haproxy": {
+                "frontend_name": "ACME",
+                "mode": "HTTP"
+            },
+            "log": {
+                "syslog": {
+                    "priority": 134
+                }
+            },
+            "message": "Connect from 10.50.11.19:50583 to 192.168.75.211:80 (ACME/HTTP)",
+            "observer": {
+                "name": "pfSense",
+                "type": "firewall",
+                "vendor": "netgate"
+            },
+            "process": {
+                "name": "haproxy",
+                "pid": 80917
+            },
+            "related": {
+                "ip": [
+                    "192.168.75.211",
+                    "10.50.11.19"
+                ]
+            },
+            "source": {
+                "address": "10.50.11.19",
+                "ip": "10.50.11.19",
+                "port": 50583
+            },
+            "tags": [
+                "preserve_original_event"
+            ]
+        },
+        {
+            "@timestamp": "2022-06-14T12:41:42.440+02:00",
+            "destination": {
+                "address": "67.43.156.15",
+                "as": {
+                    "number": 35908
+                },
+                "geo": {
+                    "continent_name": "Asia",
+                    "country_iso_code": "BT",
+                    "country_name": "Bhutan",
+                    "location": {
+                        "lat": 27.5,
+                        "lon": 90.5
+                    }
+                },
+                "ip": "67.43.156.15",
+                "port": 443
+            },
+            "ecs": {
+                "version": "8.2.0"
+            },
+            "event": {
+                "category": [
+                    "network"
+                ],
+                "kind": "event",
+                "original": "\u003c134\u003e1 2022-06-14T13:01:42.000000+02:00 haproxy.local haproxy 48723 - - 175.16.199.10:63605 [14/Jun/2022:12:41:42.440] URLS-merged/67.43.156.15:443: Timeout during SSL handshake",
+                "provider": "haproxy",
+                "timezone": "+02:00",
+                "type": [
+                    "connection"
+                ]
+            },
+            "haproxy": {
+                "bind_name": "67.43.156.15:443",
+                "error_message": "Timeout during SSL handshake",
+                "frontend_name": "URLS-merged"
+            },
+            "log": {
+                "syslog": {
+                    "priority": 134
+                }
+            },
+            "message": "175.16.199.10:63605 [14/Jun/2022:12:41:42.440] URLS-merged/67.43.156.15:443: Timeout during SSL handshake",
+            "observer": {
+                "name": "haproxy.local",
+                "type": "firewall",
+                "vendor": "netgate"
+            },
+            "process": {
+                "name": "haproxy",
+                "pid": 48723
+            },
+            "related": {
+                "ip": [
+                    "67.43.156.15",
+                    "175.16.199.10"
+                ]
+            },
+            "source": {
+                "address": "175.16.199.10",
+                "geo": {
+                    "city_name": "Changchun",
+                    "continent_name": "Asia",
+                    "country_iso_code": "CN",
+                    "country_name": "China",
+                    "location": {
+                        "lat": 43.88,
+                        "lon": 125.3228
+                    },
+                    "region_iso_code": "CN-22",
+                    "region_name": "Jilin Sheng"
+                },
+                "ip": "175.16.199.10",
+                "port": 63605
+            },
+            "tags": [
+                "preserve_original_event"
+            ]
         }
     ]
 }