Add pipeline test for Fortinet Firewall #437
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
These are the original failures after enabling the test.
FAILURE DETAILS:
fortinet/firewall test-fortinet.log:
[0] field "_temp.time" is undefined
[1] field "fortinet.firewall.devid" is undefined
[2] field "fortinet.firewall.devname" is undefined
[3] field "fortinet.firewall.dir" is undefined
[4] field "fortinet.firewall.group" is undefined
[5] field "fortinet.firewall.level" is undefined
[6] field "fortinet.firewall.locip" is undefined
[7] field "fortinet.firewall.locport" is undefined
[8] field "fortinet.firewall.logdesc" is undefined
[9] field "fortinet.firewall.logid" is undefined
[10] field "fortinet.firewall.msg" is undefined
[11] field "fortinet.firewall.remip" is undefined
[12] field "fortinet.firewall.remport" is undefined
[13] field "fortinet.firewall.user" is undefined
[14] field "syslog5424_pri" is undefined
[15] field "syslog5424_sd" is undefined
[16] parsing field value failed: field "fortinet.firewall.disklograte"''s Go type, string, does not match the expected field type: long
[17] parsing field value failed: field "fortinet.firewall.fazlograte"''s Go type, string, does not match the expected field type: long
[18] parsing field value failed: field "fortinet.firewall.lanin"''s Go type, string, does not match the expected field type: long
[19] parsing field value failed: field "fortinet.firewall.lanout"''s Go type, string, does not match the expected field type: long
[20] parsing field value failed: field "fortinet.firewall.setuprate"''s Go type, string, does not match the expected field type: long
[21] parsing field value failed: field "fortinet.firewall.wanin"''s Go type, string, does not match the expected field type: long
[22] parsing field value failed: field "fortinet.firewall.wanout"''s Go type, string, does not match the expected field type: long
--- Test results for package: fortinet - END ---
|
This PR needs fixes for the mappings and incorrect data types in the JSON (needs |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
|
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
andrewkroh
commented
Dec 3, 2020
| - fortinet.firewall.duration | ||
| - host | ||
| - _temp.time | ||
| - _temp |
There was a problem hiding this comment.
Does this only work on leaf fields? I'm curious since it has both _temp.time and _temp.
andrewkroh
commented
Dec 4, 2020
There was a problem hiding this comment.
@leehinman LGTM. I cannot approve since I'm the original author. 😆
|
run tests |
andrewstucki
approved these changes
Dec 9, 2020
andrewkroh
added a commit
to andrewkroh/beats
that referenced
this pull request
Jan 12, 2021
Drop assignip if the value is "N/A". elastic/integrations#437
andrewkroh
added a commit
to elastic/beats
that referenced
this pull request
Jan 25, 2021
* Sync changes to AWS CloudTrail elastic/integrations#408 * Sync changes to CheckPoint Firewall Change type of event.severity. elastic/integrations#409 * Sync changes from Cisco ASA / FTD elastic/integrations#414 * Sync changes from Cisco IOS Make icmp and igmp fields strings because they are keywords. elastic/integrations#416 * Sync changes to CrowdStrike Falcon Fix some field types. elastic/integrations#377 * Sync changes to Fortinet Firewall Drop assignip if the value is "N/A". elastic/integrations#437 * Sync changes to Juniper SRX Convert event.risk values to float Protect against missing event.timezone Convert event.severity to long. elastic/integrations#443 * Sync changes to Suricata EVE Convert suricata.eve.flow_id to string because the field is a keyword in the mapping. elastic/integrations#457 * Sync changes to Zeek DNS Fix usages of ignore_failure with convert processor. Make DNS transaction ID a string. elastic/integrations#448 * Add changelog
andrewkroh
added a commit
to andrewkroh/beats
that referenced
this pull request
Feb 16, 2021
* Sync changes to AWS CloudTrail elastic/integrations#408 * Sync changes to CheckPoint Firewall Change type of event.severity. elastic/integrations#409 * Sync changes from Cisco ASA / FTD elastic/integrations#414 * Sync changes from Cisco IOS Make icmp and igmp fields strings because they are keywords. elastic/integrations#416 * Sync changes to CrowdStrike Falcon Fix some field types. elastic/integrations#377 * Sync changes to Fortinet Firewall Drop assignip if the value is "N/A". elastic/integrations#437 * Sync changes to Juniper SRX Convert event.risk values to float Protect against missing event.timezone Convert event.severity to long. elastic/integrations#443 * Sync changes to Suricata EVE Convert suricata.eve.flow_id to string because the field is a keyword in the mapping. elastic/integrations#457 * Sync changes to Zeek DNS Fix usages of ignore_failure with convert processor. Make DNS transaction ID a string. elastic/integrations#448 * Add changelog (cherry picked from commit bf46572)
adriansr
pushed a commit
to elastic/beats
that referenced
this pull request
Feb 17, 2021
#24077) * Sync fixes from Integration Package Testing (#23424) * Sync changes to AWS CloudTrail elastic/integrations#408 * Sync changes to CheckPoint Firewall Change type of event.severity. elastic/integrations#409 * Sync changes from Cisco ASA / FTD elastic/integrations#414 * Sync changes from Cisco IOS Make icmp and igmp fields strings because they are keywords. elastic/integrations#416 * Sync changes to CrowdStrike Falcon Fix some field types. elastic/integrations#377 * Sync changes to Fortinet Firewall Drop assignip if the value is "N/A". elastic/integrations#437 * Sync changes to Juniper SRX Convert event.risk values to float Protect against missing event.timezone Convert event.severity to long. elastic/integrations#443 * Sync changes to Suricata EVE Convert suricata.eve.flow_id to string because the field is a keyword in the mapping. elastic/integrations#457 * Sync changes to Zeek DNS Fix usages of ignore_failure with convert processor. Make DNS transaction ID a string. elastic/integrations#448 * Add changelog (cherry picked from commit bf46572)
eyalkraft
pushed a commit
to build-security/integrations
that referenced
this pull request
Mar 30, 2022
* Add pipeline test for Fortinet Firewall
These are the original failures after enabling the test.
FAILURE DETAILS:
fortinet/firewall test-fortinet.log:
[0] field "_temp.time" is undefined
[1] field "fortinet.firewall.devid" is undefined
[2] field "fortinet.firewall.devname" is undefined
[3] field "fortinet.firewall.dir" is undefined
[4] field "fortinet.firewall.group" is undefined
[5] field "fortinet.firewall.level" is undefined
[6] field "fortinet.firewall.locip" is undefined
[7] field "fortinet.firewall.locport" is undefined
[8] field "fortinet.firewall.logdesc" is undefined
[9] field "fortinet.firewall.logid" is undefined
[10] field "fortinet.firewall.msg" is undefined
[11] field "fortinet.firewall.remip" is undefined
[12] field "fortinet.firewall.remport" is undefined
[13] field "fortinet.firewall.user" is undefined
[14] field "syslog5424_pri" is undefined
[15] field "syslog5424_sd" is undefined
[16] parsing field value failed: field "fortinet.firewall.disklograte"''s Go type, string, does not match the expected field type: long
[17] parsing field value failed: field "fortinet.firewall.fazlograte"''s Go type, string, does not match the expected field type: long
[18] parsing field value failed: field "fortinet.firewall.lanin"''s Go type, string, does not match the expected field type: long
[19] parsing field value failed: field "fortinet.firewall.lanout"''s Go type, string, does not match the expected field type: long
[20] parsing field value failed: field "fortinet.firewall.setuprate"''s Go type, string, does not match the expected field type: long
[21] parsing field value failed: field "fortinet.firewall.wanin"''s Go type, string, does not match the expected field type: long
[22] parsing field value failed: field "fortinet.firewall.wanout"''s Go type, string, does not match the expected field type: long
--- Test results for package: fortinet - END ---
* fix errors in pipeline
Co-authored-by: Lee E. Hinman <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This adds a pipeline test for Fortinet Firewall.
These are the original failures after enabling the test.
Checklist
Related issues