Skip to content

Added parser for Linux kernel netfilter firewall log#8778

Merged
edsiper merged 2 commits intofluent:masterfrom
protohuf:parser_kmsg_netfilter_log
Jun 25, 2024
Merged

Added parser for Linux kernel netfilter firewall log#8778
edsiper merged 2 commits intofluent:masterfrom
protohuf:parser_kmsg_netfilter_log

Conversation

@protohuf
Copy link
Contributor

@protohuf protohuf commented Apr 30, 2024
edited
Loading

Adds a parser for Linux kernel netfilter firewall log messages. Applying this parser on the /var/log/kern.log will extract firewall logs

Testing
Before we can approve your change; please submit the following in a comment:

  • Example configuration file for the change
  • Debug log output from testing the change
pipeline:
  inputs:
    - name: tail
      tag: firewall
      path: /var/log/kern.log
      parser: kmsg-netfilter-log
  outputs:
    - name: stdout
  • Attached Valgrind output that shows no leaks or memory corruption was found

Documentation

  • Documentation required for this feature

Backporting

  • Backport to latest stable release.

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

edsiper
edsiper requested changes May 15, 2024
View reviewed changes
@edsiper edsiper added this to the Fluent Bit v3.0.4 milestone May 15, 2024
@protohuf protohuf requested a review from edsiper May 16, 2024 17:59
@edsiper
Copy link
Member

edsiper commented May 29, 2024

Please sign off the commits (DCO error)

protohuf added 2 commits May 29, 2024 22:11
@protohuf
Added parser for Linux kernel netfilter firewall log
e48ec00 
Signed-off-by: Marcus Hufvudsson <mh@protohuf.com>
@protohuf
Added 2 rubular examples (TCP and UDP), also fixed a minor bug with
51137f0 
parsing the RES= field

Signed-off-by: Marcus Hufvudsson <mh@protohuf.com>
@protohuf protohuf force-pushed the parser_kmsg_netfilter_log branch from b72b37d to 51137f0 Compare May 29, 2024 20:11
@protohuf
Copy link
Contributor Author

protohuf commented May 29, 2024
edited
Loading

@edsiper Missed the signed-off requirement in this project, sorry about that. It's fixed now

@edsiper edsiper merged commit fe988b1 into fluent:master Jun 25, 2024
@BrewTestBot BrewTestBot mentioned this pull request Jul 9, 2024
Closed
@protohuf protohuf deleted the parser_kmsg_netfilter_log branch September 11, 2024 20:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leonardo-albertovich leonardo-albertovich Awaiting requested review from leonardo-albertovich

@fujimotos fujimotos Awaiting requested review from fujimotos

@koleini koleini Awaiting requested review from koleini

@edsiper edsiper Awaiting requested review from edsiper edsiper is a code owner

Assignees

No one assigned

Labels

docs-required

Projects

None yet

Milestone

Fluent Bit v3.1.0

Development

Successfully merging this pull request may close these issues.

3 participants

@protohuf @edsiper @lecaros