Skip to content

Commit 914fdfb

Browse files
efd6efd6
authored
cisco_meraki: improve event handling (#9841)
* preserve message to help with unhandled types * add handling for event types * anyconnect_vpn_auth_success * anyconnect_vpn_connect * anyconnect_vpn_disconnect * anyconnect_vpn_session_manager * martian_vlan * splash_auth
1 parent a2bdff9 commit 914fdfb

18 files changed

+1068
-2
lines changed

packages/cisco_meraki/changelog.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,12 @@
11
# newer versions go on top
2+
- version: "1.22.0"
3+
changes:
4+
- description: Retain message for all events.
5+
type: enhancement
6+
link: https://github.com/elastic/integrations/pull/9841
7+
- description: Improve event type handling.
8+
type: enhancement
9+
link: https://github.com/elastic/integrations/pull/9841
210
- version: "1.21.2"
311
changes:
412
- description: Fix webhook shared secret configuration and behavior.

packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-airmarshal-events.log-expected.json

Lines changed: 175 additions & 0 deletions
Large diffs are not rendered by default.

packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,3 +31,18 @@
3131
<134>1 1700036617.740693756 AB_1234_Amsterdam_MX01 events carrier_change device port1 up false
3232
<134>1 1700036798.491301379 ABC_NL_AMS1_SW_B1 events port 44 status changed from 10fdx to down
3333
<134>1 1700038224.482632052 ABC_NL_AMS1_SW_B1 events port 44 status changed from down to 1Gfdx
34+
<134>1 1639132851.416656563 TCP9001 events anyconnect_vpn_disconnect user id 'user.name1' local ip 172.25.22.82 connected from 67.43.156.14
35+
<134>1 1639132851.416656563 TCP9001 events anyconnect_vpn_connect user id 'user.name2' local ip 172.25.22.244 reconnected from 67.43.156.14
36+
<134>1 1639132851.416656563 TCP9001 events type=splash_auth mac='4C:03:4F:5C:5B:43' duration='604800' vap='0' wired_vlan='-1' download='1Gbps' upload='1Gbps'
37+
<134>1 1639132851.416656563 TCP9001 events type=martian_vlan Client='172.25.25.74' MAC='24:5E:BE:19:45:2E' VLAN='24' details='sent 7088457 unexpected packets (Last seen packet IP=169.254.100.100)'
38+
<134>1 1639132851.416656563 TCP9001 events type=martian_vlan Client='172.25.25.196' MAC='CC:96:E5:9F:09:89' VLAN='24' details='sent 834351 unexpected packets (Last seen packet IP=172.25.40.16, IP on VLAN=40)'
39+
<134>1 1639132851.416656563 TCP9001 events type=martian_vlan summary='8058083 unexpected packets seen (8057025 packets till last report)'
40+
<134>1 1639132851.416656563 TCP9001 events type=anyconnect_vpn_session_manager msg= 'Sess-ID[369] Peer IP=1.1.1.1 User[user.name1]: Session disconnected. Session Type: SSL, Duration: 1d:24h:00m:00s, Bytes xmt: 22412809, Bytes rcv: 4138099, Reason: Max time exceeded '
41+
<134>1 1639132851.416656563 TCP9001 events type=anyconnect_vpn_session_manager msg= 'Sess-ID[396] Peer IP=2.2.2.2 User[user.name2]: Deleted TLS tunnel[396.17] from DB. Reason: DPD kill '
42+
<134>1 1639132851.416656563 TCP9001 events type=anyconnect_vpn_session_manager msg= 'Sess-ID[396] Peer IP=2.2.2.2 User[user.name2]: Deleted DTLS tunnel[396.18] from DB. Reason: DPD kill '
43+
<134>1 1639132851.416656563 TCP9001 events type=anyconnect_vpn_session_manager msg= 'Sess-ID[396] Peer IP=2.2.2.2 User[user.name2]: conn_id[18007] Added DTLS tunnel[396.18] to DB '
44+
<134>1 1639132851.416656563 TCP9001 events type=anyconnect_vpn_session_manager msg= 'Sess-ID[396] Peer IP=2.2.2.2 User[user.name2]: conn_id[18006] Added TLS tunnel[396.17] to DB '
45+
<134>1 1639132851.416656563 TCP9001 events type=anyconnect_vpn_session_manager msg= 'Peer IP=2.2.2.2 User[user.name2] Sess-ID[396]: Applied VPN filter[AnyConnect policy] for assigned IP 172.25.22.244 '
46+
<134>1 1639132851.416656563 TCP9001 events type=anyconnect_vpn_session_manager msg= 'Sess-ID[420] Peer IP=3.3.3.3 User[user.name3]: Session disconnected. Session Type: SSL, Duration: 0d:00h:23m:03s, Bytes xmt: 135325, Bytes rcv: 74821, Reason: User Requested '
47+
<134>1 1639132851.416656563 TCP9001 events type=anyconnect_vpn_session_manager msg= 'Sess-ID[420] Peer IP=3.3.3.3 User[user3.name]: Deleted TLS tunnel[420.3] from DB. Reason: User Requested '
48+
<134>1 1639132851.416656563 TCP9001 events type=anyconnect_vpn_auth_success msg= 'RADIUS[511] Server IP=172.25.30.12 Server port=1812 Peer IP=4.4.4.4 Peer port=56193 User=user.name4: Authentication request accepted. '

0 commit comments

Comments
 (0)