elastic
diff --git a/‎packages/panw/_dev/deploy/docker/docker-compose.yml‎
Lines changed: 13 additions & 3 deletions b/‎packages/panw/_dev/deploy/docker/docker-compose.yml‎
Lines changed: 13 additions & 3 deletions
diff --git a/‎packages/panw/_dev/deploy/docker/syslog_logs/panw-panos-traffic.log‎
Lines changed: 200 additions & 0 deletions b/‎packages/panw/_dev/deploy/docker/syslog_logs/panw-panos-traffic.log‎
Lines changed: 200 additions & 0 deletions
diff --git a/‎packages/panw/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/panw/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/panw/data_stream/panos/_dev/test/system/test-syslog-config.yml‎
Lines changed: 0 additions & 6 deletions b/‎packages/panw/data_stream/panos/_dev/test/system/test-syslog-config.yml‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎packages/panw/data_stream/panos/_dev/test/system/test-tcp-config.yml‎
Lines changed: 7 additions & 0 deletions b/‎packages/panw/data_stream/panos/_dev/test/system/test-tcp-config.yml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎packages/panw/data_stream/panos/_dev/test/system/test-tls-config.yml‎
Lines changed: 59 additions & 0 deletions b/‎packages/panw/data_stream/panos/_dev/test/system/test-tls-config.yml‎
Lines changed: 59 additions & 0 deletions
diff --git a/‎packages/panw/data_stream/panos/_dev/test/system/test-udp-config.yml‎
Lines changed: 7 additions & 0 deletions b/‎packages/panw/data_stream/panos/_dev/test/system/test-udp-config.yml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎packages/panw/data_stream/panos/agent/stream/logfile.yml.hbs‎
Lines changed: 1 addition & 1 deletion b/‎packages/panw/data_stream/panos/agent/stream/logfile.yml.hbs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/panw/data_stream/panos/agent/stream/syslog.yml.hbs‎
Lines changed: 0 additions & 33 deletions b/‎packages/panw/data_stream/panos/agent/stream/syslog.yml.hbs‎
Lines changed: 0 additions & 33 deletions
diff --git a/‎packages/panw/data_stream/panos/agent/stream/tcp.yml.hbs‎
Lines changed: 44 additions & 0 deletions b/‎packages/panw/data_stream/panos/agent/stream/tcp.yml.hbs‎
Lines changed: 44 additions & 0 deletions
@@ -6,8 +6,18 @@ services:
  - ./sample_logs:/sample_logs:ro
  - ${SERVICE_LOGS_DIR}:/var/log
  command: /bin/sh -c "cp /sample_logs/* /var/log/"
- panw-panos-syslog:
- image: akroh/stream:v0.0.1
+ panw-panos-tls:
+ image: docker.elastic.co/observability/stream:v0.6.2
  volumes:
- - ./sample_logs:/sample_logs:ro
+ - ./syslog_logs:/sample_logs:ro
+ command: log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9515 -p=tls --insecure /sample_logs/panw-panos-traffic.log
+ panw-panos-tcp:
+ image: docker.elastic.co/observability/stream:v0.6.2
+ volumes:
+ - ./syslog_logs:/sample_logs:ro
+ command: log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9514 -p=tcp /sample_logs/panw-panos-traffic.log
+ panw-panos-udp:
+ image: docker.elastic.co/observability/stream:v0.6.2
+ volumes:
+ - ./syslog_logs:/sample_logs:ro
  command: log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9514 -p=udp /sample_logs/panw-panos-traffic.log
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.2.0"
+ changes:
+ - description: Replace syslog input with UDP/TCP input and syslog processor.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/3323
 - version: "2.1.0"
  changes:
  - description: Add GeoIP/ASN data for `*.nat.ip` fields
 
@@ -0,0 +1,7 @@
+service: panw-panos-tcp
+service_notify_signal: SIGHUP
+input: tcp
+data_stream:
+ vars:
+ syslog_host: 0.0.0.0
+ syslog_port: 9514
@@ -0,0 +1,59 @@
+service: panw-panos-tls
+service_notify_signal: SIGHUP
+input: tcp
+data_stream:
+ vars:
+ syslog_host: 0.0.0.0
+ syslog_port: 9515
+ ssl: |
+ key: |
+ -----BEGIN PRIVATE KEY-----
+ MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDhCLvLsQAHufsN
+ U+u1x/CequAUphfXZqLhDo2Eo/holfBS0+ey4bnzPL6lS9NFL5JkLQA2gYESqsXU
+ /Ru8E76Az1egzMwT3TVAPLVU8NbrxBqeNiQa2m9wC37HQy4qC9OxL28LUoKtFjxS
+ cD1sa0oikXCJN1a3BSoAf9iiZ/dxz4WVfrNhrzq2JFXjravY84n5ujkZOg45Pg70
+ 4vHOeg0rBbIoSNfjDUVZWjwC95K1BMN3msOTL9juv/EDa6BujqCxl+G1nY7JPFDL
+ SHWis65p+1AAa5xieYDb47vyJ0SSR7lEURTXZOkkM6k5JWfgkATEmGzRxPkOloIT
+ Xg9ag1OlAgMBAAECggEAEHfPJmzhj68wjB0kFr13AmWG2Hv/Kqg8KzQhbx+AwkaW
+ u7j+L70NGpvLZ9VQtLNyhxoz9cksZO1SZO/Q48aeHlcOFppmJN3/U6AdtQWa9M35
+ FLLpmX16wjxVHsfvzOvopgLOoYl8PqZt66qDFDgVyMnT7na6RdJ+7GJuvBPXq+Bc
+ vgThvAZitHSAOhnBFYmTMlBi6AzOMMsaFlgE3Xf9v3M0pAKItPRKMhXlC3MyvA/v
+ jgbra4Ib+0ryohggHheHB3bn3Jgv7iFKoW9OQSePVxacJ+kfr9H+No5g495URzqR
+ mx/96WCiv3rAh3ct8Sk/C4/3zMC8fUueDJIVjhgw0QKBgQD8NufLINNkIpBrLoCS
+ 972oFEjZB2u6EusQ7X9raROqpaw26ZSu+zSHeIKCGQ93M3aRb3FpdGeOxgZ095MV
+ 8a+nlh4stOvHj2Mm5YhTBDUavTC7o9aVR3Od5eTXUpHnaJpNI/uyIcKupeK1UJnV
+ UlBLeIwo/vJ1gsVrKMMAJkuKbwKBgQDkaWRRd0w2gUIbCTGf203BqXft0VdIiOW7
+ +gnkeaNHAf09XljzxMcQzrB8kG63aKVGbJffphEfzxtiJ+HRQVH+7QpKRhU/GHmu
+ +6OKkxTcxJm5zhoRFxcSi2wG4PWmUGJvc7ss1OJGcaOUxwocCepO7N/jfdDz9Uke
+ KnA+YWOdKwKBgQDteZkYlojT0QOgF8HyH5gQyUCqMKWLJ0LzxltiPCbLV4Dml1pq
+ w5Z7M8nWS1hXiTpLx93GSFc1hFkSCwYP9GfK6Lryp0sVtHnMZvTMDbseuSJImwRx
+ vDwtYQfugg1lEQWwOoBEAiu3m/PxernNtNprpU57T0nlwUK3GkM5QdWAuwKBgQCZ
+ ZF3GiANapzupxGbbH//8Cr9LqsafI7CEqMpz8WxBh4h16iJ6sq+tDeFgBe8UpOY5
+ gTwNKg1d+0w8guQYD3HtbWr3rlEeamVtqfiOW3ArQqyqJ0tCJuuLvK3zgKf35Qv2
+ JRaSaPT8sdxVUcXsRoxgLJu+vwPQke1koMN4YRbwuQKBgQDJiZ/WSeqa5oIqkXbn
+ hjm7RXKaf2oE1U/bNjdSFtdEP7T4vUvvr7Hq2f/jiBLtCE7w16PJjKx9iIq2+jMl
+ qIY43Sk9bdi5FxtYTHda0hwrbH274P+QVcVs5PXCT0TGktOleHGBlXaaPrxl9iCh
+ 8tmmxZZYa5aQxEO/lxB9xQKaiQ==
+ -----END PRIVATE KEY-----
+ certificate: |
+ -----BEGIN CERTIFICATE-----
+ MIIDazCCAlOgAwIBAgIUW5TDu1tJMY2Oa7PsL+BQSmeWqz0wDQYJKoZIhvcNAQEL
+ BQAwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+ GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTEwMDEwNTAwMjNaFw0yMTEw
+ MDIwNTAwMjNaMEUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+ HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+ AQUAA4IBDwAwggEKAoIBAQDhCLvLsQAHufsNU+u1x/CequAUphfXZqLhDo2Eo/ho
+ lfBS0+ey4bnzPL6lS9NFL5JkLQA2gYESqsXU/Ru8E76Az1egzMwT3TVAPLVU8Nbr
+ xBqeNiQa2m9wC37HQy4qC9OxL28LUoKtFjxScD1sa0oikXCJN1a3BSoAf9iiZ/dx
+ z4WVfrNhrzq2JFXjravY84n5ujkZOg45Pg704vHOeg0rBbIoSNfjDUVZWjwC95K1
+ BMN3msOTL9juv/EDa6BujqCxl+G1nY7JPFDLSHWis65p+1AAa5xieYDb47vyJ0SS
+ R7lEURTXZOkkM6k5JWfgkATEmGzRxPkOloITXg9ag1OlAgMBAAGjUzBRMB0GA1Ud
+ DgQWBBRYUSKDHBBE9Q6fTeTqogicCxcXwDAfBgNVHSMEGDAWgBRYUSKDHBBE9Q6f
+ TeTqogicCxcXwDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBc
+ T8B+GpvPy9NQ700LsywRPY0L9IJCKiu6j3TP1tqqSPjAC/cg9ac+bFXuWOu7V+KJ
+ s09Q/pItq9SLX6UvnfRzTxu5lCBwwGX9cL131mTIu5SmFo7Eks+sorbiIarWDMoC
+ e+9An3GFpagW+YhOt4BdIM5lTqoeodzganDBsOUZI9aDAj2Yo5h2O7r6Wd12cb6T
+ mz8vMfB2eG8BxU20ZMfkdERWjiyXHOSBQqeqfkV8d9370gMu5RcJNcIgnbmTRdho
+ X3HJFiimZVaNjXATqmC/y2A1KXvJdamPLy3mGXkW2cFLoPCdK2OZFUHqiuc1bigA
+ qEf55SihFqErRMeURPPF
+ -----END CERTIFICATE-----
@@ -0,0 +1,7 @@
+service: panw-panos-udp
+service_notify_signal: SIGHUP
+input: udp
+data_stream:
+ vars:
+ syslog_host: 0.0.0.0
+ syslog_port: 9514
@@ -33,4 +33,4 @@ processors:
 - add_locale: ~
 {{#if processors}}
 {{processors}}
-{{/if}}
+{{/if}}
@@ -0,0 +1,44 @@
+host: "{{syslog_host}}:{{syslog_port}}"
+tags:
+{{#if preserve_original_event}}
+ - preserve_original_event
+{{/if}}
+{{#each tags as |tag i|}}
+ - {{tag}}
+{{/each}}
+{{#contains "forwarded" tags}}
+publisher_pipeline.disable_host: true
+{{/contains}}
+{{#if ssl}}
+ssl: {{ssl}}
+{{/if}}
+processors:
+ - add_locale: ~
+ - syslog:
+ field: message
+ format: auto
+ timezone: {{tz_offset}}
+{{#if processors}}
+ {{processors}}
+{{/if}}
+{{#if internal_zones.length}}
+ - add_fields:
+ target: _conf
+ fields:
+ internal_zones:
+ {{#each internal_zones as |zone i|}}
+ - {{zone}}
+ {{/each}}
+{{/if}}
+{{#if external_zones.length}}
+ - add_fields:
+ target: _conf
+ fields:
+ external_zones:
+ {{#each external_zones as |zone i|}}
+ - {{zone}}
+ {{/each}}
+{{/if}}
+{{#if tcp_options}}
+{{tcp_options}}
+{{/if}}