elastic · gogochan · Jun 17, 2024 · Jun 13, 2024 · Jun 13, 2024 · Jun 13, 2024
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.26.10"
+ changes:
+ - description: Restore system Message handling for Cisco IOS
+ type: bugfix
+ link: https://github.com/elastic/integrations/pull/10147
 - version: "1.26.9"
  changes:
  - description: Update grok if statement to skip IOSXE messages with no sub-message

@@ -11,4 +11,5 @@
 <190>3352460: 3352481: Aug 12 2023 12:15:33.963 mdt: %IOSXE-6-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:001 TS:00013807835737559120 %FW-6-DROP_PKT: Dropping tcp pkt from GigabitEthernet1/0/2.6 10.50.14.44:53836 => 89.160.20.128:80(target:class)-(ZP_PROCESS_TO_CORPORATE:class-default) due to Policy drop:classify result with ip ident 13017 tcp flag 0x2, seq 4266642156, ack 0
 <191>: rt401-rk30409: Aug 18 07:15:04.461 CEST: last message repeated 66 times
 <189>1469087: chswitchm1: Mar 29 07:40:10.863 CDT: %ILPOWER-5-SENSE_POWER_INVALID: Interface Gi1/0/25: invalid power sense 78054 milliwatts current 515 mA voltage 151562 mV
-<189>1469087: ch_switch_m-1: Mar 29 07:40:10.863 CDT: %ILPOWER-5-SENSE_POWER_INVALID: Interface Gi1/0/25: invalid power sense 78054 milliwatts current 515 mA voltage 151562 mV
+<189>1469087: ch_switch_m-1: Mar 29 07:40:10.863 CDT: %ILPOWER-5-SENSE_POWER_INVALID: Interface Gi1/0/25: invalid power sense 78054 milliwatts current 515 mA voltage 151562 mV
+<189>Jun 12 18:10:50 10.53.35.85 %ILPOWER-5-IEEE_DISCONNECT: Interface Gi1/0/20: PD removed
@@ -635,6 +635,44 @@
  "tags": [
  "preserve_original_event"
  ]
+ },
+ {
+ "cisco": {
+ "ios": {
+ "facility": "ILPOWER"
+ }
+ },
+ "ecs": {
+ "version": "8.11.0"
+ },
+ "event": {
+ "category": [
+ "network"
+ ],
+ "code": "IEEE_DISCONNECT",
+ "original": "<189>Jun 12 18:10:50 10.53.35.85 %ILPOWER-5-IEEE_DISCONNECT: Interface Gi1/0/20: PD removed",
+ "provider": "firewall",
+ "severity": 5,
+ "type": [
+ "info"
+ ]
+ },
+ "log": {
+ "level": "notification",
+ "syslog": {
+ "hostname": "10.53.35.85",
+ "priority": 189
+ }
+ },
+ "message": "Interface Gi1/0/20: PD removed",
+ "observer": {
+ "product": "IOS",
+ "type": "firewall",
+ "vendor": "Cisco"
+ },
+ "tags": [
+ "preserve_original_event"
+ ]
  }
  ]
 }
@@ -38,6 +38,7 @@ processors:
  - '^%{CISCO_PRIORITY_MSGCOUNT}?%{SYSLOGTIMESTAMP} %{IP} %{CISCO_HOSTNAME:log.syslog.hostname}: (?:%{NUMBER:cisco.ios.sequence}: )?(?:%{CISCO_UPTIME:cisco.ios.uptime}|%{CISCO_TIMESTAMP}): %{GREEDYDATA:_temp_.message}$'
  - '^%{CISCO_PRIORITY_MSGCOUNT}?%{SYSLOGTIMESTAMP} (?:%{IP}|%{CISCO_HOSTNAME:log.syslog.hostname}) %{NUMBER:cisco.ios.sequence}: (?:%{CISCO_UPTIME:cisco.ios.uptime}|%{CISCO_TIMESTAMP}): %{GREEDYDATA:_temp_.message}$'
  - '^%{CISCO_PRIORITY_MSGCOUNT}?(?:(?:%{CISCO_HOSTNAME:log.syslog.hostname}|%{IP})[:]? )?(?:%{NUMBER:cisco.ios.sequence}: )?(?:%{CISCO_UPTIME:cisco.ios.uptime}|%{CISCO_TIMESTAMP}): %{GREEDYDATA:_temp_.message}$'
+ - '^%{CISCO_PRIORITY_MSGCOUNT}?%{SYSLOGTIMESTAMP} (?:%{IP:log.syslog.hostname}|%{CISCO_HOSTNAME:log.syslog.hostname}) %{GREEDYDATA:_temp_.message}$'
  pattern_definitions:
  CISCO_PRIORITY_MSGCOUNT: '<%{NONNEGINT:log.syslog.priority:long}>(?:%{NONNEGINT:cisco.ios.message_count})?(?:: )?'
  CISCO_TIMESTAMP: '[*]?%{CISCOTIMESTAMP:_temp_.cisco_timestamp}(?: %{CISCO_TZ:_temp_.tz})?'

@@ -1,7 +1,7 @@
 format_version: "3.0.3"
 name: cisco_ios
 title: Cisco IOS
-version: "1.26.9"
+version: "1.26.10"
 description: Collect logs from Cisco IOS with Elastic Agent.
 type: integration
 categories: