Skip to content

[Arista NG Firewall] Bugs in Default Ingest Pipeline #6878

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
efd6 merged 9 commits into from
Jul 11, 2023
Merged

[Arista NG Firewall] Bugs in Default Ingest Pipeline #6878

efd6 merged 9 commits into from
Jul 11, 2023

Conversation

@MakoWish
Copy link
Contributor

@MakoWish MakoWish commented Jul 7, 2023
edited
Loading

Type of change

  • Bug

What does this PR do?

Two issues have been identified with the Ingest Pipeline:

  • event.type was being set to "denied" where it should have been "allowed"
  • event.type was getting duplicate entries of "denied"

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have incremented the version in my package's manifest.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • Fix incorrect "denied" where event.type should be "allowed"
  • Fix duplicates for event.type

Related issues
@MakoWish MakoWish requested a review from a team as a code owner July 7, 2023 17:57
@MakoWish MakoWish changed the title Arista pipeline fixes [Arista NG Firewall} Bugs in Default Ingest Pipeline Jul 7, 2023
@elasticmachine
Copy link

elasticmachine commented Jul 7, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-07-11T22:30:12.582+0000

  • Duration: 16 min 32 sec

Test stats 🧪

Test Results
Failed 0
Passed 16
Skipped 0
Total 16

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.
@efd6
Copy link
Contributor

efd6 commented Jul 7, 2023

/test
@elasticmachine
Copy link

elasticmachine commented Jul 7, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (1/1) 💚
Files 100.0% (8/8) 💚
Classes 100.0% (8/8) 💚
Methods 97.436% (38/39) 👎 -2.564
Lines 94.4% (944/1000) 👍 7.827
Conditionals 100.0% (0/0) 💚
@MakoWish
Copy link
Contributor Author

MakoWish commented Jul 7, 2023

@efd6

Can you see where it failed? I can see the script exited with error 1, but I don't see any errors above that.
@efd6
Copy link
Contributor

efd6 commented Jul 10, 2023

In the error post by elasticmachine you can see

 one or more errors found in documents stored in logs-arista_ngfw.log-ep data stream: [0] field "log.syslog.hostname" is undefined

So you'll need to add that field definition.
@elasticmachine
Copy link

elasticmachine commented Jul 10, 2023

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
@MakoWish MakoWish changed the title [Arista NG Firewall} Bugs in Default Ingest Pipeline [Arista NG Firewall] Bugs in Default Ingest Pipeline Jul 10, 2023
@efd6
Copy link
Contributor

efd6 commented Jul 10, 2023

/test
@MakoWish
Copy link
Contributor Author

MakoWish commented Jul 10, 2023

Grrr... can you test again?
@efd6
Copy link
Contributor

efd6 commented Jul 10, 2023

/test
@efd6
Copy link
Contributor

efd6 commented Jul 11, 2023

/test
efd6
efd6 approved these changes Jul 11, 2023
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks
@efd6 efd6 merged commit bb7d8ab into elastic:main Jul 11, 2023
@MakoWish MakoWish deleted the arista_pipeline_fixes branch July 11, 2023 22:49
@elasticmachine
Copy link

elasticmachine commented Jul 11, 2023

Package arista_ngfw - 0.1.1 containing this change is available at https://epr.elastic.co/search?package=arista_ngfw
@andrewkroh andrewkroh added the Integration:arista_ngfw Arista NG Firewall (Community supported) label Jul 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Integration:arista_ngfw Arista NG Firewall (Community supported)

5 participants

@MakoWish @elasticmachine @efd6 @narph @andrewkroh