diff --git a/packages/watchguard_firebox/changelog.yml b/packages/watchguard_firebox/changelog.yml index 4b385b0fdb3..1f148f2d7c5 100644 --- a/packages/watchguard_firebox/changelog.yml +++ b/packages/watchguard_firebox/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.2" + changes: + - description: Generate processor tags and normalize error handler. + type: enhancement + link: https://github.com/elastic/integrations/pull/15720 - version: "1.4.1" changes: - description: Changed owners. diff --git a/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/default.yml index b9a8bb3efa5..338b9370fae 100644 --- a/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -76,6 +76,7 @@ processors: - MMM d HH:mm:ss on_failure: - append: + tag: append_error_message_b0297dd5 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - set: @@ -92,6 +93,7 @@ processors: - ISO8601 on_failure: - append: + tag: append_error_message_fd3ea189 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - dissect: @@ -101,6 +103,7 @@ processors: pattern: 'msg_id="%{watchguard_firebox.log.msg_id}" %{watchguard_firebox.log.body}' ignore_failure: true - set: + tag: set_message_7d799e76 field: message if: ctx.watchguard_firebox?.log?.msg_id == null copy_from: watchguard_firebox.log.body @@ -4643,6 +4646,7 @@ processors: tag: pipeline_alarm on_failure: - append: + tag: append_error_message_605bff8e field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - pipeline: @@ -4651,6 +4655,7 @@ processors: tag: pipeline_event on_failure: - append: + tag: append_error_message_a3d465c5 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - pipeline: @@ -4659,6 +4664,7 @@ processors: tag: pipeline_diagnostic on_failure: - append: + tag: append_error_message_4a3507d8 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - pipeline: @@ -4667,6 +4673,7 @@ processors: tag: pipeline_traffic on_failure: - append: + tag: append_error_message_f41bb89e field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - remove: @@ -4708,8 +4715,11 @@ processors: on_failure: - append: field: error.message - value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}' + failed with message '{{{ _ingest.on_failure_message }}}' - set: field: event.kind - tag: set_pipeline_error_to_event_kind value: pipeline_error diff --git a/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_alarm.yml b/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_alarm.yml index f1db1dd3108..d3c468f4373 100644 --- a/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_alarm.yml +++ b/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_alarm.yml @@ -82,8 +82,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_current_connection_2649fa10 field: watchguard_firebox.log.current_connection - append: + tag: append_error_message_e81abeee field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -94,8 +96,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_limit_839e53b5 field: watchguard_firebox.log.limit - append: + tag: append_error_message_ff17b824 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -107,8 +111,10 @@ processors: if: ctx.watchguard_firebox?.log?.source_ip != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_source_ip_370728c9 field: watchguard_firebox.log.source_ip - append: + tag: append_error_message_16b096e2 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -119,8 +125,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_packets_count_e0db6e9e field: watchguard_firebox.log.packets_count - append: + tag: append_error_message_fe0e7cf3 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -132,8 +140,10 @@ processors: if: ctx.watchguard_firebox?.log?.destination_ip != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_destination_ip_feafb71d field: watchguard_firebox.log.destination_ip - append: + tag: append_error_message_09c68349 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -144,8 +154,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_source_port_ec827b49 field: watchguard_firebox.log.source_port - append: + tag: append_error_message_5fa3c2ac field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -156,8 +168,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_destination_port_4b15ad84 field: watchguard_firebox.log.destination_port - append: + tag: append_error_message_288a44be field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -168,8 +182,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_current_session_87d38cdc field: watchguard_firebox.log.current_session - append: + tag: append_error_message_1b1ca630 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -180,8 +196,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_port_c033485b field: watchguard_firebox.log.port - append: + tag: append_error_message_a4d483ee field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' @@ -248,7 +266,11 @@ processors: on_failure: - append: field: error.message - value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}' + failed with message '{{{ _ingest.on_failure_message }}}' - set: field: event.kind value: pipeline_error diff --git a/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_diagnostic.yml b/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_diagnostic.yml index df7e04de32d..eda45b1423d 100644 --- a/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_diagnostic.yml +++ b/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_diagnostic.yml @@ -688,8 +688,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_bytes_7845ead2 field: watchguard_firebox.log.bytes - append: + tag: append_error_message_f1eee319 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -699,8 +701,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_expected_value_84625716 field: watchguard_firebox.log.expected_value - append: + tag: append_error_message_4dd746c0 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -710,8 +714,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_received_value_eb37cdc6 field: watchguard_firebox.log.received_value - append: + tag: append_error_message_5891a857 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -722,8 +728,10 @@ processors: if: ctx.watchguard_firebox?.log?.destination_ip != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_destination_ip_9abf3dd6 field: watchguard_firebox.log.destination_ip - append: + tag: append_error_message_bf1fc6c2 value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' field: error.message - convert: @@ -733,8 +741,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_destination_port_5aa401e6 field: watchguard_firebox.log.destination_port - append: + tag: append_error_message_da7925a8 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -745,8 +755,10 @@ processors: if: ctx.watchguard_firebox?.log?.expected_ip != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_expected_ip_7093babe field: watchguard_firebox.log.expected_ip - append: + tag: append_error_message_95b196dc field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -756,8 +768,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_http_status_91e17092 field: watchguard_firebox.log.http_status - append: + tag: append_error_message_861cad49 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -768,8 +782,10 @@ processors: if: ctx.watchguard_firebox?.log?.ip_address != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_ip_address_f8964a24 field: watchguard_firebox.log.ip_address - append: + tag: append_error_message_4e2eb2ce field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -780,8 +796,10 @@ processors: if: ctx.watchguard_firebox?.log?.dns_ip_address != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_dns_ip_address_928e7854 field: watchguard_firebox.log.dns_ip_address - append: + tag: append_error_message_eb34b9e2 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -792,8 +810,10 @@ processors: if: ctx.watchguard_firebox?.log?.local_address != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_local_address_363fc109 field: watchguard_firebox.log.local_address - append: + tag: append_error_message_f98c00ab field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -803,8 +823,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_local_address_port_21c4504b field: watchguard_firebox.log.local_address_port - append: + tag: append_error_message_c0a64065 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -814,8 +836,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_max_user_connection_9a809a06 field: watchguard_firebox.log.max_user_connection - append: + tag: append_error_message_eb9bb86f field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -825,8 +849,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_notification_gap_duration_3ceb3d96 field: watchguard_firebox.log.notification_gap_duration - append: + tag: append_error_message_ca149277 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -836,8 +862,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_num_0d9111ce field: watchguard_firebox.log.num - append: + tag: append_error_message_751aba64 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -848,8 +876,10 @@ processors: if: ctx.watchguard_firebox?.log?.peer_address != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_peer_address_9b313f47 field: watchguard_firebox.log.peer_address - append: + tag: append_error_message_e66f7c46 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -859,8 +889,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_peer_address_port_c97adcda field: watchguard_firebox.log.peer_address_port - append: + tag: append_error_message_6f228141 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -870,8 +902,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_port_7ba5f40e field: watchguard_firebox.log.port - append: + tag: append_error_message_5b4e437d field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -882,8 +916,10 @@ processors: if: ctx.watchguard_firebox?.log?.real_ip_address != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_real_ip_address_f433637f field: watchguard_firebox.log.real_ip_address - append: + tag: append_error_message_f40190e4 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -893,8 +929,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_received_dh_group_0c6b9b2f field: watchguard_firebox.log.received_dh_group - append: + tag: append_error_message_262f3619 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -905,8 +943,10 @@ processors: if: ctx.watchguard_firebox?.log?.received_ip != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_received_ip_39ae87a1 field: watchguard_firebox.log.received_ip - append: + tag: append_error_message_5ff7658c field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -916,8 +956,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_retry_count_8b21512a field: watchguard_firebox.log.retry_count - append: + tag: append_error_message_aa68438e field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -927,8 +969,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_return_code_bd30e902 field: watchguard_firebox.log.return_code - append: + tag: append_error_message_9dc2a78a field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -938,8 +982,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_selected_dh_group_6b09caba field: watchguard_firebox.log.selected_dh_group - append: + tag: append_error_message_657cd366 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -950,8 +996,10 @@ processors: if: ctx.watchguard_firebox?.log?.server_ip != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_server_ip_7d57e549 field: watchguard_firebox.log.server_ip - append: + tag: append_error_message_bdebd394 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -962,8 +1010,10 @@ processors: if: ctx.watchguard_firebox?.log?.source_ip != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_source_ip_5e6f3f83 field: watchguard_firebox.log.source_ip - append: + tag: append_error_message_118d1b7c field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -973,8 +1023,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_source_port_cb932846 field: watchguard_firebox.log.source_port - append: + tag: append_error_message_80a9211f field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -985,8 +1037,10 @@ processors: if: ctx.watchguard_firebox?.log?.virtual_ip_address != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_virtual_ip_address_2cdd15b8 field: watchguard_firebox.log.virtual_ip_address - append: + tag: append_error_message_1b88323e field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -997,8 +1051,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_reply_ip_ba6a0b4b field: watchguard_firebox.log.reply_ip - append: + tag: append_error_message_daf90f47 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -1009,8 +1065,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_mask_d764158b field: watchguard_firebox.log.mask - append: + tag: append_error_message_d3ae9b07 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - set: @@ -1075,6 +1133,7 @@ processors: allow_duplicates: false if: ctx.watchguard_firebox?.log?.dns_ip_address != null - set: + tag: set_dns_type_b0a4f844 field: dns.type value: answer if: ctx.watchguard_firebox?.log?.dns_ip_address != null @@ -1224,13 +1283,13 @@ processors: if: ctx.watchguard_firebox?.log?.ip_address != null - append: field: related.ip - tag: append_log_ip_address_into_related_ip + tag: append_related_ip_c15682f5 value: '{{{watchguard_firebox.log.dns_ip_address}}}' allow_duplicates: false if: ctx.watchguard_firebox?.log?.dns_ip_address != null - append: field: related.ip - tag: append_log_server_ip_into_related_ip + tag: append_related_ip_7490cf5a value: '{{{watchguard_firebox.log.server_ip}}}' allow_duplicates: false if: ctx.watchguard_firebox?.log?.server_ip != null @@ -1303,8 +1362,10 @@ processors: - EEE, dd MMM yyyy HH:mm:ss on_failure: - remove: + tag: remove_watchguard_firebox_log_next_update_time_19b576a1 field: watchguard_firebox.log.next_update_time - append: + tag: append_error_message_fcbbaa6f field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - date: @@ -1316,11 +1377,14 @@ processors: - EEE, dd MMM yyyy HH:mm:ss zzz on_failure: - remove: + tag: remove_watchguard_firebox_log_reply_time_d7ed03fc field: watchguard_firebox.log.reply_time - append: + tag: append_error_message_e656a82f field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - remove: + tag: remove_f4541b02 field: - _tmp_msg - _tmp_user @@ -1356,8 +1420,11 @@ processors: on_failure: - append: field: error.message - value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}' + failed with message '{{{ _ingest.on_failure_message }}}' - set: field: event.kind - tag: set_pipeline_error_to_event_kind value: pipeline_error diff --git a/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_event.yml b/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_event.yml index af44482f151..f57de5a5411 100644 --- a/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_event.yml +++ b/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_event.yml @@ -110,7 +110,7 @@ processors: field: watchguard_firebox.log.body pattern: '[%{watchguard_firebox.log.physical_name} (%{watchguard_firebox.log.interface_name})] PPPoE session[%{watchguard_firebox.log.session_id}] is established, acquired IP address %{watchguard_firebox.log.ip_address}, peer %{watchguard_firebox.log.peer_address}' if: ctx.watchguard_firebox?.log?.msg_id != null && ['0900-0009'].contains(ctx.watchguard_firebox.log.msg_id) - tag: dissect_message_id_0900-0009 + tag: dissect_watchguard_firebox_log_body_56393541 ignore_failure: true - dissect: field: watchguard_firebox.log.body @@ -130,12 +130,6 @@ processors: if: ctx.watchguard_firebox?.log?.msg_id != null && ['6800-0002'].contains(ctx.watchguard_firebox.log.msg_id) tag: dissect_message_id_6800-0002 ignore_failure: true - - dissect: - field: watchguard_firebox.log.body - pattern: '[%{watchguard_firebox.log.physical_name} (%{watchguard_firebox.log.interface_name})] PPPoE session[%{watchguard_firebox.log.session_id}] is established, acquired IP address %{watchguard_firebox.log.ip_address}, peer %{watchguard_firebox.log.peer_address}' - if: ctx.watchguard_firebox?.log?.msg_id != null && ['0900-0009'].contains(ctx.watchguard_firebox.log.msg_id) - tag: dissect_message_id_0900-0009 - ignore_failure: true - dissect: field: watchguard_firebox.log.body pattern: '[Cluster] Management interface setting is changed: interface from %{watchguard_firebox.log.previous_interface} to %{watchguard_firebox.log.new_interface}, IPv4 address from %{watchguard_firebox.log.previous_ip} to %{watchguard_firebox.log.new_ip}, IPv4 mask from %{watchguard_firebox.log.previous_mask} to %{watchguard_firebox.log.new_mask}, IPv6 CIDR from %{watchguard_firebox.log.previous_ipv6} to %{watchguard_firebox.log.new_ipv6}' @@ -164,7 +158,7 @@ processors: field: watchguard_firebox.log.body pattern: 'Cluster master %{watchguard_firebox.log.master_id} was unable to issue a device discovery message.' if: ctx.watchguard_firebox?.log?.msg_id != null && ['3800-0280'].contains(ctx.watchguard_firebox.log.msg_id) - tag: dissect_message_id_0203-0025 + tag: dissect_watchguard_firebox_log_body_98a26e07 ignore_failure: true - dissect: field: watchguard_firebox.log.body @@ -545,8 +539,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_blocked_site_limit_3251dbd7 field: watchguard_firebox.log.blocked_site_limit - append: + tag: append_error_message_e7416799 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -557,8 +553,10 @@ processors: if: ctx.watchguard_firebox?.log?.destination_ip != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_destination_ip_d176b7a5 field: watchguard_firebox.log.destination_ip - append: + tag: append_error_message_16773009 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -568,8 +566,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_destination_port_5aa401e6 field: watchguard_firebox.log.destination_port - append: + tag: append_error_message_da7925a8 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -579,8 +579,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_failure_count_7edfb7aa field: watchguard_firebox.log.failure_count - append: + tag: append_error_message_1a36f186 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -591,8 +593,10 @@ processors: if: ctx.watchguard_firebox?.log?.ip_address != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_ip_address_7d9927bc field: watchguard_firebox.log.ip_address - append: + tag: append_error_message_2206bcaa field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -603,8 +607,10 @@ processors: if: ctx.watchguard_firebox?.log?.negotiation_ip != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_negotiation_ip_85f54533 field: watchguard_firebox.log.negotiation_ip - append: + tag: append_error_message_8fd0bddc field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -615,8 +621,10 @@ processors: if: ctx.watchguard_firebox?.log?.new_ip != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_new_ip_5d255f2c field: watchguard_firebox.log.new_ip - append: + tag: append_error_message_9815a9ea field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -626,8 +634,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_new_mask_a7f50312 field: watchguard_firebox.log.new_mask - append: + tag: append_error_message_aba49c49 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -637,8 +647,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_old_policy_position_efa9ca2a field: watchguard_firebox.log.old_policy_position - append: + tag: append_error_message_1c1c2546 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -648,8 +660,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_new_policy_position_268f7dae field: watchguard_firebox.log.new_policy_position - append: + tag: append_error_message_dceb695f field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -660,8 +674,10 @@ processors: if: ctx.watchguard_firebox?.log?.peer_address != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_peer_address_b643985e field: watchguard_firebox.log.peer_address - append: + tag: append_error_message_fbb082b9 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -671,8 +687,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_port_7ba5f40e field: watchguard_firebox.log.port - append: + tag: append_error_message_5b4e437d field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -683,8 +701,10 @@ processors: if: ctx.watchguard_firebox?.log?.previous_ip != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_previous_ip_c0b9fd01 field: watchguard_firebox.log.previous_ip - append: + tag: append_error_message_0246c830 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -694,8 +714,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_previous_mask_ad9de3b8 field: watchguard_firebox.log.previous_mask - append: + tag: append_error_message_1487a4cc field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -705,8 +727,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_reboot_hour_b4fb61c6 field: watchguard_firebox.log.reboot_hour - append: + tag: append_error_message_3a302418 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -716,8 +740,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_reboot_second_40f09522 field: watchguard_firebox.log.reboot_second - append: + tag: append_error_message_1cc147ca field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -728,8 +754,10 @@ processors: if: ctx.watchguard_firebox?.log?.source_ip != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_source_ip_111ac422 field: watchguard_firebox.log.source_ip - append: + tag: append_error_message_e5298a87 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -739,8 +767,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_source_port_b5717df9 field: watchguard_firebox.log.source_port - append: + tag: append_error_message_10804386 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -751,8 +781,10 @@ processors: if: ctx.watchguard_firebox?.log?.static_ip != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_static_ip_e4e6f5a4 field: watchguard_firebox.log.static_ip - append: + tag: append_error_message_a6ac56bc field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -763,8 +795,10 @@ processors: if: ctx.watchguard_firebox?.log?.virtual_ip_address != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_virtual_ip_address_082037fd field: watchguard_firebox.log.virtual_ip_address - append: + tag: append_error_message_3ac37e6b field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - set: @@ -894,7 +928,7 @@ processors: ignore_empty_value: true - set: field: source.ip - tag: set_source_ip_from_log_ip_address + tag: set_source_ip_3e7c3963 copy_from: watchguard_firebox.log.source_ip ignore_empty_value: true - gsub: @@ -1036,8 +1070,10 @@ processors: - EEE MMM dd HH:mm:ss yyyy on_failure: - remove: + tag: remove_watchguard_firebox_log_package_release_time_73e6d594 field: watchguard_firebox.log.package_release_time - append: + tag: append_error_message_43c5fdef field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - date: @@ -1050,8 +1086,10 @@ processors: - EEE., MMM d, HH:mm:ss z yyyy on_failure: - remove: + tag: remove_watchguard_firebox_log_feature_expiration_date_ba2461fd field: watchguard_firebox.log.feature_expiration_date - append: + tag: append_error_message_e9ae9e57 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - date: @@ -1064,8 +1102,10 @@ processors: - yyyy-MM-dd HH:mm:ss on_failure: - remove: + tag: remove_watchguard_firebox_log_user_response_time_a797ed1b field: watchguard_firebox.log.user_response_time - append: + tag: append_error_message_d878d355 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - date: @@ -1078,11 +1118,14 @@ processors: - yyyy-MM-dd HH:mm:ss on_failure: - remove: + tag: remove_watchguard_firebox_log_bootup_time_579d6fd3 field: watchguard_firebox.log.bootup_time - append: + tag: append_error_message_531eab09 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - remove: + tag: remove_f4541b02 field: - _tmp_msg - _tmp_user @@ -1124,7 +1167,11 @@ processors: on_failure: - append: field: error.message - value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}' + failed with message '{{{ _ingest.on_failure_message }}}' - set: field: event.kind value: pipeline_error diff --git a/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_traffic.yml b/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_traffic.yml index 4f9b5d0e847..57d3f9ab59f 100644 --- a/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_traffic.yml +++ b/packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_traffic.yml @@ -54,7 +54,6 @@ processors: kvSplit = i + 1; } } - - set: field: observer.ingress.interface.alias tag: set_observer_ingress_interface_alias_from_log_in_interface_name @@ -153,6 +152,7 @@ processors: copy_from: watchguard_firebox.log.arg ignore_empty_value: true - grok: + tag: grok_watchguard_firebox_log_authenticated_user_9d701e89 field: watchguard_firebox.log.authenticated_user ignore_missing: true patterns: @@ -205,8 +205,10 @@ processors: if: ctx.watchguard_firebox?.log?.bounce_ip != null && ctx.watchguard_firebox.log.bounce_ip != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_bounce_ip_c4243978 field: watchguard_firebox.log.bounce_ip - append: + tag: append_error_message_9641613e field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - append: @@ -223,8 +225,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_rcvd_bytes_c6ac366f field: watchguard_firebox.log.rcvd_bytes - append: + tag: append_error_message_5d852c7c field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - set: @@ -240,8 +244,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_sent_bytes_ca492556 field: watchguard_firebox.log.sent_bytes - append: + tag: append_error_message_7acf5970 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - set: @@ -273,8 +279,10 @@ processors: if: ctx.watchguard_firebox?.log?.call_from != null && ctx.watchguard_firebox.log.call_from != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_call_from_6110e418 field: watchguard_firebox.log.call_from - append: + tag: append_error_message_f59262cd field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - append: @@ -291,8 +299,10 @@ processors: if: ctx.watchguard_firebox?.log?.call_to != null && ctx.watchguard_firebox.log.call_to != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_call_to_61cb9f90 field: watchguard_firebox.log.call_to - append: + tag: append_error_message_640c05b6 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - append: @@ -421,6 +431,7 @@ processors: allow_duplicates: false if: ctx.watchguard_firebox?.log?.destination_name != null - grok: + tag: grok_watchguard_firebox_log_dst_user_5267c230 field: watchguard_firebox.log.dst_user ignore_missing: true patterns: @@ -488,8 +499,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_duration_11f4f57a field: watchguard_firebox.log.duration - append: + tag: append_error_message_daa946da field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - script: @@ -511,8 +524,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_email_len_92288581 field: watchguard_firebox.log.email_len - append: + tag: append_error_message_5063a52f field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - rename: @@ -553,8 +568,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_headers_size_834ecfbe field: watchguard_firebox.log.headers_size - append: + tag: append_error_message_9c482f68 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -615,8 +632,10 @@ processors: if: ctx.watchguard_firebox?.log?.ipaddress != null && ctx.watchguard_firebox.log.ipaddress != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_ipaddress_6f5b24a0 field: watchguard_firebox.log.ipaddress - append: + tag: append_error_message_11ff3d2d field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - append: @@ -638,8 +657,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_length_0c1b573e field: watchguard_firebox.log.length - append: + tag: append_error_message_b0a1ec06 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -649,8 +670,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_line_length_ee0c7722 field: watchguard_firebox.log.line_length - append: + tag: append_error_message_16c8694d field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - set: @@ -677,8 +700,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_num_recipients_d23b6a3a field: watchguard_firebox.log.num_recipients - append: + tag: append_error_message_b7667399 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - set: @@ -694,8 +719,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_rcvd_pkts_74ca4e05 field: watchguard_firebox.log.rcvd_pkts - append: + tag: append_error_message_e6c92859 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - set: @@ -705,14 +732,16 @@ processors: ignore_empty_value: true - convert: field: watchguard_firebox.log.sent_pkts - tag: convert_rcvd_pkts_to_long + tag: convert_watchguard_firebox_log_sent_pkts_to_watchguard_firebox_log_packets_out_50ffcf36 target_field: watchguard_firebox.log.packets_out type: long ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_sent_pkts_4d8a3b37 field: watchguard_firebox.log.sent_pkts - append: + tag: append_error_message_0c0826f0 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - set: @@ -738,8 +767,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_port_7ba5f40e field: watchguard_firebox.log.port - append: + tag: append_error_message_5b4e437d field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - append: @@ -792,8 +823,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_reputation_04b96e8a field: watchguard_firebox.log.reputation - append: + tag: append_error_message_0eda71a5 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -804,8 +837,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_response_9f60a0ed field: watchguard_firebox.log.response - append: + tag: append_error_message_e3ae304e field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - set: @@ -820,8 +855,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_response_size_06c9a48e field: watchguard_firebox.log.response_size - append: + tag: append_error_message_7e457717 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - set: @@ -864,8 +901,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_severity_197197da field: watchguard_firebox.log.severity - append: + tag: append_error_message_5d45c039 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - set: @@ -895,8 +934,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_size_59d5d342 field: watchguard_firebox.log.size - append: + tag: append_error_message_f0816fcf field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - set: @@ -916,6 +957,7 @@ processors: allow_duplicates: false if: ctx.watchguard_firebox?.log?.sni != null - grok: + tag: grok_watchguard_firebox_log_src_user_34222f6d field: watchguard_firebox.log.src_user ignore_missing: true patterns: @@ -957,8 +999,10 @@ processors: if: ctx.watchguard_firebox?.log?.srv_ip != null && ctx.watchguard_firebox.log.srv_ip != '' on_failure: - remove: + tag: remove_watchguard_firebox_log_srv_ip_51eee9a2 field: watchguard_firebox.log.srv_ip - append: + tag: append_error_message_74f1c625 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - set: @@ -979,8 +1023,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_srv_port_c2bd21c2 field: watchguard_firebox.log.srv_port - append: + tag: append_error_message_5ab8dc37 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - set: @@ -1000,8 +1046,10 @@ processors: ignore_missing: true on_failure: - remove: + tag: remove_watchguard_firebox_log_timeout_434bf89a field: watchguard_firebox.log.timeout - append: + tag: append_error_message_f38686ed field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - append: @@ -1011,6 +1059,7 @@ processors: allow_duplicates: false if: ctx.watchguard_firebox?.log?.to != null - grok: + tag: grok_watchguard_firebox_log_user_9f5217a9 field: watchguard_firebox.log.user ignore_missing: true patterns: @@ -1081,6 +1130,7 @@ processors: ignore_missing: true on_failure: - append: + tag: append_error_message_02ee9ab7 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: @@ -1090,6 +1140,7 @@ processors: ignore_missing: true on_failure: - append: + tag: append_error_message_411e2ff3 field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - community_id: @@ -1101,18 +1152,22 @@ processors: destination_port: watchguard_firebox.log.destination_port ignore_missing: true - geoip: + tag: geoip_watchguard_firebox_log_source_ip_to_watchguard_firebox_log_source_ip_geo_1ff32aa8 field: watchguard_firebox.log.source_ip target_field: watchguard_firebox.log.source_ip_geo ignore_missing: true - set: + tag: set_source_geo_399d0c24 field: source.geo copy_from: watchguard_firebox.log.source_ip_geo ignore_empty_value: true - geoip: + tag: geoip_watchguard_firebox_log_destination_ip_to_watchguard_firebox_log_destination_ip_geo_499f87f6 field: watchguard_firebox.log.destination_ip target_field: watchguard_firebox.log.destination_ip_geo ignore_missing: true - set: + tag: set_destination_geo_3db6f910 field: destination.geo copy_from: watchguard_firebox.log.destination_ip_geo ignore_empty_value: true @@ -1203,8 +1258,11 @@ processors: on_failure: - append: field: error.message - value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}' + failed with message '{{{ _ingest.on_failure_message }}}' - set: field: event.kind - tag: set_pipeline_error_to_event_kind value: pipeline_error diff --git a/packages/watchguard_firebox/manifest.yml b/packages/watchguard_firebox/manifest.yml index c7b8a2fb838..81b980ea244 100644 --- a/packages/watchguard_firebox/manifest.yml +++ b/packages/watchguard_firebox/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.1.4 name: watchguard_firebox title: WatchGuard Firebox -version: "1.4.1" +version: "1.4.2" description: Collect logs from WatchGuard Firebox with Elastic Agent. type: integration categories: