diff --git a/packages/fortinet_fortiproxy/changelog.yml b/packages/fortinet_fortiproxy/changelog.yml index f13cc035f64..fa903c497ab 100644 --- a/packages/fortinet_fortiproxy/changelog.yml +++ b/packages/fortinet_fortiproxy/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.2" + changes: + - description: Generate processor tags and normalize error handler. + type: enhancement + link: https://github.com/elastic/integrations/pull/15543 - version: "1.2.1" changes: - description: Changed owners. diff --git a/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 41d13c92cc4..7db90fb5fd8 100644 --- a/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,28 +4,34 @@ processors: - set: field: ecs.version value: '8.17.0' + tag: set_f5923549 - set: field: event.original copy_from: message + tag: set_b9758751 - set: field: event.kind value: event + tag: set_de80643c - set: field: event.category - value: [ network ] + value: [network] + tag: set_dbab8a4e - set: field: observer.vendor value: Fortinet + tag: set_7e57c221 - set: field: observer.product value: FortiProxy + tag: set_2ad4a04f - set: field: observer.type value: proxy + tag: set_5da7be42 -# ------------------------------------------------------------------------------ -# Message processing - + # ------------------------------------------------------------------------------ + # Message processing - grok: tag: grok_syslog_priority field: message @@ -92,9 +98,8 @@ processors: } } -# ------------------------------------------------------------------------------ -# Date and Time. - + # ------------------------------------------------------------------------------ + # Date and Time. - set: tag: set_timezone field: event.timezone @@ -122,9 +127,10 @@ processors: - _fields_.time - _fields_.tz - message + tag: remove_8c6d6590 -# ------------------------------------------------------------------------------ -# Convert fields. + # ------------------------------------------------------------------------------ + # Convert fields. - convert: tag: convert_count field: _fields_.count @@ -211,9 +217,8 @@ processors: type: long ignore_missing: true -# ------------------------------------------------------------------------------ -# Enrich fields. - + # ------------------------------------------------------------------------------ + # Enrich fields. - gsub: tag: gsub_eventtime_truncate_ns field: _fields_.eventtime @@ -260,10 +265,10 @@ processors: return; } ctx._fields_.duration = ctx._fields_.duration * 1000000000 - - lowercase: field: _fields_.service ignore_missing: true + tag: lowercase_e7f53819 - script: tag: script_network_proto description: Sets network.transport based on the IANA number. @@ -332,8 +337,8 @@ processors: replacement: "-" ignore_missing: true -# ------------------------------------------------------------------------------ -# Move fields to ECS. + # ------------------------------------------------------------------------------ + # Move fields to ECS. - rename: tag: rename_action field: _fields_.action @@ -490,22 +495,23 @@ processors: target_field: source.port ignore_missing: true -# ------------------------------------------------------------------------------ -# Dispatch to sub-pipelines. - + # ------------------------------------------------------------------------------ + # Dispatch to sub-pipelines. - pipeline: name: '{{ IngestPipeline "event" }}' if: ctx._fields_?.type == 'event' + tag: pipeline_0aaa991e - pipeline: name: '{{ IngestPipeline "traffic" }}' if: ctx._fields_?.type == 'traffic' + tag: pipeline_2c865ea2 - pipeline: name: '{{ IngestPipeline "utm" }}' if: ctx._fields_?.type == 'utm' + tag: pipeline_aa5d421e -# ------------------------------------------------------------------------------ -# Enrich remaining fields. - + # ------------------------------------------------------------------------------ + # Enrich remaining fields. - script: tag: script_network_compute_stats lang: painless @@ -526,7 +532,6 @@ processors: if (ctx.destination?.packets instanceof Number && ctx.source?.packets instanceof Number) { ctx.network.packets = ctx.destination.packets + ctx.source.packets; } - - geoip: tag: geoio_source field: source.ip @@ -570,27 +575,32 @@ processors: keep_original: true ignore_missing: true -# ------------------------------------------------------------------------------ -# Cleanup. - + # ------------------------------------------------------------------------------ + # Cleanup. - remove: field: - _fields_.agent - _fields_.clientip - _fields_.duration ignore_missing: true + tag: remove_f546465e - rename: field: _fields_ target_field: fortinet.proxy + tag: rename_e471e0a7 - remove: field: - _temp_ ignore_missing: true + tag: remove_4c2e6762 on_failure: - append: field: error.message - value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{/_ingest.on_failure_processor_tag}}failed with message '{{{ _ingest.on_failure_message }}}' - set: field: event.kind value: pipeline_error diff --git a/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/event.yml b/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/event.yml index 9c1d525c475..0e782f53015 100644 --- a/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/event.yml +++ b/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/event.yml @@ -1,8 +1,8 @@ --- description: Pipeline for processing event logs from Fortinet Fortiproxy. processors: -# ------------------------------------------------------------------------------ -# Convert fields. + # ------------------------------------------------------------------------------ + # Convert fields. - convert: tag: convert_advpnsc field: _fields_.advpnsc @@ -319,8 +319,8 @@ processors: type: long ignore_missing: true -# ------------------------------------------------------------------------------ -# Move fields to ECS. + # ------------------------------------------------------------------------------ + # Move fields to ECS. - rename: tag: rename_dst_int field: _fields_.dst_int @@ -345,7 +345,10 @@ processors: on_failure: - append: field: error.message - value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{/_ingest.on_failure_processor_tag}}failed with message '{{{ _ingest.on_failure_message }}}' - set: field: event.kind value: pipeline_error diff --git a/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/traffic.yml b/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/traffic.yml index 8857d2a92b0..8184f411acb 100644 --- a/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/traffic.yml +++ b/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/traffic.yml @@ -1,8 +1,8 @@ --- description: Pipeline for processing traffic logs from Fortinet Fortiproxy. processors: -# ------------------------------------------------------------------------------ -# Convert fields. + # ------------------------------------------------------------------------------ + # Convert fields. - convert: tag: convert_clientip field: _fields_.clientip @@ -184,9 +184,9 @@ processors: type: long ignore_missing: true -# ------------------------------------------------------------------------------ -# Format fields. + # ------------------------------------------------------------------------------ + # Format fields. - gsub: tag: convert_dstmac field: _fields_.dstmac @@ -208,8 +208,8 @@ processors: field: _fields_.srcmac ignore_missing: true -# ------------------------------------------------------------------------------ -# Move fields to ECS. + # ------------------------------------------------------------------------------ + # Move fields to ECS. - rename: tag: rename_dstmac field: _fields_.dstmac @@ -279,7 +279,10 @@ processors: on_failure: - append: field: error.message - value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{/_ingest.on_failure_processor_tag}}failed with message '{{{ _ingest.on_failure_message }}}' - set: field: event.kind value: pipeline_error diff --git a/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/utm.yml b/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/utm.yml index 4233a75a0af..a171d7cc058 100644 --- a/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/utm.yml +++ b/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/utm.yml @@ -1,8 +1,8 @@ --- description: Pipeline for processing utm logs from Fortinet Fortiproxy. processors: -# ------------------------------------------------------------------------------ -# Convert fields. + # ------------------------------------------------------------------------------ + # Convert fields. - convert: tag: convert_botnetip field: _fields_.botnetip @@ -302,7 +302,10 @@ processors: on_failure: - append: field: error.message - value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{/_ingest.on_failure_processor_tag}}failed with message '{{{ _ingest.on_failure_message }}}' - set: field: event.kind value: pipeline_error diff --git a/packages/fortinet_fortiproxy/manifest.yml b/packages/fortinet_fortiproxy/manifest.yml index 406baf74f2f..af55c4dd1fc 100644 --- a/packages/fortinet_fortiproxy/manifest.yml +++ b/packages/fortinet_fortiproxy/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.1.3 name: fortinet_fortiproxy title: "Fortinet FortiProxy" -version: "1.2.1" +version: "1.2.2" description: "Collect logs from Fortinet FortiProxy with Elastic Agent." type: integration categories: