forked from elastic/integrations
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add system test for Juniper Netscreen (elastic#444)
These were the initial test failures that were addressed. FAILURE DETAILS: juniper/netscreen : [0] field "ecs.version" is undefined --- Test results for package: juniper - END ---
- Loading branch information
1 parent
6af42b0
commit 1e2b9ab
Showing
9 changed files
with
126 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
FROM alpine | ||
|
||
COPY ./juniper-netscreen.log /sample_logs/ | ||
|
||
ENTRYPOINT [ "/bin/sh" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
version: '2.3' | ||
services: | ||
juniper: | ||
tty: true | ||
build: . | ||
volumes: | ||
- ${SERVICE_LOGS_DIR}:/logs | ||
command: -c "cp /sample_logs/*.log /logs/" |
100 changes: 100 additions & 0 deletions
100
packages/juniper/_dev/deploy/docker/juniper-netscreen.log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
modtempo: NetScreen device_id=olab system-low-00628(rci): audit log queue Event Alarm Log is overwritten (2016-1-29 06:09:59) | ||
luptat: NetScreen device_id=isiutal [moenimi]system-low-00620(gnaali): RTSYNC: Timer to purge the DRP backup routes is stopped. (2016-2-12 13:12:33) | ||
deomni: NetScreen device_id=tquovol [ntsuntin]system-medium-00062(tatno): Track IP IP address 10.159.227.210 succeeded. (ofdeF) | ||
untutlab: NetScreen device_id=tem [ons]system-medium-00004: DNS lookup time has been changed to start at ationu:ali with an interval of nsect | ||
eve: NetScreen device_id=tatiset [eprehen]system-medium-00034(piscing): Ethernet driver ran out of rx bd (port 1044) | ||
eomnisis: NetScreen device_id=mqui [civeli]system-high-00026: SCS: SCS has been tasuntex for enp0s5377 . | ||
rehender: NetScreen device_id=eporroqu [uat]system-high-00026(atquovo): SSH: Maximum number of PKA keys (suntinc) has been bound to user 'xeac' Key not bound. (Key ID nidolo) | ||
intoccae: NetScreen device_id=ents [pida]system-low-00535(idolor): PKCS #7 data cannot be decapsulated | ||
numqu: NetScreen device_id=qui [No Name]system-medium-00520: Active Server Switchover: New requests for equi server will try agnaali from now on. (2016-5-22 14:30:33) | ||
ipitla: NetScreen device_id=quae [maccusa]system-high-00072(rQuisau): NSRP: Unit idex of VSD group xerci aqu | ||
atu: NetScreen device_id=umexerci [ern]system-low-00084(iadese): RTSYNC: NSRP route synchronization is nsectet | ||
dol: NetScreen device_id=leumiu [namali]system-medium-00527(atevel): MAC address 01:00:5e:11:0a:26 has detected an IP conflict and has declined address 10.90.127.74 | ||
acc: NetScreen device_id=amc [atur]system-low-00050(corp): Track IP enabled (2016-7-18 18:40:50) | ||
tper: NetScreen device_id=olor [Neque]system-medium-00524(xerc): SNMP request from an unknown SNMP community public at 10.61.30.190:2509 has been received. (2016-8-2 01:43:25) | ||
etdol: NetScreen device_id=uela [boN]system-medium-00521: Can't connect to E-mail server 10.210.240.175 | ||
ati: NetScreen device_id=tlabo [uames]system-medium-00553(mpo): SCAN-MGR: Set maximum content size to offi. | ||
umwr: NetScreen device_id=oluptate [issus]system-high-00005(uaUteni): SYN flood udantium has been changed to pre | ||
tate: NetScreen device_id=imvenia [spi]system-high-00038(etdo): OSPF routing instance in vrouter urerepr is ese | ||
smo: NetScreen device_id=etcons [iusmodi]system-medium-00012: ate Service group uiac has epte member idolo from host 10.170.139.87 | ||
ersp: NetScreen device_id=tquov [diconseq]system-high-00551(mod): Rapid Deployment cannot start because gateway has undergone configuration changes. (2016-10-26 19:58:50) | ||
mquame: NetScreen device_id=nihilmol [xercita]system-medium-00071(tiumt): The local device reetdolo in the Virtual Security Device group norum changed state | ||
isnisi: NetScreen device_id=ritatise [uamei]system-medium-00057(quatur): uisa: static multicast route src=10.198.41.214, grp=cusant input ifp = lo2786 output ifp = eth3657 added | ||
isis: NetScreen device_id=uasiar [utlab]system-high-00075(loremqu): The local device dantium in the Virtual Security Device group lor velillu | ||
bor: NetScreen device_id=rauto [ationev]system-low-00039(mdol): BGP instance name created for vr itation | ||
iaeco: NetScreen device_id=equaturv [siu]system-high-00262(veniamqu): Admin user rum has been rejected via the quaea server at 10.11.251.51 | ||
orroq: NetScreen device_id=vitaedic [orin]system-high-00038(ons): OSPF routing instance in vrouter remagn ecillu | ||
enderit: NetScreen device_id=taut [tanimi]system-medium-00515(commodi): emporain Admin User "ntiumto" logged in for umetMalo(https) management (port 2206) from 10.80.237.27:2883 | ||
ori: NetScreen device_id=tconsect [rum]system-high-00073(eporroq): NSRP: Unit ulla of VSD group iqu oin | ||
mipsum: NetScreen device_id=lmo [aliquamq]system-medium-00030: X509 certificate for ScreenOS image authentication is invalid | ||
orroqu: NetScreen device_id=elitsed [labore]system-medium-00034(erc): PPPoE Settings changed | ||
ntNe: NetScreen device_id=itanim [nesciun]system-medium-00612: Switch event: the status of ethernet port mollita changed to link down , duplex full , speed 10 M. (2017-4-2 01:27:07) | ||
quide: NetScreen device_id=quaU [undeomni]system-medium-00077(acomm): NSRP: local unit= iutali of VSD group itat stlaboru | ||
emq: NetScreen device_id=plicaboN [amc]system-high-00536(acommo): IKE 10.10.77.119: Dropped packet because remote gateway OK is not used in any VPN tunnel configurations | ||
scivel: NetScreen device_id=henderi [iusmodt]system-medium-00536(tquas): IKE 10.200.22.41: Received incorrect ID payload: IP address lorinr instead of IP address ercita | ||
equu: NetScreen device_id=sintoc [atae]system-medium-00203(tem): mestq lsa flood on interface eth82 has dropped a packet. | ||
iqui: NetScreen device_id=tesseci [tat]system-high-00011(cive): The virtual router nse has been made unsharable | ||
rroqui: NetScreen device_id=ursin [utemvel]system-medium-00002: ADMIN AUTH: Privilege requested for unknown user atu. Possible HA syncronization problem. | ||
orumSe: NetScreen device_id=dolor [isiut]system-high-00206(emagn): OSPF instance with router-id emulla received a Hello packet flood from neighbor (IP address 10.219.1.151, router ID mnihilm) on Interface enp0s3375 forcing the interface to drop the packet. | ||
eque: NetScreen device_id=eufug [est]system-medium-00075: The local device ntincul in the Virtual Security Device group reet tquo | ||
imadmini: NetScreen device_id=ide [edq]system-medium-00026(tise): SSH: Attempt to unbind PKA key from admin user 'ntut' (Key ID emullam) | ||
ihilmole: NetScreen device_id=saquaea [ons]system-high-00048(quas): Route map entry with sequence number gia in route map binck-ospf in virtual router itatio was porinc (2017-8-22 23:52:50) | ||
orum: NetScreen device_id=oinBCSed [orem]system-medium-00050(ilm): Track IP enabled (2017-9-6 06:55:24) | ||
ncididun: NetScreen device_id=hen [periamea]system-medium-00555: Vrouter ali PIMSM cannot process non-multicast address 10.158.18.51 | ||
umwri: NetScreen device_id=odoc [atura]system-high-00030: SYSTEM CPU utilization is high (oreeu > nvo ) iamqui times in tassita minute (2017-10-4 21:00:32)<<colabori> | ||
inc: NetScreen device_id=tect [uiad]system-low-00003: The console debug buffer has been roinBCSe | ||
nseq: NetScreen device_id=borumSec [tatemseq]system-medium-00026(dmi): SCS has been tam for eth7686 . | ||
uiineavo: NetScreen device_id=sistena [uidexeac]system-high-00620(amquisno): RTSYNC: Event posted to send all the DRP routes to backup device. (2017-11-16 18:08:15) | ||
sunt: NetScreen device_id=dquianon [urExc]system-high-00025(iamqui): PKI: The current device quide to save the certificate authority configuration. | ||
etdol: NetScreen device_id=Sed [oremeumf]system-high-00076: The local device etur in the Virtual Security Device group fugiatn enima | ||
giatquo: NetScreen device_id=lors [its]system-low-00524: SNMP request from an unknown SNMP community public at 10.46.217.155:76 has been received. (2017-12-29 15:15:58) | ||
magnaa: NetScreen device_id=sumquiad [No Name]system-high-00628: audit log queue Event Log is overwritten (2018-1-12 22:18:32) | ||
tnulapa: NetScreen device_id=madmi [No Name]system-high-00628(adeser): audit log queue Event Log is overwritten (2018-1-27 05:21:06) | ||
laboree: NetScreen device_id=udantiu [itametco]system-high-00556(stiaecon): UF-MGR: usBono CPA server port changed to rumexe. | ||
nturmag: NetScreen device_id=uredol [maliqua]system-medium-00058(mquia): PIMSM protocol configured on interface eth2266 | ||
ueporroq: NetScreen device_id=ute [No Name]system-low-00625: Session (id tationu src-ip 10.142.21.251 dst-ip 10.154.16.147 dst port 6881) route is valid. (2018-3-11 02:28:49) | ||
adipi: NetScreen device_id=mquis [ratvo]system-low-00042(isno): Replay packet detected on IPSec tunnel on enp0s1170 with tunnel ID nderiti! From 10.105.212.51 to 10.119.53.68/1783, giatqu (2018-3-25 09:31:24) | ||
emvel: NetScreen device_id=pta [dolo]system-medium-00057(eacommod): uamqu: static multicast route src=10.174.2.175, grp=aparia input ifp = lo6813 output ifp = enp0s90 added | ||
giat: NetScreen device_id=ttenb [eirure]system-high-00549(rem): add-route-> untrust-vr: exer | ||
lapari: NetScreen device_id=rcitat [cinge]system-high-00536(luptate): IKE gateway eritqu has been elites. pariat | ||
accus: NetScreen device_id=CSed [tiu]system-low-00049(upta): The router-id of virtual router "asper" used by OSPF, BGP routing instances id has been uninitialized. (dictasun) | ||
itanimi: NetScreen device_id=onoru [data]system-high-00064(eosqui): Can not create track-ip list | ||
int: NetScreen device_id=ionevo [llitani]system-high-00541(itametco): The system killed OSPF neighbor because the current router could not see itself in the hello packet. Neighbor changed state from etcons to etco state, (neighbor router-id 1iuntN, ip-address 10.89.179.48). (2018-6-19 03:46:49) | ||
mmodicon: NetScreen device_id=eetdo [mquisno]system-low-00017(lup): mipsamv From 10.57.108.5:5523 using protocol icmp on interface enp0s4987. The attack occurred 2282 times | ||
inimve: NetScreen device_id=aea [emipsumd]system-low-00263(ptat): Admin user saq has been accepted via the asiarch server at 10.197.10.110 | ||
tlab: NetScreen device_id=vel [ionevo]system-high-00622: NHRP : NHRP instance in virtual router ptate is created. (2018-8-1 00:54:32) | ||
qui: NetScreen device_id=caboN [imipsam]system-high-00528(catcupid): SSH: Admin user 'ritquiin' at host 10.59.51.171 requested unsupported authentication method texplica | ||
udexerci: NetScreen device_id=uae [imveni]system-medium-00071(ptatemse): NSRP: Unit itationu of VSD group setquas nbyCi | ||
isno: NetScreen device_id=luptatev [occaeca]system-high-00018(urau): aeca Policy (oNem, itaedict ) was eroi from host 10.80.103.229 by admin fugitsed (2018-9-12 22:02:15) | ||
utlabore: NetScreen device_id=edquiano [mSecti]system-high-00207(tDuisaut): RIP database size limit exceeded for uel, RIP route dropped. | ||
agn: NetScreen device_id=iqu [quamqua]system-high-00075: NSRP: Unit equeporr of VSD group amremap oremagna | ||
ntium: NetScreen device_id=ide [quunturm]system-low-00040(isautem): High watermark for early aging has been changed to the default usan | ||
catcu: NetScreen device_id=quame [tionemu]system-low-00524(eursi): SNMP host 10.163.9.35 cannot be removed from community uatDu because failure | ||
cteturad: NetScreen device_id=modi [No Name]system-low-00625(ecatcu): Session (id ntoccae src-ip 10.51.161.245 dst-ip 10.193.80.21 dst port 5657) route is valid. (2018-11-23 09:15:06) | ||
chit: NetScreen device_id=iusmodit [lor]system-high-00524(adeserun): SNMP request has been received, but success | ||
vento: NetScreen device_id=litsed [ciun]system-medium-00072: The local device inrepr in the Virtual Security Device group lla changed state | ||
rissusci: NetScreen device_id=uaturQ [iusmod]system-medium-00533(mips): VIP server 10.41.222.7 is now responding | ||
upta: NetScreen device_id=ivel [tmollita]system-low-00070(deFinib): NSRP: nsrp control channel change to lo4065 | ||
ommodic: NetScreen device_id=mmodic [essequam]system-low-00040(nihi): VPN 'xeaco' from 10.134.20.213 is eavolupt (2019-2-2 20:27:57) | ||
ptasnul: NetScreen device_id=utaliqui [mcorpor]system-medium-00023(ostru): VIP/load balance server 10.110.144.189 cannot be contacted | ||
luptatem: NetScreen device_id=ing [hen]system-medium-00034(umquid): SCS: SCS has been olabo for tasnu with conse existing PKA keys already bound to ruredolo SSH users. | ||
iat: NetScreen device_id=orain [equaturQ]system-low-00554: SCAN-MGR: Attempted to load AV pattern file created quia after the AV subscription expired. (Exp: Exce) | ||
dese: NetScreen device_id=ptasn [liqui]system-low-00541: ScreenOS invol serial # Loremips: Asset recovery has been cidun | ||
ole: NetScreen device_id=odi [tper]system-medium-00628(ectetur): audit log queue Event Log is overwritten (2019-4-15 07:40:49) | ||
iadolo: NetScreen device_id=ecatcup [No Name]system-high-00628: audit log queue Traffic Log is overwritten (2019-4-29 14:43:23) | ||
qui: NetScreen device_id=iaecon [dminima]system-high-00538(psaquaea): NACN failed to register to Policy Manager eabillo because of success | ||
eosqu: NetScreen device_id=reetdolo [umquam]system-low-00075(enderi): The local device labore in the Virtual Security Device group uasiarch changed state from iamquisn to inoperable. (2019-5-28 04:48:31) | ||
veleumi: NetScreen device_id=volupt [equ]system-high-00535(ure): SCEP_FAILURE message has been received from the CA | ||
reseo: NetScreen device_id=entoreve [rudexer]system-medium-00026(iruredol): IKE iad: Missing heartbeats have exceeded the threshold. All Phase 1 and 2 SAs have been removed | ||
ptate: NetScreen device_id=oloreeu [imipsa]system-high-00038: OSPF routing instance in vrouter uame taevitae | ||
archi: NetScreen device_id=caboNe [ptate]system-high-00003(ius): Multiple authentication failures have been detected! | ||
remap: NetScreen device_id=ntium [veniamqu]system-high-00529: DNS entries have been refreshed by HA | ||
llumdo: NetScreen device_id=tot [itquii]system-high-00625(erspici): Session (id oreeu src-ip 10.126.150.15 dst-ip 10.185.50.112 dst port 7180) route is invalid. (2019-8-21 23:03:57) | ||
quepo: NetScreen device_id=tDuisa [iscive]system-medium-00521: Can't connect to E-mail server 10.152.90.59 | ||
lorem: NetScreen device_id=icons [hende]system-low-00077(usBonor): HA link disconnect. Begin to use second path of HA | ||
preh: NetScreen device_id=dol [No Name]system-low-00625: Session (id gnamal src-ip 10.119.181.171 dst-ip 10.166.144.66 dst port 3051) route is invalid. (2019-10-3 20:11:40) | ||
avolup: NetScreen device_id=litse [archit]system-high-00041(untutlab): A route-map name in virtual router estqu has been removed | ||
eddoeiu: NetScreen device_id=consect [eetdolo]system-medium-00038(remipsum): OSPF routing instance in vrouter ons emporin | ||
texpl: NetScreen device_id=isquames [No Name]system-low-00021: DIP port-translation stickiness was atio by utla via ntm from host 10.96.165.147 to 10.96.218.99:277 (2019-11-15 17:19:22) | ||
elaudant: NetScreen device_id=ratvolu [odte]system-medium-00021(eum): DIP port-translation stickiness was uidol by repr via idu from host 10.201.72.59 to 10.230.29.67:7478 (2019-11-30 00:21:57) | ||
toc: NetScreen device_id=rau [sciuntN]system-low-00602: PIMSM Error in initializing interface state change |
6 changes: 6 additions & 0 deletions
6
packages/juniper/data_stream/netscreen/_dev/test/system/config.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
input: logfile | ||
vars: ~ | ||
data_stream: | ||
vars: | ||
paths: | ||
- "{{SERVICE_LOGS_DIR}}/*netscreen*.log" |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters