Skip to content

Commit

Permalink
Pass-thru other panw.panos log types
Browse files Browse the repository at this point in the history 
This removes the drop processor from the ingest node pipeline that drops events other than THREAT and TRAFFIC.
This way we can retain the other log data but don't necessarily handle the parsing of it.

Closes #16815
  • Loading branch information
@andrewkroh
andrewkroh committed Jun 24, 2020
1 parent 1498938 commit 09bf7a6
Show file tree
Hide file tree
Showing 3 changed files with 661 additions and 2 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -412,6 +412,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Explicitly set ECS version in all Filebeat modules. {pull}19198[19198]
- Add new mode to multiline reader to aggregate constant number of lines {pull}18352[18352]
- Add automatic retries and exponential backoff to httpjson input. {pull}18956[18956]
- Changed the panw module to pass through (rather than drop) message types other than threat and traffic. {issue}16815[16815] {pull}19375[19375]

*Heartbeat*

Expand Down
2 changes: 0 additions & 2 deletions x-pack/filebeat/module/panw/panos/ingest/pipeline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,8 +197,6 @@ processors:
- intrusion_detection
- network
if: 'ctx?._temp_?.message_type == "THREAT"'
- drop:
if: 'ctx?.event?.category == null'
- append:
field: event.type
value: allowed
Expand Down
Loading

0 comments on commit 09bf7a6

Please sign in to comment.