Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Filebeat] Fix parsing of Cisco ASA/FTD message 302021 #14519

Merged
merged 1 commit into from
Nov 19, 2019

Conversation

adriansr
Copy link
Contributor

This fixes (again) the format of ASA/FTD message code 302021 which wasn't clear between Cisco's docs and Logstash pattern in #13259.

Seems that a field can be either a port number or an ICMP code. To be safe it's better to just ignore this value.

@adriansr adriansr added bug Filebeat Filebeat needs_backport PR is waiting to be backported to other branches. Team:SIEM labels Nov 14, 2019
@adriansr adriansr requested a review from a team as a code owner November 14, 2019 18:40
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

This fixes (again) the format of ASA/FTD message code 302021 which
wasn't clear between Cisco's docs and Logstash pattern in elastic#13259.

Seems that a field can be either a port number or an ICMP code. To be
safe it's better to just ignore this value.
@adriansr adriansr force-pushed the fix-cisco-302021-again branch from 4c0ac1f to 45550c0 Compare November 19, 2019 09:32
@adriansr adriansr merged commit 02fc1c0 into elastic:master Nov 19, 2019
adriansr added a commit to adriansr/beats that referenced this pull request Nov 19, 2019
This fixes (again) the format of ASA/FTD message code 302021 which
wasn't clear between Cisco's docs and Logstash pattern in elastic#13259.

Seems that a field can be either a port number or an ICMP code. To be
safe it's better to just ignore this value.

(cherry picked from commit 02fc1c0)
@adriansr adriansr added v7.6.0 and removed needs_backport PR is waiting to be backported to other branches. labels Nov 19, 2019
adriansr added a commit to adriansr/beats that referenced this pull request Nov 19, 2019
This fixes (again) the format of ASA/FTD message code 302021 which
wasn't clear between Cisco's docs and Logstash pattern in elastic#13259.

Seems that a field can be either a port number or an ICMP code. To be
safe it's better to just ignore this value.

(cherry picked from commit 02fc1c0)
adriansr added a commit that referenced this pull request Nov 19, 2019
This fixes (again) the format of ASA/FTD message code 302021 which
wasn't clear between Cisco's docs and Logstash pattern in #13259.

Seems that a field can be either a port number or an ICMP code. To be
safe it's better to just ignore this value.

(cherry picked from commit 02fc1c0)
adriansr added a commit that referenced this pull request Nov 19, 2019
…ssage 302021 (#14610)

This fixes (again) the format of ASA/FTD message code 302021 which
wasn't clear between Cisco's docs and Logstash pattern in #13259.

Seems that a field can be either a port number or an ICMP code. To be
safe it's better to just ignore this value.

(cherry picked from commit 02fc1c0)
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
…14611)

This fixes (again) the format of ASA/FTD message code 302021 which
wasn't clear between Cisco's docs and Logstash pattern in elastic#13259.

Seems that a field can be either a port number or an ICMP code. To be
safe it's better to just ignore this value.

(cherry picked from commit c0cb4fd)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants