Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove f5/firepass rsa2elk fileset #20160

Merged
merged 1 commit into from
Jul 23, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -474,7 +474,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Add experimental dataset cisco/nexus for Cisco Nexus logs {pull}19713[19713]
- Add experimental dataset citrix/virtualapps for Citrix Virtual Apps logs {pull}19713[19713]
- Add experimental dataset cylance/protect for Cylance Protect logs {pull}19713[19713]
- Add experimental dataset f5/firepass for F5 FirePass SSL VPN logs {pull}19713[19713]
- Add experimental dataset fortinet/clientendpoint for Fortinet FortiClient Endpoint Protection logs {pull}19713[19713]
- Add experimental dataset imperva/securesphere for Imperva Secure Sphere logs {pull}19713[19713]
- Add experimental dataset infoblox/nios for Infoblox Network Identity Operating System logs {pull}19713[19713]
Expand Down
45 changes: 0 additions & 45 deletions filebeat/docs/modules/f5.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -67,51 +67,6 @@ will be found under `rsa.raw`. The default is false.

:fileset_ex!:

[float]
==== `firepass` fileset settings

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "firepass" device revision 0.

*`var.input`*::

The input from which messages are read. One of `file`, `tcp` or `udp`.

*`var.syslog_host`*::

The address to listen to UDP or TCP based syslog traffic.
Defaults to `localhost`.
Set to `0.0.0.0` to bind to all available interfaces.

*`var.syslog_port`*::

The port to listen for syslog traffic. Defaults to `9509`

NOTE: Ports below 1024 require Filebeat to run as root.

*`var.tz_offset`*::

By default, datetimes in the logs will be interpreted as relative to
the timezone configured in the host where {beatname_uc} is running. If ingesting
logs from a host on a different timezone, use this field to set the timezone
offset so that datetimes are correctly parsed. Valid values are in the form
±HH:mm, for example, `-07:00` for `UTC-7`.

*`var.rsa_fields`*::

Flag to control the addition of non-ECS fields to the event. Defaults to true,
which causes both ECS and custom fields under `rsa` to be are added.

*`var.keep_raw_fields`*::

Flag to control the addition of the raw parser fields to the event. This fields
will be found under `rsa.raw`. The default is false.

:has-dashboards!:

:fileset_ex!:

:modulename!:


Expand Down
1 change: 0 additions & 1 deletion filebeat/tests/system/test_modules.py
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,6 @@ def clean_keys(obj):
"cef.log",
"cisco.asa",
"cisco.ios",
"f5.firepass",
"fortinet.clientendpoint",
"haproxy.log",
"icinga.startup",
Expand Down
19 changes: 0 additions & 19 deletions x-pack/filebeat/filebeat.reference.yml
Original file line number Diff line number Diff line change
Expand Up @@ -600,25 +600,6 @@ filebeat.modules:
# "+02:00" for GMT+02:00
# var.tz_offset: local

firepass:
enabled: true

# Set which input to use between udp (default), tcp or file.
# var.input: udp
# var.syslog_host: localhost
# var.syslog_port: 9509

# Set paths for the log files when file input is used.
# var.paths:

# Toggle output of non-ECS fields (default true).
# var.rsa_fields: true

# Set custom timezone offset.
# "local" (default) for system timezone.
# "+02:00" for GMT+02:00
# var.tz_offset: local

#------------------------------- Fortinet Module -------------------------------
- module: fortinet
firewall:
Expand Down
19 changes: 0 additions & 19 deletions x-pack/filebeat/module/f5/_meta/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,22 +17,3 @@
# "local" (default) for system timezone.
# "+02:00" for GMT+02:00
# var.tz_offset: local

firepass:
enabled: true

# Set which input to use between udp (default), tcp or file.
# var.input: udp
# var.syslog_host: localhost
# var.syslog_port: 9509

# Set paths for the log files when file input is used.
# var.paths:

# Toggle output of non-ECS fields (default true).
# var.rsa_fields: true

# Set custom timezone offset.
# "local" (default) for system timezone.
# "+02:00" for GMT+02:00
# var.tz_offset: local
45 changes: 0 additions & 45 deletions x-pack/filebeat/module/f5/_meta/docs.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -62,50 +62,5 @@ will be found under `rsa.raw`. The default is false.

:fileset_ex!:

[float]
==== `firepass` fileset settings

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "firepass" device revision 0.

*`var.input`*::

The input from which messages are read. One of `file`, `tcp` or `udp`.

*`var.syslog_host`*::

The address to listen to UDP or TCP based syslog traffic.
Defaults to `localhost`.
Set to `0.0.0.0` to bind to all available interfaces.

*`var.syslog_port`*::

The port to listen for syslog traffic. Defaults to `9509`

NOTE: Ports below 1024 require Filebeat to run as root.

*`var.tz_offset`*::

By default, datetimes in the logs will be interpreted as relative to
the timezone configured in the host where {beatname_uc} is running. If ingesting
logs from a host on a different timezone, use this field to set the timezone
offset so that datetimes are correctly parsed. Valid values are in the form
±HH:mm, for example, `-07:00` for `UTC-7`.

*`var.rsa_fields`*::

Flag to control the addition of non-ECS fields to the event. Defaults to true,
which causes both ECS and custom fields under `rsa` to be are added.

*`var.keep_raw_fields`*::

Flag to control the addition of the raw parser fields to the event. This fields
will be found under `rsa.raw`. The default is false.

:has-dashboards!:

:fileset_ex!:

:modulename!:

2 changes: 1 addition & 1 deletion x-pack/filebeat/module/f5/fields.go

Large diffs are not rendered by default.

Loading