Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Filebeat] decode_cef - allow MACs without separators #27109

Merged
merged 1 commit into from
Aug 2, 2021
Merged

[Filebeat] decode_cef - allow MACs without separators #27109

merged 1 commit into from
Aug 2, 2021

Conversation

andrewkroh
Copy link
Member

What does this PR do?

Accept MAC addresses that do not contain separators (i.e. 000D60AF1B61).

Fixes #27050

Why is it important?

Some log sources do not comply with the CEF spec and send valid MACs but without separators. The processor should identify these and accept them.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jul 28, 2021
@andrewkroh andrewkroh mentioned this pull request Jul 28, 2021
Closed
@andrewkroh
decode_cef - allow MACs without separators
adb8779 
Accept MAC addresses that do not contain separators (i.e. `000D60AF1B61`).

Fixes elastic#27050
@andrewkroh andrewkroh force-pushed the feature/fb/decode-cef-mac-separators branch from b2f3e22 to adb8779 Compare July 28, 2021 15:54
@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2021-07-28T15:55:00.262+0000

  • Duration: 100 min 7 sec

  • Commit: adb8779

Test stats 🧪

Test Results
Failed 0
Passed 7881
Skipped 1201
Total 9082

Trends 🧪

Image of Build Times

Image of Tests

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 7881
Skipped 1201
Total 9082

LaZyDK
LaZyDK reviewed Jul 30, 2021
View reviewed changes
Copy link
Contributor

@LaZyDK LaZyDK left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@andrewkroh andrewkroh merged commit 88d854c into elastic:master Aug 2, 2021
mergify bot pushed a commit that referenced this pull request Aug 2, 2021
@andrewkroh
decode_cef - allow MACs without separators (#27109)
7ba9dcb 
Accept MAC addresses that do not contain separators (i.e. `000D60AF1B61`).

Fixes #27050

(cherry picked from commit 88d854c)
@mergify mergify bot mentioned this pull request Aug 2, 2021
Merged
andrewkroh added a commit that referenced this pull request Aug 2, 2021
@mergify @andrewkroh
decode_cef - allow MACs without separators (#27109) (#27195)
c135629 
Accept MAC addresses that do not contain separators (i.e. `000D60AF1B61`).

Fixes #27050

(cherry picked from commit 88d854c)

Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LaZyDK LaZyDK LaZyDK left review comments

@marc-gr marc-gr marc-gr approved these changes

Assignees
No one assigned
Labels
backport-v7.15.0 Automated backport with mergify enhancement Filebeat Filebeat :Processors
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Decode_CEF preprocessor fails when MAC address is without separators
4 participants
@andrewkroh @elasticmachine @LaZyDK @marc-gr