x-pack/metricbeat/module/panw: Add a new module #40686
Conversation
botelastic
bot
added
the
needs_team
|
💚 CLA has been signed |
|
This pull request does not have a backport label.
To fixup this pull request, you need to add the backport labels for the needed
|
ycombinator
added
the
Team:Security-Deployment and Devices
|
Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices) |
botelastic
bot
removed
the
needs_team
|
Hi @dparkerelastic, thanks for the contribution. The first thing would be signing the CLA. For tests, unit tests are a good starting point. |
| description: Enabled field | ||
| - name: mode | ||
| type: keyword | ||
| description: Mode field |
There was a problem hiding this comment.
Every field description should be proper as well.
x-pack/metricbeat/module/panos/globalprotect_sessions/_meta/fields.yml
Outdated
Show resolved
Hide resolved
|
Also, there are a lot of metricsets, can we try to reduce them and group some of them so that the groups make much more sense? For example: power, temperature, and fans (based on the XML query) can be grouped into something called hardware or system? Similarly, can we group the others as well? Is there any potential issue if we group like that? |
|
Also, in your PR description, you mentioned you need guidance with tests. Here are some resources that might help:
|
|
Thank you for the comments, Subham. I will work on collapsing to fewer metricsets - I basically mapped 1 metricset to 1 requirement initially. I am also adding code around the pango client so that I can use a 'mock' during testing, and will add tests. I will address your other comments as I go. On the pipeline failures - golangci-lint, etc: is the pipeline something that I have access to run so that I can verify for myself when I have made changes. I did a "go mod tidy" in the beats folder and it looks like pango is in the go.mod now.... Also, do I need to change the name of the module to "panw"? Thanks again for the review! DAP |
|
@dparkerelastic Thanks for the contribution. Yes, I can help you out with pipeline errors. Also, yes I forgot to mention that you need to run "go mod tidy" because while reviewing I noticed that updated go.{mod,sum} are not checked in.
I'll check and I'll let you know. Are you able to see the errors in the CI?
Not right now. Let's wait for other reviewers who have more ideas on this. |
|
/test |
|
run docs-build |
|
Thank you to @qcorporation for reaching out to me off-PR about the longer-term ownership of this new module. I was assuming it would be @elastic/sec-deployment-and-devices, given that the team owns the logs equivalent of this Assuming this is case, then @dparkerelastic please wait until engineers from @elastic/sec-deployment-and-devices have had a chance to review this PR. Also, please add an entry to the https://github.com/elastic/beats/blob/main/.github/CODEOWNERS file reflecting the ownership. Thanks! |
|
hey @ycombinator the current plan is that we (obs integrations) will own this. we're really short on time and need to merge this today for 8.15.2 FF (long story). if we have concerns on ownership long term, let's discuss is outside of this current PR review. |
|
From an Fleet integration point of view, if this is fetching XML and generating metric events (I haven't looked into the code) this could be implemented purely in as integration config. The CEL input can hit APIs and has good support for XML responses. This has the benefit of not creating a strong coupling to the Metricbeat codebase such that any bug-fixes can be released independently of Agent.
++ to this to keep ownership clearly defined. |
|
/test |
|
@andrewkroh this is something we strongly considered, but on balance decided going with metricbeat was the right approach here, at least for right now. |
|
/test |
tommyers-elastic
added
the
backport-8.15
|
/test |
|
/test |
|
run docs-build |
* initial module creation * panos.system metricset running * remove testing data * panos.disk metricset working * rename metricset * change metricset name * bgp_peers metricset working * temperature metricset * more metricsets * use MetricSetFields * license notices * update fields.yml * added doc * refactor down to 4 metricsets * more cleanup * cleanup field names * remove yml * panos.yml.disabled * PR comment fixes * more PR comments addressed. Still to do: tests * Changes to: - move tunnels from vpn to interfaces metricset - address PR comments for field names in field.yml - split local/peer addresses into host and port for bgp - handle license expires of "never" * Fixes for PR comments * add license header * add pango package * mage check && mage update * remove mappings & make update * make linter happy * add the untracked docs * update the fields.yml * update the fields.yml with example fields to make python integ tests happy * make docs check happy and update codeowners * add result of 'mage update' in x-pack/metricbeat --------- Co-authored-by: subham sarkar <subham.sarkar@elastic.co> Co-authored-by: tommyers-elastic <106530686+tommyers-elastic@users.noreply.github.com> (cherry picked from commit cc2c925) # Conflicts: # go.mod # x-pack/metricbeat/metricbeat.reference.yml
* initial module creation * panos.system metricset running * remove testing data * panos.disk metricset working * rename metricset * change metricset name * bgp_peers metricset working * temperature metricset * more metricsets * use MetricSetFields * license notices * update fields.yml * added doc * refactor down to 4 metricsets * more cleanup * cleanup field names * remove yml * panos.yml.disabled * PR comment fixes * more PR comments addressed. Still to do: tests * Changes to: - move tunnels from vpn to interfaces metricset - address PR comments for field names in field.yml - split local/peer addresses into host and port for bgp - handle license expires of "never" * Fixes for PR comments * add license header * add pango package * mage check && mage update * remove mappings & make update * make linter happy * add the untracked docs * update the fields.yml * update the fields.yml with example fields to make python integ tests happy * make docs check happy and update codeowners * add result of 'mage update' in x-pack/metricbeat --------- Co-authored-by: subham sarkar <subham.sarkar@elastic.co> Co-authored-by: tommyers-elastic <106530686+tommyers-elastic@users.noreply.github.com> (cherry picked from commit cc2c925)
…le (#40866) * x-pack/metricbeat/module/panw: Add a new module (#40686) * initial module creation * panos.system metricset running * remove testing data * panos.disk metricset working * rename metricset * change metricset name * bgp_peers metricset working * temperature metricset * more metricsets * use MetricSetFields * license notices * update fields.yml * added doc * refactor down to 4 metricsets * more cleanup * cleanup field names * remove yml * panos.yml.disabled * PR comment fixes * more PR comments addressed. Still to do: tests * Changes to: - move tunnels from vpn to interfaces metricset - address PR comments for field names in field.yml - split local/peer addresses into host and port for bgp - handle license expires of "never" * Fixes for PR comments * add license header * add pango package * mage check && mage update * remove mappings & make update * make linter happy * add the untracked docs * update the fields.yml * update the fields.yml with example fields to make python integ tests happy * make docs check happy and update codeowners * add result of 'mage update' in x-pack/metricbeat --------- Co-authored-by: subham sarkar <subham.sarkar@elastic.co> Co-authored-by: tommyers-elastic <106530686+tommyers-elastic@users.noreply.github.com> (cherry picked from commit cc2c925) # Conflicts: # go.mod # x-pack/metricbeat/metricbeat.reference.yml * fix merge issues --------- Co-authored-by: dparkerelastic <david.parker@elastic.co> Co-authored-by: tommyers-elastic <106530686+tommyers-elastic@users.noreply.github.com>
* initial module creation * panos.system metricset running * remove testing data * panos.disk metricset working * rename metricset * change metricset name * bgp_peers metricset working * temperature metricset * more metricsets * use MetricSetFields * license notices * update fields.yml * added doc * refactor down to 4 metricsets * more cleanup * cleanup field names * remove yml * panos.yml.disabled * PR comment fixes * more PR comments addressed. Still to do: tests * Changes to: - move tunnels from vpn to interfaces metricset - address PR comments for field names in field.yml - split local/peer addresses into host and port for bgp - handle license expires of "never" * Fixes for PR comments * add license header * add pango package * mage check && mage update * remove mappings & make update * make linter happy * add the untracked docs * update the fields.yml * update the fields.yml with example fields to make python integ tests happy * make docs check happy and update codeowners * add result of 'mage update' in x-pack/metricbeat --------- Co-authored-by: subham sarkar <subham.sarkar@elastic.co> Co-authored-by: tommyers-elastic <106530686+tommyers-elastic@users.noreply.github.com> (cherry picked from commit cc2c925) Co-authored-by: dparkerelastic <david.parker@elastic.co>
Agree these are obs integrations packages, as they focus on metrics. We will raise PR updating the same. |
Proposed commit message
The Metricbeat panos module collects metrics from a Palo Alto firewall. It contains metricsets corresponding to the following requirements:
Checklist
CHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Disruptive User Impact
This is a new module and does not affect other modules.
How to test this PR locally
I have not created tests yet for this. Looking at other modules there seems to be a variety of approaches, so I would be looking for some guidance on this.