Skip to content

Commit

Permalink
Add system test for Fortinet Fortimail (#438)
Browse files Browse the repository at this point in the history
It was missing a field entry for `ecs.version`. And the manifest didn't specify the `template_path` for log.yml.hbs.
  • Loading branch information
andrewkroh authored Dec 14, 2020
1 parent 17d899b commit 325b6a6
Show file tree
Hide file tree
Showing 7 changed files with 113 additions and 1 deletion.
1 change: 1 addition & 0 deletions packages/fortinet/_dev/deploy/docker/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
FROM alpine

COPY ./fortinet-clientendpoint.log /sample_logs/
COPY ./fortinet-fortimail.log /sample_logs/

ENTRYPOINT [ "/bin/sh" ]
100 changes: 100 additions & 0 deletions packages/fortinet/_dev/deploy/docker/fortinet-fortimail.log

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
input: logfile
vars: ~
data_stream:
vars:
paths:
- "{{SERVICE_LOGS_DIR}}/*fortimail*.log"
3 changes: 3 additions & 0 deletions packages/fortinet/data_stream/fortimail/fields/ecs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -836,3 +836,6 @@
ignore_above: 1024
description: List of keywords used to tag each event.
example: '["production", "env2"]'
- name: ecs.version
type: keyword
description: ECS version this event conforms to.
1 change: 1 addition & 0 deletions packages/fortinet/data_stream/fortimail/manifest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,7 @@ streams:
enabled: false
title: Fortinet FortiMail logs
description: Collect Fortinet FortiMail logs from file
template_path: log.yml.hbs
vars:
- name: paths
type: text
Expand Down
1 change: 1 addition & 0 deletions packages/fortinet/docs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -1448,6 +1448,7 @@ The `fortimail` dataset collects Fortinet FortiMail logs.
| dns.answers.name | The domain name to which this resource record pertains. If a chain of CNAME is being resolved, each answer's `name` should be the one that corresponds with the answer's `data`. It should not simply be the original `question.name` repeated. | keyword |
| dns.answers.type | The type of data contained in this resource record. | keyword |
| dns.question.type | The type of record being queried. | keyword |
| ecs.version | ECS version this event conforms to. | keyword |
| error.message | Error message. | text |
| event.action | The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. | keyword |
| event.code | Identification code for this event, if one exists. Some event sources use event codes to identify messages unambiguously, regardless of message language or wording adjustments over time. An example of this is the Windows Event ID. | keyword |
Expand Down
2 changes: 1 addition & 1 deletion packages/fortinet/manifest.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: fortinet
title: Fortinet
version: 0.5.2
version: 0.5.3
release: experimental
description: Fortinet Integration
type: integration
Expand Down

0 comments on commit 325b6a6

Please sign in to comment.