Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Filebeat's Cisco > ASA config to reflect UDP #28821

Closed
n0othing opened this issue Nov 4, 2021 · 2 comments · Fixed by #26159
Closed

Update Filebeat's Cisco > ASA config to reflect UDP #28821

n0othing opened this issue Nov 4, 2021 · 2 comments · Fixed by #26159
Labels
bug Integration:Cisco

Comments

@n0othing
Copy link
Member

n0othing commented Nov 4, 2021

In #13286 we switched Filebeat's Cisco ASA dataset to use a regular udp input instead of a syslog input, however, the cisco.yml still makes it look like we're using syslog:

  asa:
    enabled: true

    # Set which input to use between syslog (default) or file.
    var.input: syslog

    # The interface to listen to UDP based syslog traffic. Defaults to
    # localhost. Set to 0.0.0.0 to bind to all available interfaces.
    var.syslog_host: localhost

    # The UDP port to listen for syslog traffic. Defaults to 9001.
    var.syslog_port: 9001

.../module/cisco/asa/config/input.yml

{{ if eq .input "syslog" }}

type: udp
udp:
host: "{{.syslog_host}}:{{.syslog_port}}"

This may cause some confusion and it'd be helpful to adjust settings/comments to reflect the use of a type: udp input.
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Nov 4, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Nov 8, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

leehinman added a commit to legoguy1000/beats that referenced this issue Dec 2, 2021
@leehinman
make inputs consistent
df85e9c 
- call out tcp or udp directly in asa and ftd config
- add tcp to ios
- add ssl config option for asa & ftd over tcp

Closes elastic#28821
@leehinman leehinman mentioned this issue Dec 3, 2021
Merged
6 tasks
leehinman added a commit that referenced this issue Dec 16, 2021
@legoguy1000 @leehinman
[Filebeat] Enable dynamic inputs (TCP) for Cisco syslog modules (#26159)
9201a92 
- Add tcp option to asa, ftd & ios filesets
- Add SSL option

Closes #28821

Co-authored-by: Lee E. Hinman <[email protected]>
mergify bot pushed a commit that referenced this issue Dec 16, 2021
@legoguy1000
[Filebeat] Enable dynamic inputs (TCP) for Cisco syslog modules (#26159)
e88e229 
- Add tcp option to asa, ftd & ios filesets
- Add SSL option

Closes #28821

Co-authored-by: Lee E. Hinman <[email protected]>
(cherry picked from commit 9201a92)
mergify bot pushed a commit that referenced this issue Dec 16, 2021
@legoguy1000
[Filebeat] Enable dynamic inputs (TCP) for Cisco syslog modules (#26159)
9a31f59 
- Add tcp option to asa, ftd & ios filesets
- Add SSL option

Closes #28821

Co-authored-by: Lee E. Hinman <[email protected]>
(cherry picked from commit 9201a92)
leehinman pushed a commit that referenced this issue Dec 16, 2021
@mergify @legoguy1000
[Filebeat] Enable dynamic inputs (TCP) for Cisco syslog modules (#26159
909b1c3 
…) (#29472)

- Add tcp option to asa, ftd & ios filesets
- Add SSL option

Closes #28821

Co-authored-by: Lee E. Hinman <[email protected]>
(cherry picked from commit 9201a92)

Co-authored-by: Alex Resnick <[email protected]>
leehinman pushed a commit that referenced this issue Dec 16, 2021
@mergify @legoguy1000
[Filebeat] Enable dynamic inputs (TCP) for Cisco syslog modules (#26159
fa132b7 
…) (#29473)

- Add tcp option to asa, ftd & ios filesets
- Add SSL option

Closes #28821

Co-authored-by: Lee E. Hinman <[email protected]>
(cherry picked from commit 9201a92)

Co-authored-by: Alex Resnick <[email protected]>
andrewkroh pushed a commit that referenced this issue Feb 10, 2022
@legoguy1000 @leehinman @andrewkroh
[Filebeat] Enable dynamic inputs (TCP) for Cisco syslog modules (#26159)
00ef230 
- Add tcp option to asa, ftd & ios filesets
- Add SSL option

Closes #28821

Co-authored-by: Lee E. Hinman <[email protected]>
andrewkroh added a commit that referenced this issue Feb 15, 2022
@mergify @legoguy1000
@leehinman @andrewkroh
[7.17](backport #30072) [Filebeat] Fix Cisco ASA/FTD configs that use…
fdaa153 
…d var.input syslog (#30325)

* [Filebeat] Enable dynamic inputs (TCP) for Cisco syslog modules (#26159)

- Add tcp option to asa, ftd & ios filesets
- Add SSL option

Closes #28821

Co-authored-by: Lee E. Hinman <[email protected]>

* [Filebeat] Fix Cisco ASA/FTD configs that used var.input syslog (#30072)

and FTD that specified `var.input: syslog`. `syslog` was effectively an alias for the UDP
input and the alias support was removed.

This change allows `var.input: syslog` to continue working as it did before.

Co-authored-by: Alex Resnick <[email protected]>
Co-authored-by: Lee E. Hinman <[email protected]>
Co-authored-by: Andrew Kroh <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Integration:Cisco
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Filebeat] Enable dynamic inputs (TCP) for Cisco syslog modules legoguy1000/beats
4 participants
@n0othing @mtojek @elasticmachine @jamiehynds