Add Cisco integration 0.0.2 #370
Conversation
| @@ -0,0 +1,15 @@ | |||
| {{#if input == "syslog"}} | |||
There was a problem hiding this comment.
This line is not correct in the handlebars syntax and needs to split in multiple stream files.
Unfortunately this is a known issue, but it requires some advanced templating processing - we didn't introduce it.
There was a problem hiding this comment.
As #346 was merged, we can start to use it in the packages but it will not be supported yet in the UI. I suggest we pick one of the two inputs for now.
@alakahakai Which one do you think is more important? syslog or file?
There was a problem hiding this comment.
syslog is more important, but I will add a separate file for file input. For handlebars, can we add the support for Ember Truth Helper addon?
| @@ -0,0 +1,1281 @@ | |||
| --- | |||
There was a problem hiding this comment.
If this file contains any fields not mentioned in the fields files (e.g. event.code, event.provider), please create in Beats a file called fields.epr.yml and describe them there (there is a paragraph about this in CONTRIBUTING).
dev/packages/alpha/cisco-0.0.2/dataset/asa/elasticsearch/ingest-pipeline/default.yml
Outdated
Show resolved
Hide resolved
dev/packages/alpha/cisco-0.0.2/dataset/asa/elasticsearch/ingest-pipeline/default.yml
Outdated
Show resolved
Hide resolved
|
@alakahakai Thank you for the contribution. I left a couple of comments that can apply to few place in your contribution, but I didn't mark every single place (e.g. You can also extend the description of the issue with commands you use to import modules or test them manually. Fingers crossed for serving this package through the registry and I'm happy to see some screenshots in the PR description with the UI. |
|
Also, I converted your PR to draft to prevent an accidental merging. I used to convert them once I finish all necessary works (I mean, "in my opinion" the package is complete, it works in my environment and I see flowing data on dashboards). |
| @@ -0,0 +1,15 @@ | |||
| {{#if input == "syslog"}} | |||
There was a problem hiding this comment.
As #346 was merged, we can start to use it in the packages but it will not be supported yet in the UI. I suggest we pick one of the two inputs for now.
@alakahakai Which one do you think is more important? syslog or file?
dev/packages/alpha/cisco-0.0.2/dataset/asa/elasticsearch/ingest-pipeline/default.yml
Outdated
Show resolved
Hide resolved
dev/packages/alpha/cisco-0.0.2/dataset/ftd/agent/stream/stream.yml
Outdated
Show resolved
Hide resolved
dev/packages/alpha/cisco-0.0.2/dataset/ftd/elasticsearch/ingest-pipeline/default.yml
Outdated
Show resolved
Hide resolved
dev/packages/alpha/cisco-0.0.2/dataset/ios/agent/stream/stream.yml
Outdated
Show resolved
Hide resolved
| @@ -0,0 +1 @@ | |||
| TODO | |||
|
Could you please post some screenshots in the description? |
| - cisco-asa | ||
| - name: syslog_port | ||
| type: integer | ||
| title: Syslog Port |
There was a problem hiding this comment.
Is there a configuration option for Syslog Host or it's only port as it's localhost? Maybe a description would clarify this.
| title: Tags | ||
| multi: true | ||
| required: true | ||
| show_user: true |
There was a problem hiding this comment.
Is it required to show this field to user?
| title: Log Level | ||
| multi: false | ||
| required: true | ||
| show_user: true |
There was a problem hiding this comment.
Same here: is it required to present it to user? I think screenshots will help us understand which fields are required.
| required: true | ||
| show_user: true | ||
| default: 9002 | ||
| - input: file |
There was a problem hiding this comment.
Did you check if this option works? I wonder if this should be "file" or "log".
Cisco integration 0.0.2