forked from elastic/integrations
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Bluecoat] updating bluecoat ECS version and adding event.original op…
…tions (elastic#1072) * updating bluecoat ECS version and adding event.original options * linting, update changelog and manifest * adding checks for processors in template * linting
- Loading branch information
Showing
10 changed files
with
1,436 additions
and
61 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5 changes: 5 additions & 0 deletions
5
packages/bluecoat/data_stream/director/_dev/test/pipeline/test-common-config.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| dynamic_fields: | ||
| event.ingested: ".*" | ||
| fields: | ||
| tags: | ||
| - preserve_original_event |
100 changes: 100 additions & 0 deletions
100
packages/bluecoat/data_stream/director/_dev/test/pipeline/test-generated.log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,100 @@ | ||
| ntpd[1001]: kernel time sync enabled utl | ||
| restorecond: : Reset file context quasiarc: liqua | ||
| auditd[5699]: Audit daemon rotating log files | ||
| anacron[5066]: Normal exit ehend | ||
| restorecond: : Reset file context vol: luptat | ||
| heartbeat: : <<eumiu.medium> Processing command: accept | ||
| restorecond: : Reset file context nci: ofdeFin | ||
| auditd[6668]: Audit daemon rotating log files | ||
| anacron[1613]: Normal exit mvolu | ||
| ntpd[2959]: ntpd gelit-r tatno | ||
| anacron[654]: Updated timestamp for job rmagni to sit | ||
| dmd: : <<tenima.very-high> Health state for metric"seq3874.mail.domain" "quid" changed to "fug", reason: "success" | ||
| auditd[2067]: Audit daemon rotating log files | ||
| pm[5969]: <<tquovol.very-high> check_license_validity(), tae | ||
| logrotate: : ALERT exited abnormally with temUten | ||
| sshd: : <<dun.medium> error: Bind to port Duisau on psum failed: failure | ||
| configd: : <<end.medium> itaut@rveli: command: accept | ||
| authd: : <<luptat.low> authd_signal_handler(), quam | ||
| xinetd[6547]: Started working: onproide available services | ||
| logrotate: : ALERT exited abnormally with tfug | ||
| heartbeat: : <<urE.medium> Processing command: deny | ||
| rsyslogd: : Warning: rehe | ||
| sshd: : <<stiae.medium> error: Bind to port erc on amqu failed: unknown | ||
| ntpd[4515]: ntpd emp-r aperia | ||
| restorecond: : Reset file context run: vol | ||
| logrotate: : ALERT exited abnormally with mporain | ||
| heartbeat: : <<mpori.very-high> connect: atu | ||
| cmd: : <<texp.medium> cmd starting adeseru | ||
| cli[7108]: <<-uam.low> tmo@::fficiade:10.2.53.125 : CLI launched | ||
| pm[7061]: <<ihilmo.very-high> ntpd will start in tlabo | ||
| poller[795]: <<oluptate.low> Querying content system for job results. | ||
| runner[6134]: <<edo.very-high> Processing command: allow | ||
| epmd: : epmd: epmd running orpor | ||
| runner[602]: <<emvel.very-high> Failed to exec olup | ||
| shutdown[2807]: shutting down non | ||
| configd: : <<ugiatnu.high> sperna@sintocc: command: cancel | ||
| auditd[2986]: Audit daemon rotating log files | ||
| configd: : <<ccaecat.medium> CREATE onsequ | ||
| auditd[1243]: Audit daemon rotating log files | ||
| xinetd[6599]: Started working: naal available services | ||
| xinetd[5850]: Started working: rQu available services | ||
| heartbeat: : <<boree.low> queips: undefined symbol: ncidi | ||
| authd: : <<olor.very-high> authd_close(): npr | ||
| anacron[6373]: Anacron 1.3962 started on epre | ||
| cli[3979]: <<-iduntu.medium> temUt@avol752.www5.test : Processing command accept | ||
| cmd: : <<amc.medium> cmd starting isiuta | ||
| sshd[5227]: dutp(psaquaea:taevita): pam_putenv: ameiusm | ||
| ccd: : <<olab.low> Device elitse6672.internal.localdomain: mquisno | ||
| runner[1859]: <<tasnulap.high> Failed to exec umSe | ||
| shutdown[6110]: shutting down itau | ||
| sshd[2415]: PAM lorsita more authentication failure; dolore | ||
| rsyslogd: : Warning: tio | ||
| cli[802]: <<-gnaaliqu.very-high> velillu@::cteturad:10.18.204.87 : Processing a secure command... | ||
| heartbeat: : <<reprehe.high> connect: inimveni | ||
| authd: : <<litani.low> authd_close(): psumqu | ||
| runner[2558]: <<icabo.high> Failed to exec edquiac | ||
| anacron[4538]: Updated timestamp for job remips to uisaute | ||
| auditd[6837]: Audit daemon rotating log files | ||
| pm[1493]: <<etdolor.high> print_msg(), dic | ||
| configd: : <<avolupt.low> Device "itation4168.api.domain" completed command(s) accept ;; CPL generated by Visual Policy Manager: isciv ;rroqu ; nofd ; dipisci | ||
| epmd: : epmd: invalid packet size (mquae) | ||
| runner[429]: <<corpori.very-high> File reading failed | ||
| shutdown[7595]: shutting down emqu | ||
| heartbeat: : <<leumiur.low> The HB command is accept | ||
| authd: : <<est.very-high> authd_signal_handler(), isetquas | ||
| authd: : <<psaqua.medium> authd_signal_handler(), gnaal | ||
| logrotate: : ALERT exited abnormally with voluptas | ||
| ntpd[627]: ntpd exiting on signal orin | ||
| restorecond: : Reset file context ecillu: mmodoc | ||
| cli[1140]: <<-abore.high> modocon@ipsu3680.mail.test : Processing command: deny | ||
| sshd: : bad username mquisn | ||
| ntpd[1313]: ntpd derit-r orese | ||
| ccd: : <<leumiur.medium> Device Communication Daemon online | ||
| rsyslogd: : Warning: moles | ||
| restorecond: : Reset file context olup: aco | ||
| shutdown[609]: shutting down ser | ||
| ntpd[2991]: ntpd orinrep-r quiavol | ||
| dmd: : <<quin.medium> inserted device id = sBonor2001.www5.example and serial number = amc into DB | ||
| ccd: : <<ame.very-high> ccd_handle_read_failure(), uid | ||
| cmd: : <<scivel.high> cmd starting lmolesti | ||
| dmd: : <<emaperia.high> inserted device id = ersp6625.internal.domain and serial number = seq into DB | ||
| cmd: : <<tanimid.medium> cmd starting uipexe | ||
| heartbeat: : <<ore.low> The HB command is cancel | ||
| anacron[7360]: Normal exit tperspic | ||
| dmd: : <<ict.very-high> Filter on (tetura) things. riosamni | ||
| ccd: : <<umetMa.low> Device eleumiu2454.api.local: tat | ||
| schedulerd: : <<lumqu.very-high> System time changed, recomputing job run times. | ||
| xinetd[3450]: Started working: aconsequ available services | ||
| authd: : <<sequat.high> handle_authd unknown message =utemvel | ||
| rsyslogd: : Warning: iusm | ||
| ntpd[16]: time reset stquido | ||
| ccd: : <<aaliq.high> Device olu5333.www.domain: orumSe | ||
| anacron[80]: Normal exit ici | ||
| ntpd[7612]: kernel time sync enabled nturmag | ||
| cli[7128]: eseruntm(lpaquiof:oloreeu): pam_putenv: olor | ||
| schedulerd: : <<ici.very-high> Executing Job "tquo" execution iatnu | ||
| logrotate: : ALERT exited abnormally with ntut | ||
| poller[7151]: <<ess.high> Querying content system for job results. | ||
| ntpd[2314]: ntpd litanim-r rQuisaut | ||
| heartbeat: : <<metco.high> Processing command: block |
Oops, something went wrong.