rebuild package

[git-generate] cd packages/cisco_aironet elastic-package test pipeline -g && elastic-package test system -v -g && elastic-package build
elastic · Nov 4, 2024 · 1790b8e · 1790b8e
1 parent b0f92da
commit 1790b8e
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 59 deletions.
diff --git a/.../cisco_aironet/data_stream/log/_dev/test/pipeline/test-aironet-messages.log-expected.json b/.../cisco_aironet/data_stream/log/_dev/test/pipeline/test-aironet-messages.log-expected.json
@@ -14,7 +14,7 @@
                 "original": "<132>WLC001: *Dot1x_NW_MsgTask_4: Sep 06 23:08:09.371: %LOG-4-Q_IND: [PA]dtl_net.c:3393 STA(Target MAC Address) [2c:6d:c1:f5:0c:80, 192.168.2.2] ARP (op ARP REQUEST) received with invalid SPA(Source IP Address) 169.254.161.111/TPA(Destination IP Address) 192.168.2.2",
                 "provider": "LOG",
                 "reason": "ARP (op ARP REQUEST) received with invalid SPA",
-                "severity": "4"
+                "severity": 4
             },
             "host": {
                 "name": "WLC001"
@@ -56,7 +56,7 @@
                 "original": "<132>WLC001: *dtlArpTask: Sep 06 22:42:10.514: %DTL-4-ARP_ORPHANPKT_DETECTED: [PA]dtl_net.c:3174 STA(Target MAC Address) [66:7c:de:ef:d9:18, 0.0.0.0] ARP (op ARP REQUEST) received with invalid SPA(Source IP Address) 192.168.1.3/TPA(Destination IP Address) 192.168.2.2",
                 "provider": "DTL",
                 "reason": "ARP (op ARP REQUEST) received with invalid SPA",
-                "severity": "4"
+                "severity": 4
             },
             "host": {
                 "name": "WLC001"
@@ -122,7 +122,7 @@
                 "action": "USER_NAME_DELETED",
                 "original": "<134>WLC001: *haSSOServiceTask0: Sep 06 21:53:55.930: %APF-6-USER_NAME_DELETED: [SS]apf_ms.c:8798 Username entry (WildDogOne) is deleted for mobile 28:6f:7f:f8:64:e0",
                 "provider": "APF",
-                "severity": "6"
+                "severity": 6
             },
             "host": {
                 "name": "WLC001"
@@ -162,7 +162,7 @@
                 "action": "USER_NAME_CREATED",
                 "original": "<134>WLC001: *haSSOServiceTask0: Sep 06 21:46:20.390: %APF-6-USER_NAME_CREATED: [SS]apf_ms.c:8996 Username entry (WildDogOne) with length (4) created for mobile 28:6f:7f:f8:64:e0",
                 "provider": "APF",
-                "severity": "6"
+                "severity": 6
             },
             "host": {
                 "name": "WLC001"
@@ -207,7 +207,7 @@
                 "action": "ENTRY_CREATED",
                 "original": "<134>WLC001: *sisfSwitcherTask: Aug 20 11:26:35.845: %SISF-6-ENTRY_CREATED: sisf_shim_utils.c:485 Entry created A=fe80::1e24:cdff:fe11:2f90 V=0 I=wired:1 P=0000 M=",
                 "provider": "SISF",
-                "severity": "6"
+                "severity": 6
             },
             "host": {
                 "name": "WLC001"
@@ -249,7 +249,7 @@
                 "action": "ENTRY_DELETED",
                 "original": "<134>WLC001: *SISF BT Process: Aug 20 11:25:50.157: %SISF-6-ENTRY_DELETED: sisf_shim_utils.c:482 Entry deleted A=fe80::aee2:d3ff:feba:56a4 V=0 I=wired:1 P=0000 M=",
                 "provider": "SISF",
-                "severity": "6"
+                "severity": 6
             },
             "host": {
                 "name": "WLC001"
@@ -292,7 +292,7 @@
                 "action": "ENTRY_CHANGED",
                 "original": "<134>WLC001: *SISF BT Process: Aug 22 16:55:06.121: %SISF-6-ENTRY_CHANGED: sisf_shim_utils.c:488 Entry changed A=fe80::72ee:50ff:fe56:9999 V=0 I=wireless:0 P=0005 M=70:ee:50:56:99:99",
                 "provider": "SISF",
-                "severity": "6"
+                "severity": 6
             },
             "host": {
                 "name": "WLC001"
@@ -329,7 +329,7 @@
                 "action": "Q_IND",
                 "original": "<134>WLC001: *dtlArpTask: Sep 06 23:29:50.900: %LOG-6-Q_IND: [PA]apf_ms.c:8996 Username entry (E8-96-06-02-02-99) with length (253) created for mobile e8:96:06:02:02:99",
                 "provider": "LOG",
-                "severity": "6"
+                "severity": 6
             },
             "host": {
                 "name": "WLC001"
@@ -374,7 +374,7 @@
                 "action": "Q_IND",
                 "original": "<134>WLC001: *SISF BT Process: Aug 22 07:10:46.332: %LOG-6-Q_IND: sisf_shim_utils.c:488 Entry changed A=fe80::48d:c1bc:6c01:6e85 V=0 I=wireless:0 P=0005 M=",
                 "provider": "LOG",
-                "severity": "6"
+                "severity": 6
             },
             "host": {
                 "name": "WLC001"
@@ -429,7 +429,7 @@
                 "action": "AAA_AUTH_ADMIN_USER",
                 "original": "<133>WLC001: *emWeb: Aug 22 18:11:40.438: %AAA-5-AAA_AUTH_ADMIN_USER: aaa.c:3083 Authentication succeeded for admin user 'cisco' on 89.160.20.112",
                 "provider": "AAA",
-                "severity": "5"
+                "severity": 5
             },
             "host": {
                 "name": "WLC001"
@@ -466,7 +466,7 @@
                 "action": "ADMIN_MODE_DISABLE",
                 "original": "<131>WLC001: *emWeb: Aug 22 18:14:03.172: %NIM-3-ADMIN_MODE_DISABLE: nim.c:1341 Port 3 Admin Mode is Disable!",
                 "provider": "NIM",
-                "severity": "3"
+                "severity": 3
             },
             "host": {
                 "name": "WLC001"
@@ -517,7 +517,7 @@
                 "kind": "alert",
                 "original": "<132>WLC001: *idsTrackEventTask: Aug 22 18:14:24.672: %WPS-4-SIG_ALARM_OFF: sig_event.c:656 AP 28:6F:7F:F8:64:E0 : Alarm OFF, standard sig Deauth flood, track=per-Mac preced=9 hits=300 slot=0 channel=6",
                 "provider": "WPS",
-                "severity": "4"
+                "severity": 4
             },
             "host": {
                 "mac": "28-6F-7F-F8-64-E0",
@@ -556,7 +556,7 @@
                 "kind": "alert",
                 "original": "<132>WLC001: *idsTrackEventTask: Aug 22 18:14:24.672: %WPS-4-SIG_ALARM_OFF_CONT: sig_event.c:660 ...continue, source mac= 4A:B8:CB:63:1D:BD",
                 "provider": "WPS",
-                "severity": "4"
+                "severity": 4
             },
             "host": {
                 "name": "WLC001"
@@ -594,7 +594,7 @@
                 "kind": "alert",
                 "original": "<132>WLC001: *spamApTask1: Aug 22 17:54:24.269: %LWAPP-4-SIG_INFO1: spam_lrad.c:56582 Signature information; AP 28:6f:7f:f8:64:e0, alarm ON, standard sig Deauth flood, track per-Macprecedence 9, hits 300, slot 0, channel 6, most offending MAC 4a:b8:cb:63:1d:bd",
                 "provider": "LWAPP",
-                "severity": "4"
+                "severity": 4
             },
             "host": {
                 "name": "WLC001"
@@ -640,7 +640,7 @@
                 "action": "MAX_EAPOL_KEY_RETRANS",
                 "original": "<132>WLC001: *Dot1x_NW_MsgTask_4: Aug 21 22:15:34.710: %DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:550 Max EAPOL-key M3 retransmissions exceeded for client 80:7d:3a:9b:2f:fc",
                 "provider": "DOT1X",
-                "severity": "4"
+                "severity": 4
             },
             "host": {
                 "name": "WLC001"
@@ -677,7 +677,7 @@
                 "action": "RRM_LOGMSG",
                 "original": "<131>WLC001: *RRM-DCLNT-5_0: Aug 21 20:12:58.040: %RRM-3-RRM_LOGMSG: rrmLrad.c:5135 RRM LOG: Client not found: CC:73:14:61:B0:8F",
                 "provider": "RRM",
-                "severity": "3"
+                "severity": 3
             },
             "host": {
                 "name": "WLC001"
@@ -711,7 +711,7 @@
                 "action": "RRM_LOGMSG",
                 "original": "<131>WLC001: *apfMsConnTask_6: Aug 29 10:58:28.227: %RRM-3-RRM_LOGMSG: [PA]rrmLrad.c:5634 RRM LOG: Failed to lookup data rate for encoding 102237564, with channel width 20 on AP:  de:fb:48:7c:4f:f7 (0)",
                 "provider": "RRM",
-                "severity": "3"
+                "severity": 3
             },
             "host": {
                 "mac": "DE-FB-48-7C-4F-F7",
@@ -750,7 +750,7 @@
                 "original": "<131>WLC001: *Dot1x_NW_MsgTask_0: Aug 29 10:46:48.939: %DOT1X-3-ABORT_AUTH: [PA]1x_bauth_sm.c:487  Authentication Aborted for  client de:fb:48:7c:4f:f7 Abort Reason:DOT1X RESTARTED DUE TO EAPOL-START/CLIENT ROAM",
                 "provider": "DOT1X",
                 "reason": "DOT1X RESTARTED DUE TO EAPOL-START/CLIENT ROAM",
-                "severity": "3"
+                "severity": 3
             },
             "host": {
                 "name": "WLC001"
@@ -794,7 +794,7 @@
                 "action": "Q_IND",
                 "original": "<131>WLC001: *Dot1x_NW_MsgTask_1: Aug 29 10:55:30.862: %LOG-3-Q_IND: [PA]1x_eapkey.c:3026 Received EAPOL-key message while in invalid state (4) - version 1, type 3, descriptor 2, client de:fb:48:7c:4f:f7[...It occurred 3 times.!]",
                 "provider": "LOG",
-                "severity": "3"
+                "severity": 3
             },
             "host": {
                 "name": "WLC001"
@@ -831,7 +831,7 @@
                 "action": "Q_IND",
                 "original": "<131>WLC001: *Dot1x_NW_MsgTask_3: Aug 29 10:55:30.850: %LOG-3-Q_IND: [PA]1x_eapkey.c:458 Invalid replay counter from client de:fb:48:7c:4f:f7 - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 01[...It occurred 3 times.!]",
                 "provider": "LOG",
-                "severity": "3"
+                "severity": 3
             },
             "host": {
                 "name": "WLC001"
@@ -875,7 +875,7 @@
                 "action": "INVALID_WPA_KEY_STATE",
                 "original": "<131>WLC001: *Dot1x_NW_MsgTask_3: Aug 29 10:55:38.289: %DOT1X-3-INVALID_WPA_KEY_STATE: [PA]1x_eapkey.c:3026 Received EAPOL-key message while in invalid state (4) - version 1, type 3, descriptor 2, client de:fb:48:7c:4f:f7",
                 "provider": "DOT1X",
-                "severity": "3"
+                "severity": 3
             },
             "host": {
                 "name": "WLC001"
@@ -912,7 +912,7 @@
                 "action": "WPA_SEND_STATE_ERR",
                 "original": "<131>WLC001: *dot1xMsgTask: Aug 29 10:58:54.242: %DOT1X-3-WPA_SEND_STATE_ERR: [PA]1x_kxsm.c:1736 Unable to send EAPOL-key msg  - invalid WPA state (0) - client de:fb:48:7c:4f:f7",
                 "provider": "DOT1X",
-                "severity": "3"
+                "severity": 3
             },
             "host": {
                 "name": "WLC001"
@@ -949,7 +949,7 @@
                 "action": "INVALID_REPLAY_CTR",
                 "original": "<131>WLC001: *Dot1x_NW_MsgTask_7: Aug 29 10:58:19.828: %DOT1X-3-INVALID_REPLAY_CTR: [PA]1x_eapkey.c:458 Invalid replay counter from client de:fb:48:7c:4f:f7 - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 01",
                 "provider": "DOT1X",
-                "severity": "3"
+                "severity": 3
             },
             "host": {
                 "name": "WLC001"
@@ -983,7 +983,7 @@
                 "action": "REPLAY_ERR",
                 "original": "<131>WLC001: *spamApTask1: Aug 29 10:47:25.944: %LWAPP-3-REPLAY_ERR: [PA]spam_lrad.c:49337 The system has received replay error on slot 0, WLAN ID 1, count 1 from AP de:fb:48:7c:4f:f7",
                 "provider": "LWAPP",
-                "severity": "3"
+                "severity": 3
             },
             "host": {
                 "name": "WLC001"
@@ -1020,7 +1020,7 @@
                 "action": "CLIENT_NOT_FOUND",
                 "original": "<131>WLC001: *Dot1x_NW_MsgTask_2: Aug 29 10:52:56.103: %DOT1X-3-CLIENT_NOT_FOUND: [PA]dot1x_msg_task.c:1847 Unable to process 802.1X 1 msg - client de:fb:48:7c:4f:f7 not found Previous message occurred 2 times.",
                 "provider": "DOT1X",
-                "severity": "3"
+                "severity": 3
             },
             "host": {
                 "name": "WLC001"
@@ -1054,7 +1054,7 @@
                 "action": "SIG_ALARM_OFF",
                 "original": "<6>1216: AP:a0e0.af8a.5c20: *Aug 22 18:14:24.651: %WIDS-6-SIG_ALARM_OFF: Attack is cleared on Sig:Standard Id:9 Channel:6",
                 "provider": "WIDS",
-                "severity": "6"
+                "severity": 6
             },
             "host": {
                 "mac": "A0-E0-AF-8A-5C-20"
@@ -1085,7 +1085,7 @@
                 "action": "INVALID_REQUEST",
                 "original": "<131>WLC001: *radiusTransportThread: Aug 29 10:58:58.000: %AAA-3-INVALID_REQUEST: [PA]radius_db.c:3923 Invalid AAA request. unknown",
                 "provider": "AAA",
-                "severity": "3"
+                "severity": 3
             },
             "host": {
                 "name": "WLC001"
@@ -1122,7 +1122,7 @@
                 "action": "AAA_AUTH_SEND_FAIL",
                 "original": "<131>WLC001: *Dot1x_NW_MsgTask_3: Aug 29 10:58:57.787: %DOT1X-3-AAA_AUTH_SEND_FAIL: [PA]1x_aaa.c:893 Unable to send AAA message for client de:fb:48:7c:4f:f7",
                 "provider": "DOT1X",
-                "severity": "3"
+                "severity": 3
             },
             "host": {
                 "name": "WLC001"
@@ -1156,7 +1156,7 @@
                 "action": "MLD_INVALID_IPV6_PKT",
                 "original": "<132>WLC001: *bcastReceiveTask: Aug 20 14:55:28.577: %BCAST-4-MLD_INVALID_IPV6_PKT: bcastMld.c:2594  Received IPV6 packet which is not a valid MLD packet",
                 "provider": "BCAST",
-                "severity": "4"
+                "severity": 4
             },
             "host": {
                 "name": "WLC001"
@@ -1190,7 +1190,7 @@
                 "action": "MOBILESTATION_NOT_FOUND",
                 "original": "<132>WLC001: *apfReceiveTask: Aug 22 10:24:20.959: %APF-4-MOBILESTATION_NOT_FOUND: apf_ms.c:8467 Could not find the mobile cc:73:14:61:b0:8f in internal database",
                 "provider": "APF",
-                "severity": "4"
+                "severity": 4
             },
             "host": {
                 "name": "WLC001"
@@ -1224,7 +1224,7 @@
                 "action": "CLIENT_ADDED_TO_RUN_STATE",
                 "original": "<190>201477: Jan 4 17:25:42.866: %CLIENT_ORCH_LOG-6-CLIENT_ADDED_TO_RUN_STATE: Chassis 2 R0/0: wncd: Username entry (00-00-00-00-00-00) joined with ssid (System-110) for device with MAC: 0000.0000.0000",
                 "provider": "CLIENT_ORCH_LOG",
-                "severity": "6"
+                "severity": 6
             },
             "log": {
                 "level": "informational",
@@ -1252,7 +1252,7 @@
                 "action": "Q_IND",
                 "original": "<132>WLC001: *spamReceiveTask: Dec 17 19:59:10.223: %LOG-3-Q_IND: mm_aplist.c:734 Could not delete an AP from the AP list.",
                 "provider": "LOG",
-                "severity": "3"
+                "severity": 3
             },
             "host": {
                 "name": "WLC001"
@@ -1286,7 +1286,7 @@
                 "action": "Q_IND",
                 "original": "<132>WLC001: *spamApTask4: Jun 08 04:26:43.773: %LOG-3-Q_IND: spam_lrad.c:11366 Country code (CN ) not configured for AP 6c:99:89:b0:XX:XX[…It occurred 2 times.!]",
                 "provider": "LOG",
-                "severity": "3"
+                "severity": 3
             },
             "host": {
                 "name": "WLC001"
@@ -1320,7 +1320,7 @@
                 "action": "Q_IND",
                 "original": "<132>WLC001: *emWeb: Jan 22 11:42:50.501: %LOG-3-Q_IND: spam_lrad.c:52448 The system is unable to find WLAN 1 to be deleted; AP XX:XX:XX:XX:XX:XX[...It occurred 3 times.!]",
                 "provider": "LOG",
-                "severity": "3"
+                "severity": 3
             },
             "host": {
                 "name": "WLC001"
@@ -1354,7 +1354,7 @@
                 "action": "CCMP_REPLAY",
                 "original": "<4>6642: AP:abcd.9876.0123: *Jul  9 09:06:15.007: %DOT11-4-CCMP_REPLAY: Client 1234.efab.11ab had 1 AES-CCMP TSC replays",
                 "provider": "DOT11",
-                "severity": "4"
+                "severity": 4
             },
             "host": {
                 "mac": "AB-CD-98-76-01-23"
@@ -1377,4 +1377,4 @@
             ]
         }
     ]
-}
+}
diff --git a/packages/cisco_aironet/data_stream/log/sample_event.json b/packages/cisco_aironet/data_stream/log/sample_event.json
@@ -1,11 +1,11 @@
 {
-    "@timestamp": "2023-08-20T11:25:50.157Z",
+    "@timestamp": "2024-08-20T11:25:50.157Z",
     "agent": {
-        "ephemeral_id": "94e446a1-23f6-4982-887b-d3d087059aaa",
-        "id": "f25d13cd-18cc-4e73-822c-c4f849322623",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "c47efe0f-c0e2-444b-b292-a9ec40271d4b",
+        "id": "0335de7e-b2c1-4352-bf23-c023d21c1252",
+        "name": "elastic-agent-54493",
         "type": "filebeat",
-        "version": "8.10.1"
+        "version": "8.15.3"
     },
     "cisco": {
         "interface": {
@@ -17,25 +17,25 @@
     },
     "data_stream": {
         "dataset": "cisco_aironet.log",
-        "namespace": "ep",
+        "namespace": "59495",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "f25d13cd-18cc-4e73-822c-c4f849322623",
+        "id": "0335de7e-b2c1-4352-bf23-c023d21c1252",
         "snapshot": false,
-        "version": "8.10.1"
+        "version": "8.15.3"
     },
     "event": {
         "action": "ENTRY_DELETED",
         "agent_id_status": "verified",
         "dataset": "cisco_aironet.log",
-        "ingested": "2023-09-25T17:34:47Z",
+        "ingested": "2024-11-04T21:04:12Z",
         "original": "<134>WLC001: *SISF BT Process: Aug 20 11:25:50.157: %SISF-6-ENTRY_DELETED: sisf_shim_utils.c:482 Entry deleted A=fe80::aee2:d3ff:feba:56a4 V=0 I=wired:1 P=0000 M=",
         "provider": "SISF",
-        "severity": "6",
+        "severity": 6,
         "timezone": "+00:00"
     },
     "host": {
@@ -47,7 +47,7 @@
     "log": {
         "level": "informational",
         "source": {
-            "address": "192.168.80.7:42857"
+            "address": "172.29.0.3:33867"
         },
         "syslog": {
             "facility": {