From b9e246e1ac708d187e6f856b3f8f43144e69a596 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Tue, 14 Jul 2020 17:50:41 -0400 Subject: [PATCH] Pass-thru other panw.panos log types (#19375) (#19473) This removes the drop processor from the ingest node pipeline that drops events other than THREAT and TRAFFIC. This way we can retain the other log data but don't necessarily handle the parsing of it. Closes https://github.com/elastic/beats/issues/16815 (cherry picked from commit 53b32f9869d0dbff250adc74634bdba0a5ed352e) --- CHANGELOG.next.asciidoc | 2 + .../module/panw/panos/ingest/pipeline.yml | 2 - .../test/pan_inc_other.log-expected.json | 660 ++++++++++++++++++ 3 files changed, 662 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index bd76de5b2f8..a90cfb45855 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -515,6 +515,8 @@ field. You can revert this change by configuring tags for the module and omittin - Add new mode to multiline reader to aggregate constant number of lines {pull}18352[18352] - Explicitly set ECS version in all Filebeat modules. {pull}19198[19198] - Add awscloudwatch input. {pull}19025[19025] +- Add automatic retries and exponential backoff to httpjson input. {pull}18956[18956] +- Changed the panw module to pass through (rather than drop) message types other than threat and traffic. {issue}16815[16815] {pull}19375[19375] - Add support for timezone offsets and `Z` to decode_cef timestamp parser. {pull}19346[19346] - Improve ECS categorization field mappings in traefik module. {issue}16183[16183] {pull}19379[19379] - Improve ECS categorization field mappings in azure module. {issue}16155[16155] {pull}19376[19376] diff --git a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml index 0ec9861067e..7cc44f287b6 100644 --- a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml +++ b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml @@ -197,8 +197,6 @@ processors: - intrusion_detection - network if: 'ctx?._temp_?.message_type == "THREAT"' - - drop: - if: 'ctx?.event?.category == null' - append: field: event.type value: allowed diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json index 08d6f6219e4..c4d59a09d91 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json @@ -1,4 +1,664 @@ [ + { + "@timestamp": "2012-02-25T00:51:50.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 0, + "log.original": "Mar 25 23:58:57 1,2013/03/25 23:58:57,1606001116,CONFIG,0,0,2012/02/25 00:51:50,192.168.0.2,,set,admin,Web,Succeeded, config shared local-user-database user badguy,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "1606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-02-25T00:53:22.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 171, + "log.original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,CONFIG,0,0,2012/02/25 00:53:22,192.168.0.2,,set,admin,Web,Succeeded, config mgt-config users badguy,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "1606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-02-25T00:53:40.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 327, + "log.original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,CONFIG,0,0,2012/02/25 00:53:40,192.168.0.2,,commit,admin,Web,Submitted,,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "1606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-02-25T00:53:53.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 454, + "log.original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,routing,0,2012/02/25 00:53:53,,routed-config-p1-success,,0,0,general,informational,Route daemon configuration load phase-1 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "1606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-02-25T00:53:56.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 650, + "log.original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,vpn,0,2012/02/25 00:53:56,,ike-config-p1-success,,0,0,general,informational,IKE daemon configuration load phase-1 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "1606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-02-25T00:54:16.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 837, + "log.original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,routing,0,2012/02/25 00:54:16,,routed-config-p2-success,,0,0,general,informational,Route daemon configuration load phase-2 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "1606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-02-25T00:54:16.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 1033, + "log.original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,ras,0,2012/02/25 00:54:16,,rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "1606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-02-25T00:57:17.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 1226, + "log.original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,CONFIG,0,0,2012/02/25 00:57:17,192.168.0.2,,edit,badguy,Web,Succeeded, vsys vsys1 profiles url-filtering monzyspolicy,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "1606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-02-25T00:57:36.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 1401, + "log.original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,CONFIG,0,0,2012/02/25 00:57:36,192.168.0.2,,commit,badguy,Web,Submitted,,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "1606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-02-25T00:57:49.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 1529, + "log.original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,routing,0,2012/02/25 00:57:49,,routed-config-p1-success,,0,0,general,informational,Route daemon configuration load phase-1 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "1606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-02-25T00:57:52.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 1725, + "log.original": "Mar 25 23:59:02 1,2013/03/25 23:59:02,1606001116,SYSTEM,vpn,0,2012/02/25 00:57:52,,ike-config-p1-success,,0,0,general,informational,IKE daemon configuration load phase-1 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "1606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-02-25T00:58:12.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 1912, + "log.original": "Mar 25 23:59:07 1,2013/03/25 23:59:07,1606001116,SYSTEM,routing,0,2012/02/25 00:58:12,,routed-config-p2-success,,0,0,general,informational,Route daemon configuration load phase-2 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "1606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-02-25T00:58:12.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 2108, + "log.original": "Mar 25 23:59:07 1,2013/03/25 23:59:07,1606001116,SYSTEM,vpn,0,2012/02/25 00:58:12,,ike-config-p2-success,,0,0,general,informational,IKE daemon configuration load phase-2 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "1606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-02-25T00:58:12.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 2295, + "log.original": "Mar 25 23:59:07 1,2013/03/25 23:59:07,1606001116,SYSTEM,ras,0,2012/02/25 00:58:12,,rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "1606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-02-25T00:58:14.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 2488, + "log.original": "Mar 25 23:59:07 1,2013/03/25 23:59:07,1606001116,SYSTEM,general,1,2012/02/25 00:58:14,,unknown,,0,0,general,informational,Config installed,909,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "1606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-02-25T00:59:36.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 2635, + "log.original": "Mar 25 23:59:07 1,2013/03/25 23:59:07,1606001116,SYSTEM,general,0,2012/02/25 00:59:36,,general,,0,0,general,informational,Log type config cleared by user badguy ,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "1606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-04-10T03:11:57.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 2803, + "log.original": "Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,SYSTEM,general,1,2012/04/10 03:11:57,,unknown,,0,0,general,informational,Config installed,884,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "01606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-04-10T03:11:56.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 2951, + "log.original": "Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,SYSTEM,ras,0,2012/04/10 03:11:56,,rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "01606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-04-10T03:11:56.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 3145, + "log.original": "Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,SYSTEM,vpn,0,2012/04/10 03:11:56,,ike-config-p2-success,,0,0,general,informational,IKE daemon configuration load phase-2 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "01606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-04-10T03:11:56.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 3333, + "log.original": "Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,SYSTEM,routing,0,2012/04/10 03:11:56,,routed-config-p2-success,,0,0,general,informational,Route daemon configuration load phase-2 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "01606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-04-10T03:06:11.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 3530, + "log.original": "Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,SYSTEM,ras,0,2012/04/10 03:06:11,,rasmgr-config-p1-success,,0,0,general,informational,RASMGR daemon configuration load phase-1 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "01606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-04-10T03:06:00.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 3724, + "log.original": "Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,routing,0,2012/04/10 03:06:00,,routed-config-p1-success,,0,0,general,informational,Route daemon configuration load phase-1 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "01606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-04-09T09:02:53.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 3921, + "log.original": "Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,general,1,2012/04/09 09:02:53,,unknown,,0,0,general,informational,Config installed,840,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "01606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-04-09T09:02:52.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 4069, + "log.original": "Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,ras,0,2012/04/09 09:02:52,,rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "01606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-04-09T09:02:52.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 4263, + "log.original": "Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,vpn,0,2012/04/09 09:02:52,,ike-config-p2-success,,0,0,general,informational,IKE daemon configuration load phase-2 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "01606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-04-09T09:02:52.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 4451, + "log.original": "Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,routing,0,2012/04/09 09:02:52,,routed-config-p2-success,,0,0,general,informational,Route daemon configuration load phase-2 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "01606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-04-09T09:00:55.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 4648, + "log.original": "Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,ras,0,2012/04/09 09:00:55,,rasmgr-config-p1-success,,0,0,general,informational,RASMGR daemon configuration load phase-1 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "01606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-04-09T09:00:52.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 4842, + "log.original": "Mar 25 23:59:27 1,2013/03/25 23:59:27,01606001116,SYSTEM,vpn,0,2012/04/09 09:00:52,,ike-config-p1-success,,0,0,general,informational,IKE daemon configuration load phase-1 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "01606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-04-09T09:00:35.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 5030, + "log.original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,CONFIG,0,0,2012/04/09 09:00:35,192.168.0.2,,commit,admin,Web,Submitted,,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "01606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-04-09T09:00:20.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 5158, + "log.original": "Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,CONFIG,0,0,2012/04/09 09:00:20,192.168.0.2,,edit,admin,Web,Succeeded, vsys vsys1 profiles data-objects PII,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "01606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-04-09T03:21:53.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 5323, + "log.original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,SYSTEM,general,1,2012/04/09 03:21:53,,unknown,,0,0,general,informational,Config installed,821,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "01606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-04-09T03:21:53.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 5471, + "log.original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,SYSTEM,ras,0,2012/04/09 03:21:53,,rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "01606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, + { + "@timestamp": "2012-04-09T03:21:53.000-02:00", + "event.dataset": "panw.panos", + "event.module": "panw", + "event.outcome": "success", + "event.timezone": "-02:00", + "fileset.name": "panos", + "input.type": "log", + "log.offset": 5665, + "log.original": "Mar 25 23:59:47 1,2013/03/25 23:59:47,01606001116,SYSTEM,vpn,0,2012/04/09 03:21:53,,ike-config-p2-success,,0,0,general,informational,IKE daemon configuration load phase-2 succeeded.,0,0x0", + "observer.product": "PAN-OS", + "observer.serial_number": "01606001116", + "observer.type": "firewall", + "observer.vendor": "Palo Alto Networks", + "service.type": "panw", + "tags": [ + "pan-os", + "forwarded" + ] + }, { "@timestamp": "2012-04-10T04:39:56.000-02:00", "client.bytes": 78,