Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #18376 to 7.8: Fix Cisco ASA/FTD msgs that use a host name as NAT address #18545

Merged
merged 1 commit into from
May 15, 2020
Merged

Cherry-pick #18376 to 7.8: Fix Cisco ASA/FTD msgs that use a host name as NAT address #18545

merged 1 commit into from
May 15, 2020

Conversation

adriansr
Copy link
Contributor

Cherry-pick of PR #18376 to 7.8 branch. Original message:

What does this PR do?

Fixes the ingestion of Cisco ASA/FTD events that have a hostname as a NAT target, where an IP was expected.

Why is it important?

Because some NAT setups were causing ingestion failures.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@adriansr
Fix Cisco ASA/FTD msgs that use a host name as NAT address (elastic#1…
ff20e7a 
…8376)

Sometimes the mapped source/destination IP field of an event is a hostname
instead of an IP address. This caused ingestion of the event to fail.

This patch makes the asa-ftd-pipeline to only populate those fields when
a valid IP address is found.

In the future we may want to revisit this if .nat.domain or
.nat.address fields become available.

(cherry picked from commit b24ed97)
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label May 14, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label May 14, 2020
@elasticmachine
Copy link
Collaborator

💔 Build Failed

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

Test stats 🧪

Test Results
Failed 0
Passed 1451
Skipped 289
Total 1740

Steps errors

Expand to view the steps failures

  • Name: Mage update build test

    • Description: mage update build test

    • Result: FAILURE

    • Duration: 7 min 25 sec

    • Start Time: 2020-05-14T19:59:45.300+0000

    • log

Log output

Expand to view the last 100 lines of log output 

[2020-05-14T20:28:24.519Z] 	at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:67)
[2020-05-14T20:28:24.519Z] 	at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
[2020-05-14T20:28:24.519Z] 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[2020-05-14T20:28:24.519Z] 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[2020-05-14T20:28:24.519Z] 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[2020-05-14T20:28:24.519Z] 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[2020-05-14T20:28:24.519Z] 	at java.lang.Thread.run(Thread.java:748)
[2020-05-14T20:28:24.519Z] No artifacts found that match the file pattern "**/build/TEST*.out". Configuration error?
[2020-05-14T20:28:25.012Z] + curl -sSLo codecov https://codecov.io/bash
[2020-05-14T20:28:25.274Z] + FILE=auditbeat/build/coverage/full.cov
[2020-05-14T20:28:25.274Z] + [ -f auditbeat/build/coverage/full.cov ]
[2020-05-14T20:28:25.274Z] + FILE=filebeat/build/coverage/full.cov
[2020-05-14T20:28:25.274Z] + [ -f filebeat/build/coverage/full.cov ]
[2020-05-14T20:28:25.274Z] + bash codecov -f filebeat/build/coverage/full.cov
[2020-05-14T20:28:25.274Z] 
[2020-05-14T20:28:25.274Z]   _____          _
[2020-05-14T20:28:25.274Z]  / ____|        | |
[2020-05-14T20:28:25.274Z] | |     ___   __| | ___  ___ _____   __
[2020-05-14T20:28:25.274Z] | |    / _ \ / _` |/ _ \/ __/ _ \ \ / /
[2020-05-14T20:28:25.274Z] | |___| (_) | (_| |  __/ (_| (_) \ V /
[2020-05-14T20:28:25.274Z]  \_____\___/ \__,_|\___|\___\___/ \_/
[2020-05-14T20:28:25.274Z]                               Bash-tbd
[2020-05-14T20:28:25.274Z] 
[2020-05-14T20:28:25.274Z] 
[2020-05-14T20:28:25.274Z] ==> Jenkins CI detected.
[2020-05-14T20:28:25.274Z]     project root: .
[2020-05-14T20:28:25.274Z]     Yaml found at: codecov.yml
[2020-05-14T20:28:25.274Z]     -> Found 1 reports
[2020-05-14T20:28:25.274Z] ==> Detecting git/mercurial file structure
[2020-05-14T20:28:25.538Z] ==> Reading reports
[2020-05-14T20:28:25.538Z]     + filebeat/build/coverage/full.cov bytes=263687
[2020-05-14T20:28:25.538Z] ==> Appending adjustments
[2020-05-14T20:28:25.538Z]     http://docs.codecov.io/docs/fixing-reports
[2020-05-14T20:28:35.564Z]     + Found adjustments
[2020-05-14T20:28:35.564Z] ==> Gzipping contents
[2020-05-14T20:28:35.564Z] ==> Uploading reports
[2020-05-14T20:28:35.564Z]     url: https://codecov.io
[2020-05-14T20:28:35.564Z]     query: branch=PR-18545&commit=ff20e7afea45c083740869d5ef7bd4b822d27158&build=1&build_url=https%3A%2F%2Fbeats-ci.elastic.co%2Fjob%2FBeats%2Fjob%2Fbeats-beats-mbp%2Fjob%2FPR-18545%2F1%2F&name=&tag=&slug=elastic%2Fbeats&service=jenkins&flags=&pr=18545&job=
[2020-05-14T20:28:35.564Z]     -> Pinging Codecov
[2020-05-14T20:28:35.564Z] https://codecov.io/upload/v4?package=bash-tbd&token=secret&branch=PR-18545&commit=ff20e7afea45c083740869d5ef7bd4b822d27158&build=1&build_url=https%3A%2F%2Fbeats-ci.elastic.co%2Fjob%2FBeats%2Fjob%2Fbeats-beats-mbp%2Fjob%2FPR-18545%2F1%2F&name=&tag=&slug=elastic%2Fbeats&service=jenkins&flags=&pr=18545&job=
[2020-05-14T20:28:35.564Z] HTTP 400
[2020-05-14T20:28:35.564Z] Please provide the repository token to upload reports via `-t :repository-token`
[2020-05-14T20:28:35.564Z] + FILE=heartbeat/build/coverage/full.cov
[2020-05-14T20:28:35.564Z] + [ -f heartbeat/build/coverage/full.cov ]
[2020-05-14T20:28:35.564Z] + FILE=libbeat/build/coverage/full.cov
[2020-05-14T20:28:35.564Z] + [ -f libbeat/build/coverage/full.cov ]
[2020-05-14T20:28:35.564Z] + FILE=metricbeat/build/coverage/full.cov
[2020-05-14T20:28:35.564Z] + [ -f metricbeat/build/coverage/full.cov ]
[2020-05-14T20:28:35.564Z] + FILE=packetbeat/build/coverage/full.cov
[2020-05-14T20:28:35.564Z] + [ -f packetbeat/build/coverage/full.cov ]
[2020-05-14T20:28:35.564Z] + FILE=winlogbeat/build/coverage/full.cov
[2020-05-14T20:28:35.564Z] + [ -f winlogbeat/build/coverage/full.cov ]
[2020-05-14T20:28:35.564Z] + FILE=journalbeat/build/coverage/full.cov
[2020-05-14T20:28:35.564Z] + [ -f journalbeat/build/coverage/full.cov ]
[2020-05-14T20:28:38.787Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18545/src/github.com/elastic/beats
[2020-05-14T20:28:39.140Z] + find . -type f -name TEST*.xml -path */build/* -delete
[2020-05-14T20:28:39.167Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18545/src/github.com/elastic/beats/Lint
[2020-05-14T20:28:39.326Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18545/src/github.com/elastic/beats/Filebeat-x-pack
[2020-05-14T20:28:39.501Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18545/src/github.com/elastic/beats/Filebeat-Windows
[2020-05-14T20:28:39.732Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18545/src/github.com/elastic/beats/Filebeat-oss
[2020-05-14T20:28:40.234Z] + cat
[2020-05-14T20:28:40.235Z] + /usr/local/bin/runbld ./runbld-script
[2020-05-14T20:28:40.235Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-05-14T20:28:46.853Z] runbld>>> runbld started
[2020-05-14T20:28:46.853Z] runbld>>> 1.6.11/a66728ff8f4356963772e6e6d2069392fa06acbe
[2020-05-14T20:28:49.415Z] runbld>>> The following profiles matched the job 'Beats/beats-beats-mbp/PR-18545' in order of occurrence in the config (last value wins).
[2020-05-14T20:28:50.360Z] runbld>>> Debug logging enabled.
[2020-05-14T20:28:50.360Z] runbld>>> Storing result
[2020-05-14T20:28:50.624Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-05-14T20:28:50.624Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200514202850-3CAF4F1F
[2020-05-14T20:28:50.624Z] runbld>>> Adding system facts.
[2020-05-14T20:28:51.572Z] runbld>>> Adding vcs info for the latest commit:  ff20e7afea45c083740869d5ef7bd4b822d27158
[2020-05-14T20:28:52.148Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-05-14T20:28:52.148Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-05-14T20:28:52.148Z] Processing JUnit reports with runbld...
[2020-05-14T20:28:52.148Z] + echo 'Processing JUnit reports with runbld...'
[2020-05-14T20:28:52.410Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-05-14T20:28:52.410Z] runbld>>> DURATION: 16ms
[2020-05-14T20:28:52.410Z] runbld>>> STDOUT: 40 bytes
[2020-05-14T20:28:52.410Z] runbld>>> STDERR: 49 bytes
[2020-05-14T20:28:52.410Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-05-14T20:28:52.410Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18545/src/github.com/elastic/beats
[2020-05-14T20:28:53.799Z] runbld>>> Storing build metadata: 
[2020-05-14T20:28:53.799Z] runbld>>> Adding test report.
[2020-05-14T20:28:53.799Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18545/src/github.com/elastic/beats
[2020-05-14T20:28:55.192Z] runbld>>> Found 5 test output files
[2020-05-14T20:28:55.767Z] runbld>>> Test output logs contained: Errors: 0 Failures: 0 Tests: 1740 Skipped: 280
[2020-05-14T20:28:55.767Z] runbld>>> Storing result
[2020-05-14T20:28:55.767Z] runbld>>> FAILURES: 0
[2020-05-14T20:28:56.030Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-05-14T20:28:56.030Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200514202850-3CAF4F1F
[2020-05-14T20:28:56.030Z] runbld>>> Email notification disabled by environment variable.
[2020-05-14T20:28:56.030Z] runbld>>> Slack notification disabled by environment variable.
[2020-05-14T20:29:02.314Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-18545
[2020-05-14T20:29:02.794Z] [INFO] getVaultSecret: Getting secrets
[2020-05-14T20:29:02.874Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-05-14T20:29:04.040Z] + chmod 755 generate-build-data.sh
[2020-05-14T20:29:04.041Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-18545/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-18545/runs/1 FAILURE 3213312
[2020-05-14T20:29:04.722Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-18545/runs/1/steps/?limit=10000 -o steps-info.json
[2020-05-14T20:29:05.273Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-18545/runs/1/tests/?status=FAILED -o tests-errors.json

@adriansr adriansr merged commit 810143b into elastic:7.8 May 15, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaiyan-sheng kaiyan-sheng kaiyan-sheng approved these changes

Assignees
No one assigned
Labels
backport review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@adriansr @elasticmachine @kaiyan-sheng