Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change url.host.name to url.hostname #8732

Merged
merged 1 commit into from
Oct 24, 2018
Merged

Change url.host.name to url.hostname #8732

merged 1 commit into from
Oct 24, 2018

Conversation

andrewkroh
Copy link
Member

This update the Filebeat Suricata module to use url.hostname instead of url.host.name.

@andrewkroh
Change url.host.name to url.hostname
33a25ab 
This update the Filebeat Suricata module to use url.hostname instead of url.host.name.
@andrewkroh andrewkroh requested a review from webmat October 24, 2018 16:53
webmat
webmat approved these changes Oct 24, 2018
View reviewed changes
Copy link
Contributor

@webmat webmat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Note that before you go around all other beats to do the same elsewhere, you may want to wait for elastic/ecs#144 to get merged (host.name => host.hostname).

@andrewkroh andrewkroh merged commit ff8f674 into elastic:master Oct 24, 2018
andrewkroh pushed a commit to andrewkroh/beats that referenced this pull request Oct 24, 2018
@ph @andrewkroh
Change url.host.name to url.hostname (elastic#8732)
c09f3c7 
This update the Filebeat Suricata module to use url.hostname instead of url.host.name.
andrewkroh added a commit that referenced this pull request Oct 24, 2018
@andrewkroh
Cherry-pick #8693 to 6.x: Add Suricata module to Filebeat (#8728)
fa70b90 
* Add Suricata module to Filebeat (#8693)

This adds a Filebeat module for ingesting the logs created by Suricata IDS/IPS/NSM. The module collects the logs from the Suricata Eve JSON output (https://suricata.readthedocs.io/en/latest/output/eve/eve-json-format.html). #8153

The module is included in the Elastic licensed Filebeat package. It is considered beta at this stage. It includes two sample dashboards.

It uses Elastic Common Schema (ECS) for field naming were applicable, but it has to work-around the conflict with the existing source field in Filebeat. source_ecs holds the data that goes into the ECS source field. This will be rectified in the next major release when we can make a breaking change.

The development tooling for the building/testing/packaging of x-pack modules is still a bit of a WIP. So at the moment testing and packaging continues to happen through the OSS filebeat directory.

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
Co-authored-by: Mathieu Martin <mathieu.martin@elastic.co>
Co-authored-by: Tudor Golubenco <tudor@elastic.co>
(cherry picked from commit 3e1b03e)

* Change url.host.name to url.hostname (#8732)

This update the Filebeat Suricata module to use url.hostname instead of url.host.name.

* Add fields used by Suricata module

Add fields used by Suricata module to fields.yml. Some of these are in ECS.

event.type
destination.ip
destination.port
user_agent.original
user_agent.device
user_agent.version
user_agent.major
user_agent.minor
user_agent.patch
user_agent.name
user_agent.os.name
user_agent.os.full_name (non-ECS)
user_agent.os.version
user_agent.os.major
user_agent.os.minor
file.path
file.size
@andrewkroh andrewkroh deleted the feature/fb/suricata-url-hostname branch November 8, 2018 20:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@webmat webmat webmat approved these changes

Assignees
No one assigned
Labels
Filebeat Filebeat review v6.5.0 v7.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@andrewkroh @webmat