Update CheckPoint package with RFC 5424 parsing fix #351
Conversation
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
|
Sync the change from elastic/beats#21854 to use the UDP input instead of syslog input to allow for RFC 5424 syslog parsing.
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
| @@ -36,9 +36,9 @@ policy_templates: | |||
| type: text | |||
| title: Paths | |||
| multi: true | |||
| required: false | |||
| required: true | |||
There was a problem hiding this comment.
So, quick question, based off of https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-checkpoint.html#_firewall_fileset_settings -- it looks like this isn't necessarily required and filebeat will default to globbing on known system log directories? Just wondering why the switch?
There was a problem hiding this comment.
Neither the module nor the package specify default paths for the CheckPoint log files. Probably because there isn't a standard path due to syslog streaming being the primary delivery means.
I marked it as required to prevent the package from being installed without setting any path. If you start the logfile stream without any paths it will cause an error in filebeat since it cannot start the log input without any paths.
* Update CheckPoint package with RFC 5424 parsing fix Sync the change from elastic/beats#21854 to use the UDP input instead of syslog input to allow for RFC 5424 syslog parsing. * paths is required for logfile
What does this PR do?
Sync the change from elastic/beats#21854 to use the UDP input instead of syslog input
to allow for RFC 5424 syslog parsing.
Checklist