Skip to content

Commit

Permalink
Remove f5/firepass rsa2elk fileset (#20160) (#20206)
Browse files Browse the repository at this point in the history
Won't be shipping this fileset as the product is EOL.

(cherry picked from commit 390a86d)
  • Loading branch information
adriansr authored Jul 23, 2020
1 parent 2bd1d45 commit 93c97cf
Show file tree
Hide file tree
Showing 16 changed files with 1 addition and 8,575 deletions.
1 change: 0 additions & 1 deletion CHANGELOG.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,6 @@ field. You can revert this change by configuring tags for the module and omittin
- Add experimental dataset cisco/nexus for Cisco Nexus logs {pull}19713[19713]
- Add experimental dataset citrix/virtualapps for Citrix Virtual Apps logs {pull}19713[19713]
- Add experimental dataset cylance/protect for Cylance Protect logs {pull}19713[19713]
- Add experimental dataset f5/firepass for F5 FirePass SSL VPN logs {pull}19713[19713]
- Add experimental dataset fortinet/clientendpoint for Fortinet FortiClient Endpoint Protection logs {pull}19713[19713]
- Add experimental dataset imperva/securesphere for Imperva Secure Sphere logs {pull}19713[19713]
- Add experimental dataset infoblox/nios for Infoblox Network Identity Operating System logs {pull}19713[19713]
Expand Down
45 changes: 0 additions & 45 deletions filebeat/docs/modules/f5.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -67,51 +67,6 @@ will be found under `rsa.raw`. The default is false.

:fileset_ex!:

[float]
==== `firepass` fileset settings

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "firepass" device revision 0.

*`var.input`*::

The input from which messages are read. One of `file`, `tcp` or `udp`.

*`var.syslog_host`*::

The address to listen to UDP or TCP based syslog traffic.
Defaults to `localhost`.
Set to `0.0.0.0` to bind to all available interfaces.

*`var.syslog_port`*::

The port to listen for syslog traffic. Defaults to `9509`

NOTE: Ports below 1024 require Filebeat to run as root.

*`var.tz_offset`*::

By default, datetimes in the logs will be interpreted as relative to
the timezone configured in the host where {beatname_uc} is running. If ingesting
logs from a host on a different timezone, use this field to set the timezone
offset so that datetimes are correctly parsed. Valid values are in the form
±HH:mm, for example, `-07:00` for `UTC-7`.

*`var.rsa_fields`*::

Flag to control the addition of non-ECS fields to the event. Defaults to true,
which causes both ECS and custom fields under `rsa` to be are added.

*`var.keep_raw_fields`*::

Flag to control the addition of the raw parser fields to the event. This fields
will be found under `rsa.raw`. The default is false.

:has-dashboards!:

:fileset_ex!:

:modulename!:


Expand Down
1 change: 0 additions & 1 deletion filebeat/tests/system/test_modules.py
Original file line number Diff line number Diff line change
Expand Up @@ -235,7 +235,6 @@ def clean_keys(obj):
"cef.log",
"cisco.asa",
"cisco.ios",
"f5.firepass",
"fortinet.clientendpoint",
"haproxy.log",
"icinga.startup",
Expand Down
19 changes: 0 additions & 19 deletions x-pack/filebeat/filebeat.reference.yml
Original file line number Diff line number Diff line change
Expand Up @@ -600,25 +600,6 @@ filebeat.modules:
# "+02:00" for GMT+02:00
# var.tz_offset: local

firepass:
enabled: true

# Set which input to use between udp (default), tcp or file.
# var.input: udp
# var.syslog_host: localhost
# var.syslog_port: 9509

# Set paths for the log files when file input is used.
# var.paths:

# Toggle output of non-ECS fields (default true).
# var.rsa_fields: true

# Set custom timezone offset.
# "local" (default) for system timezone.
# "+02:00" for GMT+02:00
# var.tz_offset: local

#------------------------------- Fortinet Module -------------------------------
- module: fortinet
firewall:
Expand Down
19 changes: 0 additions & 19 deletions x-pack/filebeat/module/f5/_meta/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,22 +17,3 @@
# "local" (default) for system timezone.
# "+02:00" for GMT+02:00
# var.tz_offset: local

firepass:
enabled: true

# Set which input to use between udp (default), tcp or file.
# var.input: udp
# var.syslog_host: localhost
# var.syslog_port: 9509

# Set paths for the log files when file input is used.
# var.paths:

# Toggle output of non-ECS fields (default true).
# var.rsa_fields: true

# Set custom timezone offset.
# "local" (default) for system timezone.
# "+02:00" for GMT+02:00
# var.tz_offset: local
45 changes: 0 additions & 45 deletions x-pack/filebeat/module/f5/_meta/docs.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -62,50 +62,5 @@ will be found under `rsa.raw`. The default is false.

:fileset_ex!:

[float]
==== `firepass` fileset settings

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "firepass" device revision 0.

*`var.input`*::

The input from which messages are read. One of `file`, `tcp` or `udp`.

*`var.syslog_host`*::

The address to listen to UDP or TCP based syslog traffic.
Defaults to `localhost`.
Set to `0.0.0.0` to bind to all available interfaces.

*`var.syslog_port`*::

The port to listen for syslog traffic. Defaults to `9509`

NOTE: Ports below 1024 require Filebeat to run as root.

*`var.tz_offset`*::

By default, datetimes in the logs will be interpreted as relative to
the timezone configured in the host where {beatname_uc} is running. If ingesting
logs from a host on a different timezone, use this field to set the timezone
offset so that datetimes are correctly parsed. Valid values are in the form
±HH:mm, for example, `-07:00` for `UTC-7`.

*`var.rsa_fields`*::

Flag to control the addition of non-ECS fields to the event. Defaults to true,
which causes both ECS and custom fields under `rsa` to be are added.

*`var.keep_raw_fields`*::

Flag to control the addition of the raw parser fields to the event. This fields
will be found under `rsa.raw`. The default is false.

:has-dashboards!:

:fileset_ex!:

:modulename!:

2 changes: 1 addition & 1 deletion x-pack/filebeat/module/f5/fields.go

Large diffs are not rendered by default.

Loading

0 comments on commit 93c97cf

Please sign in to comment.