Skip to content

Commit

Permalink
Add panw.panos.endreason field (#18705) (#20531)
Browse files Browse the repository at this point in the history
PANW firewalls expone why a session is ended (endreason). Currenlty it's not tracked.
End reason is important to track down why a specific session is ended (timeout, rst from client/server...). This adds panw.panos.endreason.

Co-authored-by: Andrea Dainese <[email protected]>
Co-authored-by: Adrian Serrano <[email protected]>
(cherry picked from commit 6c0c3bf)

Co-authored-by: dainok <[email protected]>
  • Loading branch information
andrewkroh and dainok authored Aug 11, 2020
1 parent 0aa391f commit ba9c7a1
Show file tree
Hide file tree
Showing 6 changed files with 118 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ field. You can revert this change by configuring tags for the module and omittin
- Adds Gsuite Groups support. {pull}19725[19725]
- Move file metrics to dataset endpoint {pull}19977[19977]
- Disable the option of running --machine-learning on its own. {pull}20241[20241]
- Tracking session end reason in panw module. {pull}18705[18705]

*Heartbeat*

Expand Down
10 changes: 10 additions & 0 deletions filebeat/docs/fields.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -105249,6 +105249,16 @@ type: long

--

*`panw.panos.endreason`*::
+
--
The reason a session terminated.


type: keyword

--

[float]
=== network

Expand Down
2 changes: 1 addition & 1 deletion x-pack/filebeat/module/panw/fields.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions x-pack/filebeat/module/panw/panos/_meta/fields.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,11 @@
description: >
Post-NAT destination port.
- name: endreason
type: keyword
description: >
The reason a session terminated.
- name: network
type: group
description: >
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/panw/panos/config/input.yml
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ processors:
source.packets: 44
server.packets: 45
destination.packets: 45
panw.panos.endreason: 46
observer.hostname: 52

- extract_array:
Expand Down
Loading

0 comments on commit ba9c7a1

Please sign in to comment.