Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #17682 to 7.x: Checkpoint Syslog Filebeat module #17838

Merged
merged 2 commits into from
Apr 22, 2020
Merged

Cherry-pick #17682 to 7.x: Checkpoint Syslog Filebeat module #17838

merged 2 commits into from
Apr 22, 2020

Conversation

andrewkroh
Copy link
Member

@andrewkroh andrewkroh commented Apr 20, 2020
edited by zube bot
Loading

Cherry-pick of PR #17682 to 7.x branch. Original message:

What does this PR do?

This PR adds checkpoint filebeat module.

The difference between this module and the CEF checkpoint module is that this is utilizing the syslog output format instead of CEF.

This output format supports a much larger set of fields from Checkpoint.

This is a collaboration work with @adriansr .

Why is it important?

Adding more supported products to the filebeat portfolio.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Closes #16041

Nosetests run successfully:
INTEGRATION_TESTS=1 BEAT_STRICT_PERMS=false TESTING_FILEBEAT_MODULES=checkpoint nosetests -v -s tests/system/test_xpack_modules.py

@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@P1llus @andrewkroh
Checkpoint Syslog Filebeat module (elastic#17682)
517e76e 
This adds a CheckPoint Filebeat module.

The difference between this module and the CEF checkpoint module is that this is utilizing the syslog output format instead of CEF.

This syslog output format supports a much larger set of fields from Checkpoint.

(cherry picked from commit afc3a49)
@andrewkroh andrewkroh merged commit 44cd474 into elastic:7.x Apr 22, 2020
@andrewkroh andrewkroh deleted the backport_17682_7.x branch January 14, 2022 14:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaiyan-sheng kaiyan-sheng kaiyan-sheng approved these changes

Assignees
No one assigned
Labels
backport review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@andrewkroh @elasticmachine @kaiyan-sheng @P1llus