Skip to content

Commit

Permalink
[microsoft_dhcp] map DHCP client to source.* and server to host.* (#7633
Browse files Browse the repository at this point in the history 
)
  • Loading branch information
@xtruthx
xtruthx authored Nov 2, 2023
1 parent 5d5aec7 commit 31da033
Show file tree
Hide file tree
Showing 10 changed files with 213 additions and 221 deletions.
5 changes: 5 additions & 0 deletions packages/microsoft_dhcp/changelog.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.23.0"
changes:
- description: Fix the values of host.* and introduce source.*
type: enhancement
link: https://github.com/elastic/integrations/pull/7633
- version: "1.22.0"
changes:
- description: Improve 'event.original' check to avoid errors if set.
Expand Down
170 changes: 67 additions & 103 deletions packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-log.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,13 +80,6 @@
"connection"
]
},
"host": {
"domain": "test.com",
"ip": [
"172.28.43.169"
],
"name": "057182593757.test.com"
},
"log": {
"file": {
"path": "DhcpSrvLog-Thu.txt"
Expand All @@ -101,6 +94,11 @@
"transaction_id": "0"
}
},
"source": {
"address": "057182593757.test.com",
"domain": "057182593757.test.com",
"ip": "172.28.43.169"
},
"tags": [
"preserve_original_event"
]
Expand All @@ -125,13 +123,6 @@
"connection"
]
},
"host": {
"domain": "test.com",
"ip": [
"172.28.53.173"
],
"name": "1-07.test.com"
},
"log": {
"file": {
"path": "DhcpSrvLog-Thu.txt"
Expand All @@ -146,6 +137,11 @@
"transaction_id": "0"
}
},
"source": {
"address": "1-07.test.com",
"domain": "1-07.test.com",
"ip": "172.28.53.173"
},
"tags": [
"preserve_original_event"
]
Expand All @@ -170,13 +166,6 @@
"connection"
]
},
"host": {
"domain": "test.com",
"ip": [
"172.28.53.36"
],
"name": "3-07.test.com"
},
"log": {
"file": {
"path": "DhcpSrvLog-Thu.txt"
Expand All @@ -191,6 +180,11 @@
"transaction_id": "0"
}
},
"source": {
"address": "3-07.test.com",
"domain": "3-07.test.com",
"ip": "172.28.53.36"
},
"tags": [
"preserve_original_event"
]
Expand All @@ -215,15 +209,6 @@
"denied"
]
},
"host": {
"id": "76691ED45C90",
"ip": [
"172.28.52.0"
],
"mac": [
"76-69-1E-D4-5C-90"
]
},
"log": {
"file": {
"path": "DhcpSrvLog-Thu.txt"
Expand All @@ -238,6 +223,10 @@
"transaction_id": "0"
}
},
"source": {
"ip": "172.28.52.0",
"mac": "76-69-1E-D4-5C-90"
},
"tags": [
"preserve_original_event"
]
Expand All @@ -262,13 +251,6 @@
"connection"
]
},
"host": {
"domain": "test.com",
"ip": [
"172.28.43.159"
],
"name": "035856103966.test.com"
},
"log": {
"file": {
"path": "DhcpSrvLog-Thu.txt"
Expand All @@ -283,6 +265,11 @@
"transaction_id": "0"
}
},
"source": {
"address": "035856103966.test.com",
"domain": "035856103966.test.com",
"ip": "172.28.43.159"
},
"tags": [
"preserve_original_event"
]
Expand All @@ -307,13 +294,6 @@
"connection"
]
},
"host": {
"domain": "test.com",
"ip": [
"172.28.40.35"
],
"name": "001100581357.test.com"
},
"log": {
"file": {
"path": "DhcpSrvLog-Thu.txt"
Expand All @@ -328,6 +308,11 @@
"transaction_id": "0"
}
},
"source": {
"address": "001100581357.test.com",
"domain": "001100581357.test.com",
"ip": "172.28.40.35"
},
"tags": [
"preserve_original_event"
]
Expand All @@ -353,23 +338,18 @@
"denied"
]
},
"host": {
"domain": "test.com",
"id": "000000000000",
"ip": [
"192.168.2.1"
],
"mac": [
"00-00-00-00-00-00"
],
"name": "host.test.com"
},
"log": {
"file": {
"path": "DhcpSrvLog-Thu.txt"
}
},
"message": "DNS update request failed",
"source": {
"address": "host.test.com",
"domain": "host.test.com",
"ip": "192.168.2.1",
"mac": "00-00-00-00-00-00"
},
"tags": [
"preserve_original_event"
]
Expand All @@ -395,17 +375,6 @@
"connection"
]
},
"host": {
"domain": "test.com",
"id": "000000000000",
"ip": [
"192.168.2.10"
],
"mac": [
"00-00-00-00-00-00"
],
"name": "host.test.com"
},
"log": {
"file": {
"path": "DhcpSrvLog-Thu.txt"
Expand All @@ -419,6 +388,12 @@
"transaction_id": "17739"
}
},
"source": {
"address": "host.test.com",
"domain": "host.test.com",
"ip": "192.168.2.10",
"mac": "00-00-00-00-00-00"
},
"tags": [
"preserve_original_event"
]
Expand All @@ -444,17 +419,6 @@
"connection"
]
},
"host": {
"domain": "test.com",
"id": "000000000000",
"ip": [
"192.168.2.20"
],
"mac": [
"00-00-00-00-00-00"
],
"name": "host.test.com"
},
"log": {
"file": {
"path": "DhcpSrvLog-Thu.txt"
Expand All @@ -473,6 +437,12 @@
}
}
},
"source": {
"address": "host.test.com",
"domain": "host.test.com",
"ip": "192.168.2.20",
"mac": "00-00-00-00-00-00"
},
"tags": [
"preserve_original_event"
]
Expand Down Expand Up @@ -535,13 +505,6 @@
"connection"
]
},
"host": {
"domain": "test.com",
"ip": [
"10.10.10.10"
],
"name": "hostname.test.com"
},
"log": {
"file": {
"path": "DhcpSrvLog-Thu.txt"
Expand All @@ -556,6 +519,11 @@
"transaction_id": "0"
}
},
"source": {
"address": "hostname.test.com",
"domain": "hostname.test.com",
"ip": "10.10.10.10"
},
"tags": [
"preserve_original_event"
]
Expand All @@ -580,11 +548,6 @@
"connection"
]
},
"host": {
"ip": [
"67.43.156.15"
]
},
"log": {
"file": {
"path": "DhcpSrvLog-Thu.txt"
Expand All @@ -599,6 +562,9 @@
"transaction_id": "0"
}
},
"source": {
"ip": "67.43.156.15"
},
"tags": [
"preserve_original_event"
]
Expand All @@ -625,16 +591,16 @@
"connection"
]
},
"host": {
"domain": "local",
"name": "domain.local"
},
"log": {
"file": {
"path": "DhcpSrvLog-Thu.txt"
}
},
"message": "Authorized(servicing)",
"source": {
"address": "domain.local",
"domain": "domain.local"
},
"tags": [
"preserve_original_event"
]
Expand All @@ -660,16 +626,16 @@
"connection"
]
},
"host": {
"domain": "local",
"name": "domain.local"
},
"log": {
"file": {
"path": "DhcpSrvLog-Thu.txt"
}
},
"message": "No DC is DS Enabled",
"source": {
"address": "domain.local",
"domain": "domain.local"
},
"tags": [
"preserve_original_event"
]
Expand Down Expand Up @@ -726,12 +692,6 @@
"connection"
]
},
"host": {
"id": "653445372C132434342A381337302B566C616D31",
"ip": [
"192.168.10.40"
]
},
"log": {
"file": {
"path": "DhcpSrvLog-Thu.txt"
Expand All @@ -751,6 +711,10 @@
}
}
},
"source": {
"ip": "192.168.10.40",
"mac": "65-34-45-37-2C-13-24-34-34-2A-38-13-37-30-2B-56-6C-61-6D-31"
},
"tags": [
"preserve_original_event"
]
Expand Down
Loading

0 comments on commit 31da033

Please sign in to comment.