[ProxySG] Support 'bcreportermain_v1', 'bcreporterssl_v1', and 'ssl' formats #11609
Conversation
Add support for 'bcreportermain_v1' and 'ssl' log formats to the proxysg integration.
mjwolf
added
enhancement
… into proxysg-more-formats
andrewkroh
added
the
Team:Security-Deployment and Devices
|
Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices) |
🚀 Benchmarks reportTo see the full report comment with |
mjwolf
changed the title
mjwolf
changed the title
|
I'm still looking through this, but had one question (apologies in advance if I already asked this on the first proxysg review). With regard to the access log format, is it expected that the stream of events we receive will only be in one format? Would we ever need to detect which format it is and handle accordingly? |
packages/proxysg/data_stream/log/elasticsearch/ingest_pipeline/bcreportermain_v1.yml
Outdated
Show resolved
Hide resolved
💚 Build Succeeded
History
|
|
Yes, the logs stream will only send the single configured format. Since the log format is basically CSV, with no key names, I think it would be very difficult to automatically detect the format being used. A lot of them are similar, with a few differences that would be difficult to detect. I think any automatic detection would be unreliable, so instead the user will have to set up the log format in the input config ahead of time. |
|
Package proxysg - 0.2.0 containing this change is available at https://epr.elastic.co/search?package=proxysg |
…formats (elastic#11609) In the ProxySG integration, add support for 'bcreportermain_v1', 'bcreporterssl_v1', and 'ssl' log formats. These formats are defined here: https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/edge-swg/7-3/getting-started/page-help-administration/page-help-logging/log-formats/default-formats.html As it's not possible to automatically detect what log format is being used, users of the integration will need to select the log format to be processed beforehand when setting up the input (this selector dropdown already exists, but previously only had one option).
…formats (elastic#11609) In the ProxySG integration, add support for 'bcreportermain_v1', 'bcreporterssl_v1', and 'ssl' log formats. These formats are defined here: https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/edge-swg/7-3/getting-started/page-help-administration/page-help-logging/log-formats/default-formats.html As it's not possible to automatically detect what log format is being used, users of the integration will need to select the log format to be processed beforehand when setting up the input (this selector dropdown already exists, but previously only had one option).
4 participants
Proposed commit message
In the ProxySG integration, add support for 'bcreportermain_v1', 'bcreporterssl_v1', and 'ssl' log formats. These formats are defined here: https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/edge-swg/7-3/getting-started/page-help-administration/page-help-logging/log-formats/default-formats.html
As it's not possible to automatically detect what log format is being used, users of the integration will need to select the log format to be processed beforehand when setting up the input (this selector dropdown already exists, but previously only had one option).
Checklist
changelog.ymlfile.