diff --git a/packages/citrix_adc/changelog.yml b/packages/citrix_adc/changelog.yml index 686592f18d2..1e52946b455 100644 --- a/packages/citrix_adc/changelog.yml +++ b/packages/citrix_adc/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.18.5" + changes: + - description: Fix parsing of Source/Destination IP, port, and byte counts for TCP CONN_TERMINATE events with trailing whitespace. + type: bugfix + link: https://github.com/elastic/integrations/pull/18438 - version: "1.18.4" changes: - description: "Add parsing for APPFW native messages with IP-based format" diff --git a/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-native-config-time.json-expected.json b/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-native-config-time.json-expected.json index d06d67d0d83..7b64b5df4b0 100644 --- a/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-native-config-time.json-expected.json +++ b/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-native-config-time.json-expected.json @@ -15,9 +15,26 @@ }, "citrix_adc": { "log": { - "message": "Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 10/08/2024:09:37:54 - End Time 10/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 " + "destination": { + "ip": "127.1.1.2", + "port": 20714 + }, + "end_time": "2024-10-08T09:38:41.000-04:00", + "message": "Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 10/08/2024:09:37:54 - End Time 10/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 ", + "source": { + "ip": "127.1.2.1", + "port": 80 + }, + "start_time": "2024-10-08T09:37:54.000-04:00", + "total_bytes_received": 1, + "total_bytes_send": 1 } }, + "destination": { + "bytes": 1, + "ip": "127.1.1.2", + "port": 20714 + }, "ecs": { "version": "8.11.0" }, @@ -25,10 +42,13 @@ "category": [ "network" ], + "duration": 47000000000, + "end": "2024-10-08T09:38:41.000-04:00", "id": "6715345", "kind": "event", "original": "<123> 10/08/2024:09:38:41 SYSLOGHOST 0-PPE-1 : default TCP CONN_TERMINATE 6715345 0 : Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 10/08/2024:09:37:54 - End Time 10/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 ", "severity": 0, + "start": "2024-10-08T09:37:54.000-04:00", "timezone": "America/New_York", "type": [ "end", @@ -41,6 +61,17 @@ "type": "firewall", "vendor": "Citrix" }, + "related": { + "ip": [ + "127.1.2.1", + "127.1.1.2" + ] + }, + "source": { + "bytes": 1, + "ip": "127.1.2.1", + "port": 80 + }, "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" @@ -61,9 +92,26 @@ }, "citrix_adc": { "log": { - "message": "Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 10/08/2024:09:37:54 - End Time 10/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 " + "destination": { + "ip": "127.1.1.2", + "port": 20714 + }, + "end_time": "2024-10-08T09:38:41.000-04:00", + "message": "Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 10/08/2024:09:37:54 - End Time 10/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 ", + "source": { + "ip": "127.1.2.1", + "port": 80 + }, + "start_time": "2024-10-08T09:37:54.000-04:00", + "total_bytes_received": 1, + "total_bytes_send": 1 } }, + "destination": { + "bytes": 1, + "ip": "127.1.1.2", + "port": 20714 + }, "ecs": { "version": "8.11.0" }, @@ -71,10 +119,13 @@ "category": [ "network" ], + "duration": 47000000000, + "end": "2024-10-08T09:38:41.000-04:00", "id": "6715345", "kind": "event", "original": "<123> 10/08/2024:09:38:41 SYSLOGHOST 0-PPE-1 : default TCP CONN_TERMINATE 6715345 0 : Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 10/08/2024:09:37:54 - End Time 10/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 ", "severity": 0, + "start": "2024-10-08T09:37:54.000-04:00", "timezone": "America/New_York", "type": [ "end", @@ -87,6 +138,17 @@ "type": "firewall", "vendor": "Citrix" }, + "related": { + "ip": [ + "127.1.2.1", + "127.1.1.2" + ] + }, + "source": { + "bytes": 1, + "ip": "127.1.2.1", + "port": 80 + }, "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" diff --git a/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-native-local-time.json-expected.json b/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-native-local-time.json-expected.json index 19261a43ad8..52d23612fda 100644 --- a/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-native-local-time.json-expected.json +++ b/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-native-local-time.json-expected.json @@ -15,9 +15,26 @@ }, "citrix_adc": { "log": { - "message": "Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 10/08/2024:09:37:54 - End Time 10/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 " + "destination": { + "ip": "127.1.1.2", + "port": 20714 + }, + "end_time": "2024-10-08T09:38:41.000-07:00", + "message": "Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 10/08/2024:09:37:54 - End Time 10/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 ", + "source": { + "ip": "127.1.2.1", + "port": 80 + }, + "start_time": "2024-10-08T09:37:54.000-07:00", + "total_bytes_received": 1, + "total_bytes_send": 1 } }, + "destination": { + "bytes": 1, + "ip": "127.1.1.2", + "port": 20714 + }, "ecs": { "version": "8.11.0" }, @@ -25,10 +42,13 @@ "category": [ "network" ], + "duration": 47000000000, + "end": "2024-10-08T09:38:41.000-07:00", "id": "6715345", "kind": "event", "original": "<123> 10/08/2024:09:38:41 SYSLOGHOST 0-PPE-1 : default TCP CONN_TERMINATE 6715345 0 : Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 10/08/2024:09:37:54 - End Time 10/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 ", "severity": 0, + "start": "2024-10-08T09:37:54.000-07:00", "timezone": "-07:00", "type": [ "end", @@ -41,6 +61,17 @@ "type": "firewall", "vendor": "Citrix" }, + "related": { + "ip": [ + "127.1.2.1", + "127.1.1.2" + ] + }, + "source": { + "bytes": 1, + "ip": "127.1.2.1", + "port": 80 + }, "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" diff --git a/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-native-with-delink.json-expected.json b/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-native-with-delink.json-expected.json index c6983a66aa5..006916b23b2 100644 --- a/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-native-with-delink.json-expected.json +++ b/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-native-with-delink.json-expected.json @@ -15,9 +15,26 @@ }, "citrix_adc": { "log": { - "message": "Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 10/08/2024:09:37:54 - End Time 10/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 " + "destination": { + "ip": "127.1.1.2", + "port": 20714 + }, + "end_time": "2024-08-10T09:38:41.000Z", + "message": "Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 10/08/2024:09:37:54 - End Time 10/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 ", + "source": { + "ip": "127.1.2.1", + "port": 80 + }, + "start_time": "2024-08-10T09:37:54.000Z", + "total_bytes_received": 1, + "total_bytes_send": 1 } }, + "destination": { + "bytes": 1, + "ip": "127.1.1.2", + "port": 20714 + }, "ecs": { "version": "8.11.0" }, @@ -25,10 +42,13 @@ "category": [ "network" ], + "duration": 47000000000, + "end": "2024-08-10T09:38:41.000Z", "id": "6715345", "kind": "event", "original": "<123> 10/08/2024:09:38:41 SYSLOGHOST 0-PPE-1 : default TCP CONN_TERMINATE 6715345 0 : Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 10/08/2024:09:37:54 - End Time 10/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 ", "severity": 0, + "start": "2024-08-10T09:37:54.000Z", "timezone": "UTC", "type": [ "end", @@ -41,6 +61,17 @@ "type": "firewall", "vendor": "Citrix" }, + "related": { + "ip": [ + "127.1.2.1", + "127.1.1.2" + ] + }, + "source": { + "bytes": 1, + "ip": "127.1.2.1", + "port": 80 + }, "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" @@ -152,9 +183,26 @@ }, "citrix_adc": { "log": { - "message": "Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 21/08/2024:09:37:54 - End Time 21/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 " + "destination": { + "ip": "127.1.1.2", + "port": 20714 + }, + "end_time": "2024-08-21T09:38:41.000Z", + "message": "Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 21/08/2024:09:37:54 - End Time 21/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 ", + "source": { + "ip": "127.1.2.1", + "port": 80 + }, + "start_time": "2024-08-21T09:37:54.000Z", + "total_bytes_received": 1, + "total_bytes_send": 1 } }, + "destination": { + "bytes": 1, + "ip": "127.1.1.2", + "port": 20714 + }, "ecs": { "version": "8.11.0" }, @@ -162,10 +210,13 @@ "category": [ "network" ], + "duration": 47000000000, + "end": "2024-08-21T09:38:41.000Z", "id": "6715345", "kind": "event", "original": "<123> 21/08/2024:09:38:41 SYSLOGHOST 0-PPE-1 : default TCP CONN_TERMINATE 6715345 0 : Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 21/08/2024:09:37:54 - End Time 21/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 ", "severity": 0, + "start": "2024-08-21T09:37:54.000Z", "timezone": "UTC", "type": [ "end", @@ -178,6 +229,17 @@ "type": "firewall", "vendor": "Citrix" }, + "related": { + "ip": [ + "127.1.2.1", + "127.1.1.2" + ] + }, + "source": { + "bytes": 1, + "ip": "127.1.2.1", + "port": 80 + }, "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" diff --git a/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-native.json-expected.json b/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-native.json-expected.json index 3943f089637..b027a2dd993 100644 --- a/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-native.json-expected.json +++ b/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-native.json-expected.json @@ -106,9 +106,26 @@ }, "citrix_adc": { "log": { - "message": "Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 10/08/2024:09:37:54 - End Time 10/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 " + "destination": { + "ip": "127.1.1.2", + "port": 20714 + }, + "end_time": "2024-08-10T09:38:41.000Z", + "message": "Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 10/08/2024:09:37:54 - End Time 10/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 ", + "source": { + "ip": "127.1.2.1", + "port": 80 + }, + "start_time": "2024-08-10T09:37:54.000Z", + "total_bytes_received": 1, + "total_bytes_send": 1 } }, + "destination": { + "bytes": 1, + "ip": "127.1.1.2", + "port": 20714 + }, "ecs": { "version": "8.11.0" }, @@ -116,10 +133,13 @@ "category": [ "network" ], + "duration": 47000000000, + "end": "2024-08-10T09:38:41.000Z", "id": "6715345", "kind": "event", "original": "<123> 10/08/2024:09:38:41 SYSLOGHOST 0-PPE-1 : default TCP CONN_TERMINATE 6715345 0 : Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 10/08/2024:09:37:54 - End Time 10/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 ", "severity": 0, + "start": "2024-08-10T09:37:54.000Z", "timezone": "UTC", "type": [ "end", @@ -132,6 +152,17 @@ "type": "firewall", "vendor": "Citrix" }, + "related": { + "ip": [ + "127.1.2.1", + "127.1.1.2" + ] + }, + "source": { + "bytes": 1, + "ip": "127.1.2.1", + "port": 80 + }, "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" @@ -152,9 +183,26 @@ }, "citrix_adc": { "log": { - "message": "Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 21/08/2024:09:37:54 - End Time 21/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 " + "destination": { + "ip": "127.1.1.2", + "port": 20714 + }, + "end_time": "2024-08-21T09:38:41.000Z", + "message": "Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 21/08/2024:09:37:54 - End Time 21/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 ", + "source": { + "ip": "127.1.2.1", + "port": 80 + }, + "start_time": "2024-08-21T09:37:54.000Z", + "total_bytes_received": 1, + "total_bytes_send": 1 } }, + "destination": { + "bytes": 1, + "ip": "127.1.1.2", + "port": 20714 + }, "ecs": { "version": "8.11.0" }, @@ -162,10 +210,13 @@ "category": [ "network" ], + "duration": 47000000000, + "end": "2024-08-21T09:38:41.000Z", "id": "6715345", "kind": "event", "original": "<123> 21/08/2024:09:38:41 SYSLOGHOST 0-PPE-1 : default TCP CONN_TERMINATE 6715345 0 : Source 127.1.2.1:80 - Destination 127.1.1.2:20714 - Start Time 21/08/2024:09:37:54 - End Time 21/08/2024:09:38:41 - Total_bytes_send 1 - Total_bytes_recv 1 ", "severity": 0, + "start": "2024-08-21T09:37:54.000Z", "timezone": "UTC", "type": [ "end", @@ -178,6 +229,17 @@ "type": "firewall", "vendor": "Citrix" }, + "related": { + "ip": [ + "127.1.2.1", + "127.1.1.2" + ] + }, + "source": { + "bytes": 1, + "ip": "127.1.2.1", + "port": 80 + }, "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" diff --git a/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-waf-native.log b/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-waf-native.log index 35c12b492a5..5f6833b53a2 100644 --- a/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-waf-native.log +++ b/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-waf-native.log @@ -110,3 +110,4 @@ Jun 22 19:14:37 81.2.69.144 06/22/2015:19:14:37 GMT ns 0-PPE-1 : S Jun 22 19:14:37 81.2.69.144 06/22/2015:19:14:37 GMT ns 0-PPE-1 : SSLVPN HTTPREQUEST 152923587 0 : Context user.name@81.2.69.145 - SessionId: 1756710 - [TECHSUPPORT][ENUMERATION] citrix.example.com User user.name : Group(s) N/A : Vserver 81.2.69.143:443 - 07/12/2024:06:54:39 GMT : Message = SSO is OFF : POST /TEST/.test - - Jun 22 19:14:37 81.2.69.144 06/22/2015:19:14:37 GMT ns 0-PPE-1 : SSLVPN TCPCONN_TIMEDOUT 152923587 0 : User user.name@citrix.example.com - Client_ip 81.2.69.143 - Nat_ip 89.160.20.129 - Vserver 67.43.156.1:443 - Last_contact "07/12/2024:06:54:39 GMT" - Group(s) "group1,group2" Jun 22 19:14:37 81.2.69.144 06/22/2015:19:14:37 GMT ns 0-PPE-1 : SSLVPN TCPCONN_TIMEDOUT 152923587 0 : Context user.name@citrix.example.com@81.2.69.143 - SessionId: 15366 - User user.name@citrix.example.com - Client_ip 81.2.69.143 - Nat_ip 89.160.20.129 - Vserver 67.43.156.1:443 - Last_contact "07/12/2024:06:54:39 GMT" - Group(s) "group1,group2" +<134> 02/15/2026:08:00:00 GMT TEST-NS01 0-PPE-2 : default TCP CONN_TERMINATE 12345678 0 : Source 198.51.100.1:29780 - Destination 203.0.113.10:443 - Start Time 02/15/2026:08:00:00 GMT - End Time 02/15/2026:08:00:00 GMT - Total_bytes_send 1024 - Total_bytes_recv 2048 diff --git a/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-waf-native.log-expected.json b/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-waf-native.log-expected.json index 53b89761f87..d8d88e68b6d 100644 --- a/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-waf-native.log-expected.json +++ b/packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-waf-native.log-expected.json @@ -9243,6 +9243,103 @@ "email": "user.name@citrix.example.com", "name": "user.name" } + }, + { + "@timestamp": "2026-02-15T08:00:00.000Z", + "citrix": { + "cef_format": false, + "default_class": true, + "detail": "<134> 02/15/2026:08:00:00 GMT TEST-NS01 0-PPE-2 : default TCP CONN_TERMINATE 12345678 0 : Source 198.51.100.1:29780 - Destination 203.0.113.10:443 - Start Time 02/15/2026:08:00:00 GMT - End Time 02/15/2026:08:00:00 GMT - Total_bytes_send 1024 - Total_bytes_recv 2048 ", + "device_event_class_id": "TCP", + "extended": { + "message": "Source 198.51.100.1:29780 - Destination 203.0.113.10:443 - Start Time 02/15/2026:08:00:00 GMT - End Time 02/15/2026:08:00:00 GMT - Total_bytes_send 1024 - Total_bytes_recv 2048 " + }, + "host": "TEST-NS01", + "name": "CONN_TERMINATE" + }, + "citrix_adc": { + "log": { + "destination": { + "ip": "203.0.113.10", + "port": 443 + }, + "end_time": "2026-02-15T08:00:00.000Z", + "end_time_timezone": "GMT", + "message": "Source 198.51.100.1:29780 - Destination 203.0.113.10:443 - Start Time 02/15/2026:08:00:00 GMT - End Time 02/15/2026:08:00:00 GMT - Total_bytes_send 1024 - Total_bytes_recv 2048 ", + "source": { + "ip": "198.51.100.1", + "port": 29780 + }, + "start_time": "2026-02-15T08:00:00.000Z", + "start_time_timezone": "GMT", + "total_bytes_received": 2048, + "total_bytes_send": 1024 + } + }, + "destination": { + "bytes": 2048, + "ip": "203.0.113.10", + "port": 443 + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "category": [ + "network" + ], + "duration": 0, + "end": "2026-02-15T08:00:00.000Z", + "id": "12345678", + "kind": "event", + "original": "<134> 02/15/2026:08:00:00 GMT TEST-NS01 0-PPE-2 : default TCP CONN_TERMINATE 12345678 0 : Source 198.51.100.1:29780 - Destination 203.0.113.10:443 - Start Time 02/15/2026:08:00:00 GMT - End Time 02/15/2026:08:00:00 GMT - Total_bytes_send 1024 - Total_bytes_recv 2048 ", + "severity": 0, + "start": "2026-02-15T08:00:00.000Z", + "timezone": "GMT", + "type": [ + "end", + "connection" + ] + }, + "observer": { + "hostname": "TEST-NS01", + "product": "Netscaler", + "type": "firewall", + "vendor": "Citrix" + }, + "related": { + "ip": [ + "198.51.100.1", + "203.0.113.10" + ] + }, + "source": { + "as": { + "number": 64501, + "organization": { + "name": "Documentation ASN" + } + }, + "bytes": 1024, + "geo": { + "city_name": "Amsterdam", + "continent_name": "Europe", + "country_iso_code": "NL", + "country_name": "Netherlands", + "location": { + "lat": 52.37404, + "lon": 4.88969 + }, + "region_iso_code": "NL-NH", + "region_name": "North Holland" + }, + "ip": "198.51.100.1", + "port": 29780 + }, + "tags": [ + "preserve_original_event", + "preserve_duplicate_custom_fields" + ] } ] } diff --git a/packages/citrix_adc/data_stream/log/elasticsearch/ingest_pipeline/tcp_and_acl_feature.yml b/packages/citrix_adc/data_stream/log/elasticsearch/ingest_pipeline/tcp_and_acl_feature.yml index d00855ea2a4..824b5b9e90e 100644 --- a/packages/citrix_adc/data_stream/log/elasticsearch/ingest_pipeline/tcp_and_acl_feature.yml +++ b/packages/citrix_adc/data_stream/log/elasticsearch/ingest_pipeline/tcp_and_acl_feature.yml @@ -6,11 +6,11 @@ processors: tag: grok_tcp_and_acl_feature field: citrix.extended.message patterns: - - '^Source %{IP:citrix_adc.log.source.ip}:%{INT:citrix_adc.log.source.port} - Vserver %{IP:citrix_adc.log.vserver.ip}:%{INT:citrix_adc.log.vserver.port} - NatIP %{IP:citrix_adc.log.nat.ip}:%{INT:citrix_adc.log.nat.port} - Destination %{IP:citrix_adc.log.destination.ip}:%{INT:citrix_adc.log.destination.port} - Delink Time %{DATA:_tmp.delink_time}(?: %{DATA:citrix_adc.log.delink_timezone})? - Total_bytes_send %{INT:citrix_adc.log.total_bytes_send:long} - Total_bytes_recv %{INT:citrix_adc.log.total_bytes_received:long}$' - - '^Source %{IP:citrix_adc.log.source.ip}:%{INT:citrix_adc.log.source.port} - Vserver %{IP:citrix_adc.log.vserver.ip}:%{INT:citrix_adc.log.vserver.port} - NatIP %{IP:citrix_adc.log.nat.ip}:%{INT:citrix_adc.log.nat.port} - Destination %{IP:citrix_adc.log.destination.ip}:%{INT:citrix_adc.log.destination.port} - Delink Time %{DATA:_tmp.delink_time}(?: %{DATA:citrix_adc.log.delink_timezone})? Total_bytes_send %{INT:citrix_adc.log.total_bytes_send:long} - Total_bytes_recv %{INT:citrix_adc.log.total_bytes_received:long}$' - - '^Source %{IP:citrix_adc.log.source.ip}:%{INT:citrix_adc.log.source.port} - Destination %{IP:citrix_adc.log.destination.ip}:%{INT:citrix_adc.log.destination.port} - Start Time %{DATA:_tmp.start_time}(?: %{DATA:citrix_adc.log.start_time_timezone})? - End Time %{DATA:_tmp.end_time}(?: %{DATA:citrix_adc.log.end_time_timezone})? - Total_bytes_send %{INT:citrix_adc.log.total_bytes_send:long} - Total_bytes_recv %{INT:citrix_adc.log.total_bytes_received:long}$' + - '^Source %{IP:citrix_adc.log.source.ip}:%{INT:citrix_adc.log.source.port} - Vserver %{IP:citrix_adc.log.vserver.ip}:%{INT:citrix_adc.log.vserver.port} - NatIP %{IP:citrix_adc.log.nat.ip}:%{INT:citrix_adc.log.nat.port} - Destination %{IP:citrix_adc.log.destination.ip}:%{INT:citrix_adc.log.destination.port} - Delink Time %{DATA:_tmp.delink_time}(?: %{DATA:citrix_adc.log.delink_timezone})? - Total_bytes_send %{INT:citrix_adc.log.total_bytes_send:long} - Total_bytes_recv %{INT:citrix_adc.log.total_bytes_received:long}%{SPACE}$' + - '^Source %{IP:citrix_adc.log.source.ip}:%{INT:citrix_adc.log.source.port} - Vserver %{IP:citrix_adc.log.vserver.ip}:%{INT:citrix_adc.log.vserver.port} - NatIP %{IP:citrix_adc.log.nat.ip}:%{INT:citrix_adc.log.nat.port} - Destination %{IP:citrix_adc.log.destination.ip}:%{INT:citrix_adc.log.destination.port} - Delink Time %{DATA:_tmp.delink_time}(?: %{DATA:citrix_adc.log.delink_timezone})? Total_bytes_send %{INT:citrix_adc.log.total_bytes_send:long} - Total_bytes_recv %{INT:citrix_adc.log.total_bytes_received:long}%{SPACE}$' + - '^Source %{IP:citrix_adc.log.source.ip}:%{INT:citrix_adc.log.source.port} - Destination %{IP:citrix_adc.log.destination.ip}:%{INT:citrix_adc.log.destination.port} - Start Time %{DATA:_tmp.start_time}(?: %{DATA:citrix_adc.log.start_time_timezone})? - End Time %{DATA:_tmp.end_time}(?: %{DATA:citrix_adc.log.end_time_timezone})? - Total_bytes_send %{INT:citrix_adc.log.total_bytes_send:long} - Total_bytes_recv %{INT:citrix_adc.log.total_bytes_received:long}%{SPACE}$' - '^Source %{IP:citrix_adc.log.source.ip}:%{INT:citrix_adc.log.source.port} - Destination %{IP:citrix_adc.log.original_destination.ip}:%{INT:citrix_adc.log.original_destination.port} - NatIP %{IP:citrix_adc.log.nat.ip}:%{INT:citrix_adc.log.nat.port} - Destination %{IP:citrix_adc.log.translated_destination.ip}:%{INT:citrix_adc.log.translated_destination.port} - Start Time %{DATA:_tmp.start_time}(?: %{DATA:citrix_adc.log.start_time_timezone})? - Delink Time %{DATA:_tmp.delink_time}(?: %{DATA:citrix_adc.log.delink_timezone})? - Total_bytes_send %{INT:citrix_adc.log.total_bytes_send:long} - Total_bytes_recv %{INT:citrix_adc.log.total_bytes_received:long} - Closure%{SPACE}Reason %{GREEDYDATA:citrix_adc.log.closure_reason}$' - - '^Source %{IP:citrix_adc.log.source.ip} --> Destination %{IP:citrix_adc.log.destination.ip} - Protocol %{WORD:citrix_adc.log.protocol} - Type %{INT:citrix_adc.log.type} - Code %{INT:citrix_adc.log.code} - Time%{SPACE}Stamp %{DATA:citrix_adc.log.timestamp}%{SPACE}\(ms\) - Hitcount %{INT:citrix_adc.log.hit.count:int} - Hit%{SPACE}Rule %{GREEDYDATA:citrix_adc.log.hit.rule} - Action %{WORD:citrix_adc.log.action} - Data$' + - '^Source %{IP:citrix_adc.log.source.ip} --> Destination %{IP:citrix_adc.log.destination.ip} - Protocol %{WORD:citrix_adc.log.protocol} - Type %{INT:citrix_adc.log.type} - Code %{INT:citrix_adc.log.code} - Time%{SPACE}Stamp %{DATA:citrix_adc.log.timestamp}%{SPACE}\(ms\) - Hitcount %{INT:citrix_adc.log.hit.count:int} - Hit%{SPACE}Rule %{GREEDYDATA:citrix_adc.log.hit.rule} - Action %{WORD:citrix_adc.log.action} - Data%{SPACE}$' - '%{GREEDYDATA:citrix_adc.log.message}' ignore_failure: true - date: diff --git a/packages/citrix_adc/manifest.yml b/packages/citrix_adc/manifest.yml index aa42fc3de17..fb7e5a346c7 100644 --- a/packages/citrix_adc/manifest.yml +++ b/packages/citrix_adc/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: citrix_adc title: Citrix ADC -version: "1.18.4" +version: "1.18.5" description: This Elastic integration collects logs and metrics from Citrix ADC product. type: integration categories: