[Watchguard Firebox] Added optional cluster member info (#10795)

elastic · Aug 19, 2024 · b599cea · b599cea
1 parent 47dc697
commit b599cea
Show file tree

Hide file tree

Showing 7 changed files with 397 additions and 3 deletions.
diff --git a/packages/watchguard_firebox/changelog.yml b/packages/watchguard_firebox/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.1.2"
+  changes:
+    - description: Add optional cluster member information
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/10795
 - version: "0.1.1"
   changes:
     - description: Add date format pattern to parse syslog timestamp.

diff --git a/packages/watchguard_firebox/data_stream/log/_dev/test/pipeline/test-traffic.log b/packages/watchguard_firebox/data_stream/log/_dev/test/pipeline/test-traffic.log
@@ -211,4 +211,7 @@
 <142>May 12 15:19:05 WatchGuard-Firebox FVE6035FD3AE3 (2024-05-10T09:49:05) firewall[10]: msg_id="2DFF-0004" Allow 1-Trusted 0-External tcp 10.0.1.2 81.2.69.144 53246 80 msg="ProxyReplace: IP protocol" proxy_act="TCP-UDP-Proxy.1" rule_name="HTTP-Client.1" new_action="HTTP-Client.1" (TCP-UDP-proxy-00)
 <142>May 12 15:19:05 WatchGuard-Firebox FVE6035FD3AE3 (2024-05-10T09:49:05) firewall[10]: msg_id="2DFF-0005" Allow 1-Trusted 0-External udp 10.0.1.3 81.2.69.192 63690 53 msg="ProxyAllow: IP App match" proxy_act="TCP-UDP-Proxy.1" app_cat_name="Network Management" app_cat_id="9" app_name="DNS" app_id="61" app_beh_name="access" app_beh_id="6" sig_vers="18.001" (TCP-UDP-proxy-00)
 <142>May 12 15:19:05 WatchGuard-Firebox FVE6035FD3AE3 (2024-05-10T09:49:05) firewall[10]: msg_id="2DFF-0006" Allow 1-Trusted 0-External tcp 10.0.1.2 67.43.156.0 60180 23 msg="ProxyAllow: IP DNSWatch blackholed domain" proxy_act="TCPUDP-Proxy.Standard.1" Protocol="telnet" geo_dst="USA" (TCP-UDPproxy-00)
-<142>May 12 15:19:05 WatchGuard-Firebox FVE6035FD3AE3 (2024-05-10T09:49:05) firewall[10]: msg_id="2DFF-0007" Deny 1-Trusted 0-External tcp 10.0.1.2 67.43.156.0 60180 23 msg="ProxyAllow: IP DNSWatch content filtered domain" proxy_act="TCP-UDP-Proxy.Standard.1" Protocol="telnet" geo_dst="USA" (TCP-UDP-proxy-002)
+<142>May 12 15:19:05 WatchGuard-Firebox FVE6035FD3AE3 (2024-05-10T09:49:05) firewall[10]: msg_id="2DFF-0007" Deny 1-Trusted 0-External tcp 10.0.1.2 67.43.156.0 60180 23 msg="ProxyAllow: IP DNSWatch content filtered domain" proxy_act="TCP-UDP-Proxy.Standard.1" Protocol="telnet" geo_dst="USA" (TCP-UDP-proxy-002)
+<142>May 12 15:19:05 WatchGuard-Firebox FVE6035FD3AE3 Member2 (2024-05-10T09:49:05) firewall[10]: msg_id="2DFF-0005" Allow 1-Trusted 0-External udp 10.0.1.3 81.2.69.192 63690 53 msg="ProxyAllow: IP App match" proxy_act="TCP-UDP-Proxy.1" app_cat_name="Network Management" app_cat_id="9" app_name="DNS" app_id="61" app_beh_name="access" app_beh_id="6" sig_vers="18.001" (TCP-UDP-proxy-00)
+<142>May 12 15:19:05 WatchGuard-Firebox FVE6035FD3AE3 Member2 (2024-05-10T09:49:05) firewall[10]: msg_id="2DFF-0006" Allow 1-Trusted 0-External tcp 10.0.1.2 67.43.156.0 60180 23 msg="ProxyAllow: IP DNSWatch blackholed domain" proxy_act="TCPUDP-Proxy.Standard.1" Protocol="telnet" geo_dst="USA" (TCP-UDPproxy-00)
+<142>May 12 15:19:05 WatchGuard-Firebox FVE6035FD3AE3 Member2 (2024-05-10T09:49:05) firewall[10]: msg_id="2DFF-0007" Deny 1-Trusted 0-External tcp 10.0.1.2 67.43.156.0 60180 23 msg="ProxyAllow: IP DNSWatch content filtered domain" proxy_act="TCP-UDP-Proxy.Standard.1" Protocol="telnet" geo_dst="USA" (TCP-UDP-proxy-002)