Skip to content

Commit

Permalink
feat: add support for new sourcetypes of Cisco ESA v1.7.0 TA
Browse files Browse the repository at this point in the history
  • Loading branch information
@dhrpatel2-crest
dhrpatel2-crest committed Jul 5, 2024
1 parent 1b03a03 commit 5f5ccd3
Show file tree
Hide file tree
Showing 2 changed files with 242 additions and 6 deletions.
124 changes: 121 additions & 3 deletions package/etc/conf.d/conflib/netsource/app-netsource-cisco_esa.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,9 +58,39 @@ filter f_cisco_esa_error_logs {
or program('sc4s_error_logs' type(string) flags(prefix))
};

filter f_cisco_esa_system_logs {
program('system_logs' type(string) flags(prefix))
or program('sc4s_system_logs' type(string) flags(prefix))
filter f_cisco_esa_updater_logs {
program('updater_logs' type(string) flags(prefix))
or program('sc4s_updater_logs' type(string) flags(prefix))
};

filter f_cisco_esa_antivirus_logs {
program('antivirus' type(string) flags(prefix))
or program('sc4s_antivirus' type(string) flags(prefix))
};

filter f_cisco_esa_service_logs {
program('service_logs' type(string) flags(prefix))
or program('sc4s_service_logs' type(string) flags(prefix))
};

filter f_cisco_esa_reportd_logs {
program('reportd_logs' type(string) flags(prefix))
or program('sc4s_service_logs' type(string) flags(prefix))
};

filter f_cisco_esa_sntpd_logs {
program('sntpd_logs' type(string) flags(prefix))
or program('sc4s_sntpd_logs' type(string) flags(prefix))
};

filter f_cisco_esa_euq_logs {
program('euq_logs' type(string) flags(prefix))
or program('sc4s_euq_logs' type(string) flags(prefix))
};

filter f_cisco_esa_smartlicense {
program('smartlicense' type(string) flags(prefix))
or program('sc4s_smartlicense' type(string) flags(prefix))
};


Expand Down Expand Up @@ -135,6 +165,94 @@ block parser app-netsource-cisco_esa() {
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_updater_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:updater_logs')
sourcetype('cisco:esa:error_logs')
);
};
} elif {
filter(f_cisco_esa_antivirus_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:antivirus')
sourcetype('cisco:esa:antivirus')
);
};
} elif {
filter(f_cisco_esa_euq_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:euq_logs')
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_service_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:service_logs')
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_reportd_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:reportd_logs')
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_antivirus);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:antivirus')
sourcetype('cisco:esa:antivirus')
);
};
} elif {
filter(f_cisco_esa_euq_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:euq_logs')
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_service_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:service_logs')
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_reportd_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:reportd_logs')
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_sntpd_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:sntpd_logs')
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_smartlicense);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:smartlicense')
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_authentication);
rewrite {
Expand Down
124 changes: 121 additions & 3 deletions package/lite/etc/addons/cisco/app-netsource-cisco_esa.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,9 +58,39 @@ filter f_cisco_esa_error_logs {
or program('sc4s_error_logs' type(string) flags(prefix))
};

filter f_cisco_esa_system_logs {
program('system_logs' type(string) flags(prefix))
or program('sc4s_system_logs' type(string) flags(prefix))
filter f_cisco_esa_updater_logs {
program('updater_logs' type(string) flags(prefix))
or program('sc4s_updater_logs' type(string) flags(prefix))
};

filter f_cisco_esa_antivirus_logs {
program('antivirus' type(string) flags(prefix))
or program('sc4s_antivirus' type(string) flags(prefix))
};

filter f_cisco_esa_service_logs {
program('service_logs' type(string) flags(prefix))
or program('sc4s_service_logs' type(string) flags(prefix))
};

filter f_cisco_esa_reportd_logs {
program('reportd_logs' type(string) flags(prefix))
or program('sc4s_service_logs' type(string) flags(prefix))
};

filter f_cisco_esa_sntpd_logs {
program('sntpd_logs' type(string) flags(prefix))
or program('sc4s_sntpd_logs' type(string) flags(prefix))
};

filter f_cisco_esa_euq_logs {
program('euq_logs' type(string) flags(prefix))
or program('sc4s_euq_logs' type(string) flags(prefix))
};

filter f_cisco_esa_smartlicense {
program('smartlicense' type(string) flags(prefix))
or program('sc4s_smartlicense' type(string) flags(prefix))
};


Expand Down Expand Up @@ -135,6 +165,94 @@ block parser app-netsource-cisco_esa() {
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_updater_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:updater_logs')
sourcetype('cisco:esa:error_logs')
);
};
} elif {
filter(f_cisco_esa_antivirus_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:antivirus')
sourcetype('cisco:esa:antivirus')
);
};
} elif {
filter(f_cisco_esa_euq_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:euq_logs')
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_service_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:service_logs')
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_reportd_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:reportd_logs')
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_antivirus);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:antivirus')
sourcetype('cisco:esa:antivirus')
);
};
} elif {
filter(f_cisco_esa_euq_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:euq_logs')
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_service_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:service_logs')
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_reportd_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:reportd_logs')
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_sntpd_logs);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:sntpd_logs')
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_smartlicense);
rewrite {
r_set_splunk_dest_update_v2(
source('esa:smartlicense')
sourcetype('cisco:esa:system_logs')
);
};
} elif {
filter(f_cisco_esa_authentication);
rewrite {
Expand Down

0 comments on commit 5f5ccd3

Please sign in to comment.