From 5f5ccd303ee8cc6ffed27e899ae0fb3d05fbfef7 Mon Sep 17 00:00:00 2001 From: dhrpatel2-crest Date: Fri, 5 Jul 2024 12:25:38 +0530 Subject: [PATCH] feat: add support for new sourcetypes of Cisco ESA v1.7.0 TA --- .../netsource/app-netsource-cisco_esa.conf | 124 +++++++++++++++++- .../addons/cisco/app-netsource-cisco_esa.conf | 124 +++++++++++++++++- 2 files changed, 242 insertions(+), 6 deletions(-) diff --git a/package/etc/conf.d/conflib/netsource/app-netsource-cisco_esa.conf b/package/etc/conf.d/conflib/netsource/app-netsource-cisco_esa.conf index f9d0ffed61..4e501b2659 100644 --- a/package/etc/conf.d/conflib/netsource/app-netsource-cisco_esa.conf +++ b/package/etc/conf.d/conflib/netsource/app-netsource-cisco_esa.conf @@ -58,9 +58,39 @@ filter f_cisco_esa_error_logs { or program('sc4s_error_logs' type(string) flags(prefix)) }; -filter f_cisco_esa_system_logs { - program('system_logs' type(string) flags(prefix)) - or program('sc4s_system_logs' type(string) flags(prefix)) +filter f_cisco_esa_updater_logs { + program('updater_logs' type(string) flags(prefix)) + or program('sc4s_updater_logs' type(string) flags(prefix)) +}; + +filter f_cisco_esa_antivirus_logs { + program('antivirus' type(string) flags(prefix)) + or program('sc4s_antivirus' type(string) flags(prefix)) +}; + +filter f_cisco_esa_service_logs { + program('service_logs' type(string) flags(prefix)) + or program('sc4s_service_logs' type(string) flags(prefix)) +}; + +filter f_cisco_esa_reportd_logs { + program('reportd_logs' type(string) flags(prefix)) + or program('sc4s_service_logs' type(string) flags(prefix)) +}; + +filter f_cisco_esa_sntpd_logs { + program('sntpd_logs' type(string) flags(prefix)) + or program('sc4s_sntpd_logs' type(string) flags(prefix)) +}; + +filter f_cisco_esa_euq_logs { + program('euq_logs' type(string) flags(prefix)) + or program('sc4s_euq_logs' type(string) flags(prefix)) +}; + +filter f_cisco_esa_smartlicense { + program('smartlicense' type(string) flags(prefix)) + or program('sc4s_smartlicense' type(string) flags(prefix)) }; @@ -135,6 +165,94 @@ block parser app-netsource-cisco_esa() { sourcetype('cisco:esa:system_logs') ); }; + } elif { + filter(f_cisco_esa_updater_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:updater_logs') + sourcetype('cisco:esa:error_logs') + ); + }; + } elif { + filter(f_cisco_esa_antivirus_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:antivirus') + sourcetype('cisco:esa:antivirus') + ); + }; + } elif { + filter(f_cisco_esa_euq_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:euq_logs') + sourcetype('cisco:esa:system_logs') + ); + }; + } elif { + filter(f_cisco_esa_service_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:service_logs') + sourcetype('cisco:esa:system_logs') + ); + }; + } elif { + filter(f_cisco_esa_reportd_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:reportd_logs') + sourcetype('cisco:esa:system_logs') + ); + }; + } elif { + filter(f_cisco_esa_antivirus); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:antivirus') + sourcetype('cisco:esa:antivirus') + ); + }; + } elif { + filter(f_cisco_esa_euq_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:euq_logs') + sourcetype('cisco:esa:system_logs') + ); + }; + } elif { + filter(f_cisco_esa_service_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:service_logs') + sourcetype('cisco:esa:system_logs') + ); + }; + } elif { + filter(f_cisco_esa_reportd_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:reportd_logs') + sourcetype('cisco:esa:system_logs') + ); + }; + } elif { + filter(f_cisco_esa_sntpd_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:sntpd_logs') + sourcetype('cisco:esa:system_logs') + ); + }; + } elif { + filter(f_cisco_esa_smartlicense); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:smartlicense') + sourcetype('cisco:esa:system_logs') + ); + }; } elif { filter(f_cisco_esa_authentication); rewrite { diff --git a/package/lite/etc/addons/cisco/app-netsource-cisco_esa.conf b/package/lite/etc/addons/cisco/app-netsource-cisco_esa.conf index f9d0ffed61..4e501b2659 100644 --- a/package/lite/etc/addons/cisco/app-netsource-cisco_esa.conf +++ b/package/lite/etc/addons/cisco/app-netsource-cisco_esa.conf @@ -58,9 +58,39 @@ filter f_cisco_esa_error_logs { or program('sc4s_error_logs' type(string) flags(prefix)) }; -filter f_cisco_esa_system_logs { - program('system_logs' type(string) flags(prefix)) - or program('sc4s_system_logs' type(string) flags(prefix)) +filter f_cisco_esa_updater_logs { + program('updater_logs' type(string) flags(prefix)) + or program('sc4s_updater_logs' type(string) flags(prefix)) +}; + +filter f_cisco_esa_antivirus_logs { + program('antivirus' type(string) flags(prefix)) + or program('sc4s_antivirus' type(string) flags(prefix)) +}; + +filter f_cisco_esa_service_logs { + program('service_logs' type(string) flags(prefix)) + or program('sc4s_service_logs' type(string) flags(prefix)) +}; + +filter f_cisco_esa_reportd_logs { + program('reportd_logs' type(string) flags(prefix)) + or program('sc4s_service_logs' type(string) flags(prefix)) +}; + +filter f_cisco_esa_sntpd_logs { + program('sntpd_logs' type(string) flags(prefix)) + or program('sc4s_sntpd_logs' type(string) flags(prefix)) +}; + +filter f_cisco_esa_euq_logs { + program('euq_logs' type(string) flags(prefix)) + or program('sc4s_euq_logs' type(string) flags(prefix)) +}; + +filter f_cisco_esa_smartlicense { + program('smartlicense' type(string) flags(prefix)) + or program('sc4s_smartlicense' type(string) flags(prefix)) }; @@ -135,6 +165,94 @@ block parser app-netsource-cisco_esa() { sourcetype('cisco:esa:system_logs') ); }; + } elif { + filter(f_cisco_esa_updater_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:updater_logs') + sourcetype('cisco:esa:error_logs') + ); + }; + } elif { + filter(f_cisco_esa_antivirus_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:antivirus') + sourcetype('cisco:esa:antivirus') + ); + }; + } elif { + filter(f_cisco_esa_euq_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:euq_logs') + sourcetype('cisco:esa:system_logs') + ); + }; + } elif { + filter(f_cisco_esa_service_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:service_logs') + sourcetype('cisco:esa:system_logs') + ); + }; + } elif { + filter(f_cisco_esa_reportd_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:reportd_logs') + sourcetype('cisco:esa:system_logs') + ); + }; + } elif { + filter(f_cisco_esa_antivirus); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:antivirus') + sourcetype('cisco:esa:antivirus') + ); + }; + } elif { + filter(f_cisco_esa_euq_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:euq_logs') + sourcetype('cisco:esa:system_logs') + ); + }; + } elif { + filter(f_cisco_esa_service_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:service_logs') + sourcetype('cisco:esa:system_logs') + ); + }; + } elif { + filter(f_cisco_esa_reportd_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:reportd_logs') + sourcetype('cisco:esa:system_logs') + ); + }; + } elif { + filter(f_cisco_esa_sntpd_logs); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:sntpd_logs') + sourcetype('cisco:esa:system_logs') + ); + }; + } elif { + filter(f_cisco_esa_smartlicense); + rewrite { + r_set_splunk_dest_update_v2( + source('esa:smartlicense') + sourcetype('cisco:esa:system_logs') + ); + }; } elif { filter(f_cisco_esa_authentication); rewrite {