Skip to content

#12448: Fixing IPv6 parsing for IPV6ACCESSLOGP messages #12459

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 0 commits into from
Jan 24, 2025
Merged

#12448: Fixing IPv6 parsing for IPV6ACCESSLOGP messages #12459

merged 0 commits into from
Jan 24, 2025

Conversation

qcorporation
Copy link
Contributor

Customer Description

Working with a customer using the CISCO IOS Integration and found out that IPv6 records with event.code:IPV6ACCESSLOGP are not fully parsed.

Description

Fixing IPv6 parsing for IPV6ACCESSLOGP messages

  • added IPV6ACCESSLOGP to dissect_gp parsing
  • added event to both pipeline and system tests
  • modified hit count to match the number of tests

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  • checked that pipeline tests pass
  • checked that the system tests pass
  • validated that pipeline output for IPV6ACCESSLOGP events now parses out destination IP address, port, source address and other information

Related issues

@qcorporation qcorporation added bug Something isn't working, use only for issues Integration:cisco_ios Cisco IOS labels Jan 24, 2025
@qcorporation qcorporation requested a review from a team January 24, 2025 16:04
@qcorporation qcorporation self-assigned this Jan 24, 2025
@andrewkroh andrewkroh added bugfix Pull request that fixes a bug issue and removed bug Something isn't working, use only for issues labels Jan 24, 2025
@qcorporation qcorporation marked this pull request as ready for review January 24, 2025 16:48
@andrewkroh andrewkroh added the Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices] label Jan 24, 2025
@elasticmachine
Copy link

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

taylor-swanson
taylor-swanson approved these changes Jan 24, 2025
View reviewed changes
Copy link
Contributor

@taylor-swanson taylor-swanson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, minor comment about test data

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

💚 Build Succeeded

History

  • 💚 Build #20926 succeeded 588883e77e6fbbb04d534a1177ce10f268aca38c
  • 💔 Build #20923 failed 850d98b0cfdce604c6f902a9a61080238c2bbbec

cc @qcorporation

@qcorporation qcorporation merged this pull request into main Jan 24, 2025
5 checks passed
@qcorporation qcorporation deleted the 12448-cisco-ios branch January 24, 2025 19:27
@elastic-vault-github-plugin-prod
Copy link

Package cisco_ios - 1.28.2 containing this change is available at https://epr.elastic.co/package/cisco_ios/1.28.2/

harnish-elastic pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@qcorporation
elastic#12448: Fixing IPv6 parsing for IPV6ACCESSLOGP messages (elast…
fc2d216 
…ic#12459)

* Fixing IPv6 parsing for IPV6ACCESSLOGP messages

- added IPV6ACCESSLOGP to dissect_gp parsing
- added event to both pipeline and system tests
- modified hit count to match the number of tests
harnish-elastic pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@qcorporation
elastic#12448: Fixing IPv6 parsing for IPV6ACCESSLOGP messages (elast…
6793ece 
…ic#12459)

* Fixing IPv6 parsing for IPV6ACCESSLOGP messages

- added IPV6ACCESSLOGP to dissect_gp parsing
- added event to both pipeline and system tests
- modified hit count to match the number of tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taylor-swanson taylor-swanson taylor-swanson approved these changes

@dwhyrock dwhyrock dwhyrock approved these changes

Assignees

@qcorporation qcorporation

Labels
bugfix Pull request that fixes a bug issue Integration:cisco_ios Cisco IOS Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[CISCO IOS]: IPv6 records with event.code:IPV6ACCESSLOGP are not fully parsed
5 participants
@qcorporation @elasticmachine @dwhyrock @taylor-swanson @andrewkroh