I have also had some parsing issues with the sonicwall module that is being pushed from the integration using fleet management. I was getting a dissect error message with every log message. I ended up starting to work on my own filbeat module since I'm hoping that we can move all of our sonicwall deployments to elastic. It works on the firewall that I have been testing on with firmware version 6.5.4.7. My first time contributing to beats and the documentation I have seen goes with the current method of creating filbeat modules vs. the new integration methods. -- at least I don't see any references to the integration fleet methods. Still plan on creating the pull request in the next day or two. I modeled mine after the Fortinet firewall integration module which works well for Fortigates and it seems much simpler than the current SonicWall one. I haven't seen any other posts indicating that someone is working on the sonicwall module so hopefully mine will be helpful
I did actually find this for reference if anyone stumbles on this for developing integrations. I just didnāt google very well. Will start working on this as well.
I was able to validate the logs that I collect from a lab sonicwall I have using the integration updates I made. I submitted the PR today. My first time submitting so there might be issues but hopefully anything that comes up I can work through.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.