Improving Cisco IOS Filebeats Module

james.tutton · February 21, 2020, 4:35pm

Hi All,

Just wanted to drop a line out to the Community and devs to say I am currently working to extend the number of logs passed by the cisco ios filebeat module.

Forked Version of module is here:

github.com

jamestutton/beats/blob/cisco_module_dev/x-pack/filebeat/module/cisco/ios/config/pipeline.js

// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
// or more contributor license agreements. Licensed under the Elastic License;
// you may not use this file except in compliance with the Elastic License.

var ciscoIOS = (function() {
    var processor = require("processor");

    var newDissect = function(pattern) {
        return new processor.Dissect({
            "tokenizer": pattern,
            "field": "message",
            "target_prefix": "",
            "ignore_failure" : true,
            "ignore_missing": true
        }).Run;
    };

    var ciscoLogPatterns = {
        //A
        //B

This file has been truncated. show original

So Far all changes as constrained to the pipeline.js so its possible to just copy this file over the original to test the new features.

Its is NOT production ready and is very much a work in progress there are some bugs and things that havent figured correct way of handling yet but it does handle a lot more log types than the original.

I welcome any example ios logs people may have which contain useful meta data for passing. Where possible trying to map fields to Core ECS or extend cisco.* but welcome feedback on field names etc.

system · March 20, 2020, 4:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.