Missing RSS Items

Elastic Stack Logstash
1

Hello Guys,

I'm completely new to RSS, XML and that stuff so I might overlook something quite simple here.
So, here ist my problem:

I succesfully setup the RSS-Plugin and it's working fine. Except it seem to miss out on a field (or item?) that I need.
Here ist the start of the RSS File, when I open it with a normal Texteditor:

<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0">
  <channel>
    <title>BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories)</title>
    <link>https://wid.cert-bund.de/portal/wid/securityadvisory</link>
    <description>BSI Warn- und Informationsdienst (WID) RSS Feed zur Verteilung Schwachstellen-Informationen (Security Advisories)</description>
    <pubDate>Tue, 02 Aug 2022 09:00:12 GMT</pubDate>
    <item>
      <title>Atlassian Jira Software: Schwachstelle ermöglicht Codeausführung</title>
      <link>https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0881</link>
      <description>Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Atlassian Jira Software ausnutzen, um beliebigen Programmcode auszuführen.</description>
      <category>mittel</category>
      <pubDate>Tue, 02 Aug 2022 08:46:47 GMT</pubDate>
    </item>
    <item>
      <title>vim: Mehrere Schwachstellen</title>
      <link>https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0880</link>
      <description>Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in vim ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und einen nicht spezifizierten Angriff durchzuführen.</description>
      <category>hoch</category>
      <pubDate>Tue, 02 Aug 2022 08:46:47 GMT</pubDate>
    </item>

All the fields are showing up in the kibana interface except category.

Why is that and how can I get logstash to also work with the category field?

For more information:
Logstash input:

input {
    rss {
        url => "https://wid.cert-bund.de/content/public/securityAdvisory/rss"
        id => "bsi-cert"
        # value in seconds
        interval => 600
    }
}

logstash output:

{
    elasticsearch {
        hosts => ["https://myhost"]
        document_id => "%{document.id}"
        action => "create"
        ssl             => true
        manage_template => false
        ecs_compatibility => v1
        index => "myIndex-%{+YYYY-MM}"
        user            => "user"
        password        => "xxx"
    }
}
2

The code supports a subset of the elements that an item can contain. There is an open issue asking if category can be supported. The input really does have very minimal RSS support and could be greatly improved.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.