Update Filebeat's Cisco > ASA config to reflect UDP

n0othing commented 3 years ago

In https://github.com/elastic/beats/pull/13286 we switched Filebeat's Cisco ASA dataset to use a regular udp input instead of a syslog input, however, the cisco.yml still makes it look like we're using syslog:

  asa:
    enabled: true

    # Set which input to use between syslog (default) or file.
    var.input: syslog

    # The interface to listen to UDP based syslog traffic. Defaults to
    # localhost. Set to 0.0.0.0 to bind to all available interfaces.
    var.syslog_host: localhost

    # The UDP port to listen for syslog traffic. Defaults to 9001.
    var.syslog_port: 9001

.../module/cisco/asa/config/input.yml

{{ if eq .input "syslog" }}

type: udp
udp:
host: "{{.syslog_host}}:{{.syslog_port}}"

This may cause some confusion and it'd be helpful to adjust settings/comments to reflect the use of a type: udp input.

elasticmachine commented 3 years ago

Pinging @elastic/siem (Team:SIEM)

elasticmachine commented 2 years ago

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

elastic / beats

Update Filebeat's Cisco > ASA config to reflect UDP #28821