[Juniper SRX] Support additional message patterns

[kcreddy]

Current grok doesnt support following sample messages:

<158>May 4 05:16:01 AA1122-PR-BBBB-ABC kernel: FW: gr-0/0/0.45 A udp 127.0.0.1 127.0.0.2 49153 49153 
<158>May 4 05:16:01 AA1122-PR-BBBB-ABC-ISD (FPC Slot 1, PIC Slot 1) PFE_FW_SYSLOG_IP: FW: abcd11.21 A pim 81.2.69.142 81.2.69.143 0 0 (1 packets) 
<13>May 4 05:16:01 AA1122-PR-BBBB-ABC-ISD RT_SYSTEM: RTLOG_CONN_ERROR: Connection error SYSLOG-NG Com 57159 abort 
<30>May 4 05:16:01 AA1122-PR-BBBB-ABC-ISD rmopd[10286]: PING_TEST_COMPLETED: pingCtlOwnerIndex = HTTP_PROBE_TUNNEL_11, pingCtlTestName = TUNNEL_11  
<158>1 2023-05-04T15:21:01.102+10:00 AA1122-PR-BBBB-ABC-ISD kernel - - - FW: gr-0/0/0.14 A udp 127.0.0.1 81.2.69.142 49153 49153 

These are new message types currently not supported by the integration, and needs to be added.

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[cai-elastic]

Hi @kcreddy and team,

Thank you very much for helping with the request. These samples are system event logs. The current SRX integration can parse traffic logs correctly but as you have found, some event logs cannot be parsed correctly. The custom is monitoring traffic and event logs separately. If we are going to support these event logs in SRX integration instead of Junos. Can we have a field in the pipeline to distinguish them?

Also, can you evaluate the effort and estimate the delivery timeline for us? The customer is eager to have these event logs because they are important input to some of key dashboards. Without parsing these event logs correctly, our service team cannot proceed our engagement at all. Therefore, they are requesting an urgent fix/enhancement.

Thank you very much!

Best Regards, Cai Snr Technical Consultant, APJ