iaalmeida
commented
5 days ago Closed here, opened as https://github.com/elastic/integrations/issues/7152
Closed iaalmeida closed 5 days ago
iaalmeida
commented
5 days ago Closed here, opened as https://github.com/elastic/integrations/issues/7152
**Kibana version: 8.13.3
**Elasticsearch version: 8.13.3
Describe the bug: After upgrade Fleet Cisco IOS Integration from version 1.25.1 to version 1.26.6, syslog messages parsing stopped working. Now the fields are not automatically populated. My syslog messages have the following format:
<189>387448: host-01: May 6 16:13:09.123 UTC+1: %DOT1X-5-FAIL: Authentication failed for client (001e.0b80.13b5) on Interface Gi1/0/16 AuditSessionID 000000000000011D51B826E5 **Steps to reproduce:** 1. Upgrade Cisco IOS Integration from version 1.25.1 to version 1.26.6 2. 3. **Expected behavior:** No behaviour change in message parsing. **Any additional context:** I've verified the Ingest pipeline from these two versions and confirmed than the olg grok patterns are ok, but not the new ones.