Skip to content

Commit

Permalink
Use field set operation for source and destination IP
Browse files Browse the repository at this point in the history 
Updates elastic/beats#26504
  • Loading branch information
@efd6
efd6 committed Sep 28, 2021
1 parent ff2b0aa commit 5f43e15
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 6 deletions.
2 changes: 0 additions & 2 deletions fields-merge.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,6 @@ event.code,by_prio,id,messageid
rsa.misc.action,append
rsa.network.alias_host,append
host.name,by_prio,hostname,host
destination.ip,append
source.ip,append
related.user,append
related.hosts,append
event.action,by_prio,action,event_type
Expand Down
8 changes: 4 additions & 4 deletions output/javascript/liblogparser.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1007,8 +1007,8 @@ var ecs_mappings = {
"child_process": {to:[{field: "process.name", setter: fld_prio, prio: 1}]},
"city.dst": {to:[{field: "destination.geo.city_name", setter: fld_set}]},
"city.src": {to:[{field: "source.geo.city_name", setter: fld_set}]},
"daddr": {convert: to_ip, to:[{field: "destination.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]},
"daddr_v6": {convert: to_ip, to:[{field: "destination.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]},
"daddr": {convert: to_ip, to:[{field: "destination.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]},
"daddr_v6": {convert: to_ip, to:[{field: "destination.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]},
"ddomain": {to:[{field: "destination.domain", setter: fld_prio, prio: 0}]},
"devicehostip": {convert: to_ip, to:[{field: "host.ip", setter: fld_prio, prio: 2},{field: "related.ip", setter: fld_append}]},
"devicehostmac": {convert: to_mac, to:[{field: "host.mac", setter: fld_prio, prio: 0}]},
Expand Down Expand Up @@ -1088,8 +1088,8 @@ var ecs_mappings = {
"rbytes": {convert: to_long, to:[{field: "destination.bytes", setter: fld_set}]},
"referer": {to:[{field: "http.request.referrer", setter: fld_prio, prio: 1}]},
"rulename": {to:[{field: "rule.name", setter: fld_set}]},
"saddr": {convert: to_ip, to:[{field: "source.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]},
"saddr_v6": {convert: to_ip, to:[{field: "source.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]},
"saddr": {convert: to_ip, to:[{field: "source.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]},
"saddr_v6": {convert: to_ip, to:[{field: "source.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]},
"sbytes": {convert: to_long, to:[{field: "source.bytes", setter: fld_set}]},
"sdomain": {to:[{field: "source.domain", setter: fld_prio, prio: 0}]},
"service": {to:[{field: "service.name", setter: fld_prio, prio: 1}]},
Expand Down

0 comments on commit 5f43e15

Please sign in to comment.