x-pack/filebeat/module/{cisco,cyberarkpas} - regenerate timestamps fo…

…r 2023 (#34181) The syslog timestamps in the logs are interpreted based on the current year so update the golden files.
elastic · Jan 5, 2023 · 7d296b7 · 7d296b7
1 parent 0e688e3
commit 7d296b7
Show file tree

Hide file tree

Showing 13 changed files with 32 additions and 60 deletions.
diff --git a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json
@@ -181,12 +181,12 @@
         "event.code": 609002,
         "event.dataset": "cisco.asa",
         "event.duration": 0,
-        "event.end": "2022-05-05T17:51:17.000-02:00",
+        "event.end": "2023-05-05T17:51:17.000-02:00",
         "event.kind": "event",
         "event.module": "cisco",
         "event.original": "%FTD-7-609002: Teardown local-host net:192.168.2.2 duration 0:00:00",
         "event.severity": 7,
-        "event.start": "2022-05-05T19:51:17.000Z",
+        "event.start": "2023-05-05T19:51:17.000Z",
         "event.timezone": "-02:00",
         "event.type": [
             "connection",
@@ -701,12 +701,12 @@
         "event.code": 609002,
         "event.dataset": "cisco.asa",
         "event.duration": 0,
-        "event.end": "2022-05-05T18:24:31.000-02:00",
+        "event.end": "2023-05-05T18:24:31.000-02:00",
         "event.kind": "event",
         "event.module": "cisco",
         "event.original": "%ASA-7-609002: Teardown local-host identity:10.10.10.10 duration 0:00:00",
         "event.severity": 7,
-        "event.start": "2022-05-05T20:24:31.000Z",
+        "event.start": "2023-05-05T20:24:31.000Z",
         "event.timezone": "-02:00",
         "event.type": [
             "connection",
@@ -849,13 +849,13 @@
         "event.code": 302014,
         "event.dataset": "cisco.asa",
         "event.duration": 0,
-        "event.end": "2022-05-05T18:29:32.000-02:00",
+        "event.end": "2023-05-05T18:29:32.000-02:00",
         "event.kind": "event",
         "event.module": "cisco",
         "event.original": "%ASA-6-302014: Teardown TCP connection 2960892904 for out111:10.10.10.10/443 to fw111:192.168.2.2/55225 duration 0:00:00 bytes 0 TCP Reset-I",
         "event.reason": "TCP Reset-I",
         "event.severity": 6,
-        "event.start": "2022-05-05T20:29:32.000Z",
+        "event.start": "2023-05-05T20:29:32.000Z",
         "event.timezone": "-02:00",
         "event.type": [
             "connection",
@@ -966,12 +966,12 @@
         "event.code": 305012,
         "event.dataset": "cisco.asa",
         "event.duration": 0,
-        "event.end": "2022-05-05T18:29:32.000-02:00",
+        "event.end": "2023-05-05T18:29:32.000-02:00",
         "event.kind": "event",
         "event.module": "cisco",
         "event.original": "%ASA-6-305012: Teardown dynamic UDP translation from fw111:10.10.10.10/54230 to out111:192.168.2.2/54230 duration 0:00:00",
         "event.severity": 6,
-        "event.start": "2022-05-05T20:29:32.000Z",
+        "event.start": "2023-05-05T20:29:32.000Z",
         "event.timezone": "-02:00",
         "event.type": [
             "connection",
@@ -1175,12 +1175,12 @@
         "event.code": 302016,
         "event.dataset": "cisco.asa",
         "event.duration": 124000000000,
-        "event.end": "2022-05-05T18:40:50.000-02:00",
+        "event.end": "2023-05-05T18:40:50.000-02:00",
         "event.kind": "event",
         "event.module": "cisco",
         "event.original": "%ASA-2-302016: Teardown UDP connection 1671727 for intfacename:10.10.10.10/161 to net:192.186.2.2/53356 duration 0:02:04 bytes 64585",
         "event.severity": 2,
-        "event.start": "2022-05-05T20:38:46.000Z",
+        "event.start": "2023-05-05T20:38:46.000Z",
         "event.timezone": "-02:00",
         "event.type": [
             "connection",
@@ -1812,13 +1812,13 @@
         "event.code": 302023,
         "event.dataset": "cisco.asa",
         "event.duration": 0,
-        "event.end": "2022-05-05T19:02:58.000-02:00",
+        "event.end": "2023-05-05T19:02:58.000-02:00",
         "event.kind": "event",
         "event.module": "cisco",
         "event.original": "%ASA-6-302023: Teardown stub TCP connection for fw111:10.10.10.10/39210 to net:192.168.2.2/10051 duration 0:00:00 forwarded bytes 0 Cluster flow with CLU closed on owner",
         "event.reason": "Cluster flow with CLU closed on owner",
         "event.severity": 6,
-        "event.start": "2022-05-05T21:02:58.000Z",
+        "event.start": "2023-05-05T21:02:58.000Z",
         "event.timezone": "-02:00",
         "event.type": [
             "info"
@@ -1868,13 +1868,13 @@
         "event.code": 302023,
         "event.dataset": "cisco.asa",
         "event.duration": 0,
-        "event.end": "2022-05-05T19:02:58.000-02:00",
+        "event.end": "2023-05-05T19:02:58.000-02:00",
         "event.kind": "event",
         "event.module": "cisco",
         "event.original": "%ASA-6-302023: Teardown stub TCP connection for net:10.10.10.10/10051 to unknown:192.168.2.2/39222 duration 0:00:00 forwarded bytes 0 Forwarding or redirect flow removed to create director or backup flow",
         "event.reason": "Forwarding or redirect flow removed to create director or backup flow",
         "event.severity": 6,
-        "event.start": "2022-05-05T21:02:58.000Z",
+        "event.start": "2023-05-05T21:02:58.000Z",
         "event.timezone": "-02:00",
         "event.type": [
             "info"
@@ -2687,13 +2687,13 @@
         "event.code": 302304,
         "event.dataset": "cisco.asa",
         "event.duration": 3602000000000,
-        "event.end": "2022-04-27T04:12:23.000-02:00",
+        "event.end": "2023-04-27T04:12:23.000-02:00",
         "event.kind": "event",
         "event.module": "cisco",
         "event.original": "%ASA-6-302304: Teardown TCP state-bypass connection 2751765169 from server.deflan:81.2.69.143/54242 to server.deflan:67.43.156.12/9101 duration 1:00:02 bytes 245 Connection timeout",
         "event.reason": "Connection timeout",
         "event.severity": 6,
-        "event.start": "2022-04-27T05:12:21.000Z",
+        "event.start": "2023-04-27T05:12:21.000Z",
         "event.timezone": "-02:00",
         "event.type": [
             "connection",
@@ -3227,13 +3227,13 @@
         "event.code": 113019,
         "event.dataset": "cisco.asa",
         "event.duration": 1936000000000,
-        "event.end": "2022-04-27T02:03:03.000-02:00",
+        "event.end": "2023-04-27T02:03:03.000-02:00",
         "event.kind": "event",
         "event.module": "cisco",
         "event.original": "%ASA-4-113019: Group = 81.2.69.143, Username = 81.2.69.143, IP = 81.2.69.143, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:32m:16s, Bytes xmt: 297103, Bytes rcv: 1216163, Reason: User Requested",
         "event.reason": "User Requested",
         "event.severity": 4,
-        "event.start": "2022-04-27T03:30:47.000Z",
+        "event.start": "2023-04-27T03:30:47.000Z",
         "event.timezone": "-02:00",
         "event.type": [
             "info"

diff --git a/x-pack/filebeat/module/cisco/asa/test/non-canonical.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/non-canonical.log-expected.json
@@ -361,12 +361,12 @@
         "event.code": 305012,
         "event.dataset": "cisco.asa",
         "event.duration": 41000000000,
-        "event.end": "2022-07-15T13:38:47.000-02:00",
+        "event.end": "2023-07-15T13:38:47.000-02:00",
         "event.kind": "event",
         "event.module": "cisco",
         "event.original": "%ASA-6-305012: Teardown dynamic UDP translation from SERVERS:exp-wait/62409 to outside:81.2.69.142/62409 duration 0:00:41",
         "event.severity": 6,
-        "event.start": "2022-07-15T15:38:06.000Z",
+        "event.start": "2023-07-15T15:38:06.000Z",
         "event.timezone": "-02:00",
         "event.type": [
             "connection",
@@ -423,12 +423,12 @@
         "event.code": 305012,
         "event.dataset": "cisco.asa",
         "event.duration": 30000000000,
-        "event.end": "2022-07-15T13:37:33.000-02:00",
+        "event.end": "2023-07-15T13:37:33.000-02:00",
         "event.kind": "event",
         "event.module": "cisco",
         "event.original": "%ASA-6-305012: Teardown dynamic UDP translation from SERVERS:exp-wait/56421 to outside:81.2.69.142/56421 duration 0:00:30",
         "event.severity": 6,
-        "event.start": "2022-07-15T15:37:03.000Z",
+        "event.start": "2023-07-15T15:37:03.000Z",
         "event.timezone": "-02:00",
         "event.type": [
             "connection",

diff --git a/x-pack/filebeat/module/cisco/nexus/test/nexus.log-expected.json b/x-pack/filebeat/module/cisco/nexus/test/nexus.log-expected.json
@@ -1,6 +1,5 @@
 [
     {
-        "@timestamp": "2022-10-19T13:34:01.000Z",
         "event.code": "IF_HARDWARE",
         "event.dataset": "cisco.nexus",
         "event.module": "cisco",
@@ -25,7 +24,6 @@
         "rsa.misc.event_source": "ETHPORT",
         "rsa.misc.severity": "5",
         "rsa.network.interface": "Ethernet1/9",
-        "rsa.time.event_time": "2022-10-19T13:34:01.000Z",
         "rsa.time.timezone": "Berlin",
         "service.type": "cisco",
         "tags": [
@@ -34,7 +32,6 @@
         ]
     },
     {
-        "@timestamp": "2022-10-17T12:27:35.000Z",
         "event.code": "NOHMS_ENV_FEX_ONLINE",
         "event.dataset": "cisco.nexus",
         "event.module": "cisco",
@@ -58,7 +55,6 @@
         "rsa.misc.device_name": "FEX-105",
         "rsa.misc.event_source": "NOHMS",
         "rsa.misc.severity": "2",
-        "rsa.time.event_time": "2022-10-17T12:27:35.000Z",
         "rsa.time.timezone": "Berlin",
         "service.type": "cisco",
         "tags": [
@@ -67,7 +63,6 @@
         ]
     },
     {
-        "@timestamp": "2022-10-25T00:33:33.717527Z",
         "event.code": "FEX_PS_FOUND",
         "event.dataset": "cisco.nexus",
         "event.module": "cisco",
@@ -93,7 +88,6 @@
         ]
     },
     {
-        "@timestamp": "2022-10-25T00:33:33.717781Z",
         "event.code": "FEX_PS_FOUND",
         "event.dataset": "cisco.nexus",
         "event.module": "cisco",
@@ -119,7 +113,6 @@
         ]
     },
     {
-        "@timestamp": "2022-10-17T12:27:38.000Z",
         "event.code": "FEX_STATUS",
         "event.dataset": "cisco.nexus",
         "event.module": "cisco",
@@ -143,7 +136,6 @@
         "rsa.misc.device_name": "Fex 105",
         "rsa.misc.event_source": "PFMA",
         "rsa.misc.severity": "2",
-        "rsa.time.event_time": "2022-10-17T12:27:38.000Z",
         "rsa.time.timezone": "Berlin",
         "service.type": "cisco",
         "tags": [
@@ -152,7 +144,6 @@
         ]
     },
     {
-        "@timestamp": "2022-10-17T16:00:07.000Z",
         "event.code": "IF_DOWN_LINK_FAILURE",
         "event.dataset": "cisco.nexus",
         "event.module": "cisco",
@@ -178,7 +169,6 @@
         "rsa.misc.result": "Link failure",
         "rsa.misc.severity": "5",
         "rsa.network.interface": "Ethernet100/1/17",
-        "rsa.time.event_time": "2022-10-17T16:00:07.000Z",
         "rsa.time.timezone": "Berlin",
         "service.type": "cisco",
         "tags": [
@@ -187,7 +177,6 @@
         ]
     },
     {
-        "@timestamp": "2022-10-18T12:32:04.000Z",
         "event.code": "VSHD_SYSLOG_CONFIG_I",
         "event.dataset": "cisco.nexus",
         "event.module": "cisco",
@@ -216,7 +205,6 @@
         "rsa.misc.event_source": "VSHD",
         "rsa.misc.severity": "5",
         "rsa.misc.terminal": "pts/0",
-        "rsa.time.event_time": "2022-10-18T12:32:04.000Z",
         "rsa.time.timezone": "Berlin",
         "service.type": "cisco",
         "source.ip": "1.2.3.4",
@@ -227,7 +215,6 @@
         "user.name": "username"
     },
     {
-        "@timestamp": "2022-10-19T13:28:06.000Z",
         "event.code": "IF_DOWN_LINK_FAILURE",
         "event.dataset": "cisco.nexus",
         "event.module": "cisco",
@@ -253,7 +240,6 @@
         "rsa.misc.result": "Link failure",
         "rsa.misc.severity": "5",
         "rsa.network.interface": "Ethernet100/1/29",
-        "rsa.time.event_time": "2022-10-19T13:28:06.000Z",
         "rsa.time.timezone": "Berlin",
         "service.type": "cisco",
         "tags": [
@@ -262,7 +248,6 @@
         ]
     },
     {
-        "@timestamp": "2022-10-19T13:28:08.000Z",
         "event.code": "IF_DOWN_ADMIN_DOWN",
         "event.dataset": "cisco.nexus",
         "event.module": "cisco",
@@ -287,7 +272,6 @@
         "rsa.misc.result": "Administratively down",
         "rsa.misc.severity": "5",
         "rsa.network.interface": "Ethernet100/1/29",
-        "rsa.time.event_time": "2022-10-19T13:28:08.000Z",
         "rsa.time.timezone": "Berlin",
         "service.type": "cisco",
         "tags": [
@@ -296,7 +280,6 @@
         ]
     },
     {
-        "@timestamp": "2022-10-19T13:33:57.000Z",
         "event.code": "IF_ADMIN_UP",
         "event.dataset": "cisco.nexus",
         "event.module": "cisco",
@@ -325,7 +308,6 @@
         "rsa.misc.event_source": "ETHPORT",
         "rsa.misc.severity": "5",
         "rsa.network.interface": "Ethernet100/1/29",
-        "rsa.time.event_time": "2022-10-19T13:33:57.000Z",
         "rsa.time.timezone": "Berlin",
         "service.type": "cisco",
         "tags": [
@@ -334,7 +316,6 @@
         ]
     },
     {
-        "@timestamp": "2022-10-19T13:34:01.000Z",
         "event.code": "SPEED",
         "event.dataset": "cisco.nexus",
         "event.module": "cisco",
@@ -360,7 +341,6 @@
         "rsa.misc.result": "100 Mbps",
         "rsa.misc.severity": "5",
         "rsa.network.interface": "Ethernet100/1/29",
-        "rsa.time.event_time": "2022-10-19T13:34:01.000Z",
         "rsa.time.timezone": "Berlin",
         "service.type": "cisco",
         "tags": [
@@ -369,7 +349,6 @@
         ]
     },
     {
-        "@timestamp": "2022-10-19T13:34:01.000Z",
         "event.code": "IF_DUPLEX",
         "event.dataset": "cisco.nexus",
         "event.module": "cisco",
@@ -395,7 +374,6 @@
         "rsa.misc.result": "Full",
         "rsa.misc.severity": "5",
         "rsa.network.interface": "Ethernet100/1/29",
-        "rsa.time.event_time": "2022-10-19T13:34:01.000Z",
         "rsa.time.timezone": "Berlin",
         "service.type": "cisco",
         "tags": [
@@ -404,7 +382,6 @@
         ]
     },
     {
-        "@timestamp": "2022-10-19T13:34:01.000Z",
         "event.code": "IF_RX_FLOW_CONTROL",
         "event.dataset": "cisco.nexus",
         "event.module": "cisco",
@@ -430,7 +407,6 @@
         "rsa.misc.result": "off",
         "rsa.misc.severity": "5",
         "rsa.network.interface": "Ethernet100/1/29",
-        "rsa.time.event_time": "2022-10-19T13:34:01.000Z",
         "rsa.time.timezone": "Berlin",
         "service.type": "cisco",
         "tags": [
@@ -439,7 +415,6 @@
         ]
     },
     {
-        "@timestamp": "2022-10-19T13:34:01.000Z",
         "event.code": "IF_TX_FLOW_CONTROL",
         "event.dataset": "cisco.nexus",
         "event.module": "cisco",
@@ -465,7 +440,6 @@
         "rsa.misc.result": "on",
         "rsa.misc.severity": "5",
         "rsa.network.interface": "Ethernet100/1/29",
-        "rsa.time.event_time": "2022-10-19T13:34:01.000Z",
         "rsa.time.timezone": "Berlin",
         "service.type": "cisco",
         "tags": [
@@ -474,7 +448,6 @@
         ]
     },
     {
-        "@timestamp": "2022-10-19T13:34:01.000Z",
         "event.code": "IF_UP",
         "event.dataset": "cisco.nexus",
         "event.module": "cisco",
@@ -499,7 +472,6 @@
         "rsa.misc.event_source": "ETHPORT",
         "rsa.misc.severity": "3",
         "rsa.network.sinterface": "Ethernet100/1/29",
-        "rsa.time.event_time": "2022-10-19T13:34:01.000Z",
         "rsa.time.timezone": "Berlin",
         "service.type": "cisco",
         "tags": [