Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[citrix_adc] - Parse dates more comprehensively #11599

Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
+568 −417
Draft

[citrix_adc] - Parse dates more comprehensively #11599

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
6d6eca6
trim and parse dates in painless
jrmolin Oct 30, 2024
b5a30fd
newline endings
jrmolin Oct 31, 2024
0abaeb7
undo last formatting commit, because automation
jrmolin Oct 31, 2024
75b6b17
passing locally
jrmolin Oct 31, 2024
5c6f464
unknown problems, hail-mary solutions
jrmolin Oct 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions packages/citrix_adc/_dev/deploy/docker/sample_logs/citrix-adc-custom-date.log
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@ Oct 21 14:03:30 <local0.info> 81.2.69.144 21/10/2014:14:03:30 GMT ns1 0-PPE-0 :
<134> 30/09/2024:23:59:59 PRODSYSTEM 0-PPE-0 : default TCP CONN_TERMINATE 28005 0 : Source 192.168.10.10:51799 - Destination 192.168.15.10:443 - Start Time 30/09/2024:23:59:59 - End Time 30/09/2024:23:59:59 - Total_bytes_send 1 - Total_bytes_recv 1
<134> 30/09/2024:23:59:58 PRODSYSTEM 0-PPE-0 : default TCP CONN_TERMINATE 3023 0 : Source 127.0.0.1:80 - Destination 127.0.0.2:38805 - Start Time 30/09/2024:23:59:16 - End Time 30/09/2024:23:59:58 - Total_bytes_send 1 - Total_bytes_recv 1
<134> 30/09/2024:23:59:58 PRODSYSTEM 0-PPE-0 : default TCP CONN_TERMINATE 3020 0 : Source 127.0.0.1:80 - Destination 127.0.0.2:57434 - Start Time 30/09/2024:23:59:11 - End Time 30/09/2024:23:59:58 - Total_bytes_send 1 - Total_bytes_recv 1
Oct 30 13:53:45 <local0.info> 81.2.69.144 30/10/2024:13:53:45 GMT ns1 0-PPE-0 : SSLVPN ICAEND_CONNSTAT 4471 0 : Source 192.168.1.1:53736 - Destination 192.168.65.55:443 - customername - username:domainname anonymous: - startTime "30/10/2024:13:53:42 " - endTime "30/10/2024:13:53:43 " - Duration 00:00:01 - Total_bytes_send 6617 - Total_bytes_recv 1217 - Total_compressedbytes_send 0 - Total_compressedbytes_recv 0 - Compression_ratio_send 0.00% - Compression_ratio_recv 0.00% - connectionId 124282686
2 changes: 1 addition & 1 deletion ...rix_adc/data_stream/interface/_dev/test/pipeline/test-interface-metrics.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,4 +120,4 @@
]
}
]
}
}
2 changes: 1 addition & 1 deletion ...rix_adc/data_stream/lbvserver/_dev/test/pipeline/test-lbvserver-metrics.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -271,4 +271,4 @@
]
}
]
}
}
10 changes: 5 additions & 5 deletions ..._adc/data_stream/log/_dev/test/pipeline/test-citrix-native-with-delink.json-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@
},
"citrix_adc": {
"log": {
"delink_time": "2024-08-10T09:38:41",
"delink_time": "10/08/2024:09:38:41",
"destination": {
"ip": "81.2.69.144",
"port": 80
Expand Down Expand Up @@ -93,7 +93,7 @@
"category": [
"network"
],
"end": "2024-08-10T09:38:41",
"end": "10/08/2024:09:38:41",
"id": "6715345",
"original": "<131> 10/08/2024:09:38:41 SYSLOGHOST 0-PPE-1 : default TCP CONN_DELINK 6715345 0 : Source 127.1.2.1:80 - Vserver 81.2.69.144:80 - NatIP 192.168.10.10:52187 - Destination 81.2.69.144:80 - Delink Time 10/08/2024:09:38:41 - Total_bytes_send 0 - Total_bytes_recv 3118\n",
"severity": 0,
Expand Down Expand Up @@ -192,7 +192,7 @@
},
"citrix_adc": {
"log": {
"delink_time": "2024-08-21T09:38:41",
"delink_time": "21/08/2024:09:38:41",
"destination": {
"ip": "81.2.69.144",
"port": 80
Expand Down Expand Up @@ -226,7 +226,7 @@
"category": [
"network"
],
"end": "2024-08-21T09:38:41",
"end": "21/08/2024:09:38:41",
"id": "6715345",
"original": "<131> 21/08/2024:09:38:41 SYSLOGHOST 0-PPE-1 : default TCP CONN_DELINK 6715345 0 : Source 127.1.2.1:80 - Vserver 81.2.69.144:80 - NatIP 192.168.10.10:52187 - Destination 81.2.69.144:80 - Delink Time 21/08/2024:09:38:41 - Total_bytes_send 0 - Total_bytes_recv 3118\n",
"severity": 0,
Expand Down Expand Up @@ -267,4 +267,4 @@
]
}
]
}
}
10 changes: 5 additions & 5 deletions packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-native.json-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"expected": [
{
"@timestamp": "2024-10-08T09:38:41.000Z",
"@timestamp": "2024-08-10T09:38:41.000Z",
"citrix": {
"cef_format": false,
"default_class": true,
Expand All @@ -15,7 +15,7 @@
},
"citrix_adc": {
"log": {
"delink_time": "2024-10-08T09:38:41.000Z",
"delink_time": "10/08/2024:09:38:41",
"destination": {
"ip": "81.2.69.144",
"port": 80
Expand Down Expand Up @@ -49,7 +49,7 @@
"category": [
"network"
],
"end": "2024-10-08T09:38:41.000Z",
"end": "10/08/2024:09:38:41",
"id": "6715345",
"original": "<131> 10/08/2024:09:38:41 SYSLOGHOST 0-PPE-1 : default TCP CONN_DELINK 6715345 0 : Source 127.1.2.1:80 - Vserver 81.2.69.144:80 - NatIP 192.168.10.10:52187 - Destination 81.2.69.144:80 - Delink Time 10/08/2024:09:38:41 - Total_bytes_send 0 - Total_bytes_recv 3118\n",
"severity": 0,
Expand Down Expand Up @@ -90,7 +90,7 @@
]
},
{
"@timestamp": "2024-10-08T09:38:41.000Z",
"@timestamp": "2024-08-10T09:38:41.000Z",
"citrix": {
"cef_format": false,
"default_class": true,
Expand Down Expand Up @@ -178,4 +178,4 @@
]
}
]
}
}
3 changes: 2 additions & 1 deletion packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-sslvpn-message.log
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
<135> 09/09/2024:14:13:39 PRODSY3VPX01 0-PPE-0 : default SSLVPN Message 30461998 0 : "[Remote ip = 109.117.241.115:5019] {ns_handle_free_resources:13910} freeing sta resource for pcb:{src-ip:port=109.117.241.115:5019} <-> {dst-ip:port=75.60.204.46:443} pcbdevno=0xa14452, user_domain=(, ns_aaa->csg_flags=0x400"
<135> 09/09/2024:14:13:39 PRODSY3VPX01 0-PPE-0 : default SSLVPN Message 30461998 0 : "[Remote ip = 109.117.241.115:5019] {ns_handle_free_resources:13910} freeing sta resource for pcb:{src-ip:port=109.117.241.115:5019} <-> {dst-ip:port=75.60.204.46:443} pcbdevno=0xa14452, user_domain=(, ns_aaa->csg_flags=0x400"
<134> 30/10/2024:13:52:44 PRODSY3VPX01 0-PPE-0 : default SSLVPN HTTPREQUEST 72251252 0 : Context [email protected] - SessionId: 22569 - work.remote.example.com User fbueller : Group(s) N/A : Vserver 192.168.65.54:443 - 30/10/2024:13:52:44 : SSO is ON : GET /Citrix/SY3-STOREWeb/custom/style.css - -
91 changes: 89 additions & 2 deletions ...itrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-sslvpn-message.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
{
"expected": [
{
"@timestamp": "2024-09-09T14:13:39.000Z",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is causing this!?!?!?!?!?

"citrix": {
"cef_format": false,
"default_class": true,
Expand Down Expand Up @@ -42,6 +41,94 @@
"preserve_original_event",
"preserve_duplicate_custom_fields"
]
},
{
"citrix": {
"cef_format": false,
"default_class": true,
"detail": "<134> 30/10/2024:13:52:44 PRODSY3VPX01 0-PPE-0 : default SSLVPN HTTPREQUEST 72251252 0 : Context [email protected] - SessionId: 22569 - work.remote.example.com User fbueller : Group(s) N/A : Vserver 192.168.65.54:443 - 30/10/2024:13:52:44 : SSO is ON : GET /Citrix/SY3-STOREWeb/custom/style.css - -",
"device_event_class_id": "SSLVPN",
"extended": {
"message": "Context [email protected] - SessionId: 22569 - work.remote.example.com User fbueller : Group(s) N/A : Vserver 192.168.65.54:443 - 30/10/2024:13:52:44 : SSO is ON : GET /Citrix/SY3-STOREWeb/custom/style.css - -"
},
"name": "HTTPREQUEST"
},
"citrix_adc": {
"log": {
"client_ip": "1.128.65.1",
"groups": "N/A",
"hostname": "work.remote.example.com",
"message": "Context [email protected] - SessionId: 22569 - work.remote.example.com User fbueller : Group(s) N/A : Vserver 192.168.65.54:443 - 30/10/2024:13:52:44 : SSO is ON : GET /Citrix/SY3-STOREWeb/custom/style.css - -",
"method": "GET",
"request": {
"path": "/Citrix/SY3-STOREWeb/custom/style.css"
},
"session_id": "22569",
"sso_status": "ON",
"timestamp": "30/10/2024:13:52:44",
"user": "fbueller",
"username": "fbueller",
"vserver": {
"ip": "192.168.65.54",
"port": 443
}
}
},
"client": {
"as": {
"number": 1221,
"organization": {
"name": "Telstra Pty Ltd"
}
},
"ip": "1.128.65.1"
},
"ecs": {
"version": "8.11.0"
},
"event": {
"category": [
"authentication"
],
"id": "72251252",
"original": "<134> 30/10/2024:13:52:44 PRODSY3VPX01 0-PPE-0 : default SSLVPN HTTPREQUEST 72251252 0 : Context [email protected] - SessionId: 22569 - work.remote.example.com User fbueller : Group(s) N/A : Vserver 192.168.65.54:443 - 30/10/2024:13:52:44 : SSO is ON : GET /Citrix/SY3-STOREWeb/custom/style.css - -",
"severity": 0,
"timezone": "PRODSY3VPX01",
"type": [
"info"
]
},
"group": {
"name": "N/A"
},
"observer": {
"product": "Netscaler",
"type": "firewall",
"vendor": "Citrix"
},
"related": {
"ip": [
"192.168.65.54",
"1.128.65.1"
],
"user": [
"fbueller"
]
},
"server": {
"ip": "192.168.65.54",
"port": 443
},
"tags": [
"preserve_original_event",
"preserve_duplicate_custom_fields"
],
"url": {
"domain": "work.remote.example.com"
},
"user": {
"name": "fbueller"
}
}
]
}
}
12 changes: 1 addition & 11 deletions packages/citrix_adc/data_stream/log/_dev/test/pipeline/test-citrix-waf-cef.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
{
"expected": [
{
"@timestamp": "2015-06-12T23:37:17.000Z",
"citrix": {
"cef_format": true,
"cef_version": "0",
Expand Down Expand Up @@ -84,7 +83,6 @@
}
},
{
"@timestamp": "2015-06-13T00:21:28.000Z",
"citrix": {
"cef_format": true,
"cef_version": "0",
Expand Down Expand Up @@ -168,7 +166,6 @@
}
},
{
"@timestamp": "2015-06-13T00:25:31.000Z",
"citrix": {
"cef_format": true,
"cef_version": "0",
Expand Down Expand Up @@ -251,7 +248,6 @@
}
},
{
"@timestamp": "2015-06-13T01:11:09.000Z",
"citrix": {
"cef_format": true,
"cef_version": "0",
Expand Down Expand Up @@ -335,7 +331,6 @@
}
},
{
"@timestamp": "2015-06-08T00:21:09.000Z",
"citrix": {
"cef_format": true,
"cef_version": "0",
Expand Down Expand Up @@ -421,7 +416,6 @@
}
},
{
"@timestamp": "2015-06-09T23:50:53.000Z",
"citrix": {
"cef_format": true,
"cef_version": "0",
Expand Down Expand Up @@ -507,7 +501,6 @@
}
},
{
"@timestamp": "2012-12-19T00:38:09.000Z",
"citrix": {
"cef_format": true,
"cef_version": "0",
Expand Down Expand Up @@ -590,7 +583,6 @@
}
},
{
"@timestamp": "2012-12-19T00:38:09.000Z",
"citrix": {
"cef_format": true,
"cef_version": "0",
Expand Down Expand Up @@ -673,7 +665,6 @@
}
},
{
"@timestamp": "2012-12-18T21:46:17.000Z",
"citrix": {
"cef_format": true,
"cef_version": "0",
Expand Down Expand Up @@ -757,7 +748,6 @@
}
},
{
"@timestamp": "2012-12-19T01:07:56.000Z",
"citrix": {
"cef_format": true,
"cef_version": "0",
Expand Down Expand Up @@ -840,4 +830,4 @@
}
}
]
}
}
Loading