[iptables] Add journald input support iptables #2525
Conversation
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
🤖 GitHub commentsTo re-run your PR in the CI, just comment with:
|
| @@ -76,7 +76,7 @@ | |||
| "zone": "lan" | |||
| } | |||
| }, | |||
| "@timestamp": "2021-10-10T07:25:12.000Z", | |||
| "@timestamp": "2022-10-10T07:25:12.000Z", | |||
There was a problem hiding this comment.
We are living in the future. Should the date parser attempt to make the date the last date that matches the log line as an attempt at sanity rather than the date of the current year that matches the log line or is this not a concern?
There was a problem hiding this comment.
FWIW this is the behavior of all the date processor implementations in our stack AFAIK.
There is no shortage of ways things can go wrong when you don't have a year in your timestamps. If you look in the logstash-filter-date repo you'll find some discussion.
- Add journald input support. - Format MAC addresses. - Set event.created. - Remove redundant event.ingested. - Transition from experimental to beta. - Add system test for journald.
| @@ -76,7 +76,7 @@ | |||
| "zone": "lan" | |||
| } | |||
| }, | |||
| "@timestamp": "2021-10-10T07:25:12.000Z", | |||
| "@timestamp": "2022-10-10T07:25:12.000Z", | |||
There was a problem hiding this comment.
FWIW this is the behavior of all the date processor implementations in our stack AFAIK.
There is no shortage of ways things can go wrong when you don't have a year in your timestamps. If you look in the logstash-filter-date repo you'll find some discussion.
What does this PR do?
Checklist
changelog.ymlfile.