From 93cca24f38cb472df2eed57cce200a3c86275920 Mon Sep 17 00:00:00 2001 From: Dan Kortschak Date: Wed, 26 Feb 2025 08:27:39 +1030 Subject: [PATCH] imperva_waf: improve config robustness and error reporting * prevent missing trailing slash from causing collection failure * avoid misleading errors resulting from collection failure --- packages/imperva_cloud_waf/changelog.yml | 8 ++++++++ .../data_stream/event/agent/stream/cel.yml.hbs | 8 ++++---- .../event/elasticsearch/ingest_pipeline/default.yml | 4 ++++ packages/imperva_cloud_waf/manifest.yml | 2 +- 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/packages/imperva_cloud_waf/changelog.yml b/packages/imperva_cloud_waf/changelog.yml index b13d3814d54..83a64dfbe03 100644 --- a/packages/imperva_cloud_waf/changelog.yml +++ b/packages/imperva_cloud_waf/changelog.yml @@ -1,4 +1,12 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Prevent absence of trailing slash in base URL from causing data collection failure. + type: enhancement + link: https://github.com/elastic/integrations/pull/12894 + - description: Improve error reporting in collection failure case. + type: enhancement + link: https://github.com/elastic/integrations/pull/12894 - version: "1.6.2" changes: - description: Fix error message formatting syntax in agent configuration. diff --git a/packages/imperva_cloud_waf/data_stream/event/agent/stream/cel.yml.hbs b/packages/imperva_cloud_waf/data_stream/event/agent/stream/cel.yml.hbs index 06fe8c6134e..e85fbfe041b 100644 --- a/packages/imperva_cloud_waf/data_stream/event/agent/stream/cel.yml.hbs +++ b/packages/imperva_cloud_waf/data_stream/event/agent/stream/cel.yml.hbs @@ -25,7 +25,7 @@ program: | has(state.worklist) && size(state.worklist) > 0 ? state : - request("GET", (state.url + "logs.index")).with({ + request("GET", state.url.trim_right("/") + "/logs.index").with({ "Header":{ "Authorization": ["Basic "+string(base64(state.user+":"+state.password))], } @@ -46,7 +46,7 @@ program: | "error": { "code": string(resp.StatusCode), "id": string(resp.Status), - "message": "GET " + state.url + "logs.index: " + ( + "message": "GET " + state.url.trim_right("/") + "/logs.index: " + ( size(resp.Body) != 0 ? string(resp.Body) : @@ -64,7 +64,7 @@ program: | : v.next < size(v.worklist) ? ( request("GET", - state.url+v.worklist[v.next].filename + state.url.trim_right("/") + v.worklist[v.next].filename ).with({ "Header":{ "Authorization": ["Basic "+string(base64(state.user + ":" + state.password))], @@ -98,7 +98,7 @@ program: | "error": { "code": string(resp.StatusCode), "id": string(resp.Status), - "message": "GET " + state.url+v.worklist[v.next].filename + ": " +( + "message": "GET " + state.url.trim_right("/") + v.worklist[v.next].filename + ": " +( size(resp.Body) != 0 ? string(resp.Body) : diff --git a/packages/imperva_cloud_waf/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/imperva_cloud_waf/data_stream/event/elasticsearch/ingest_pipeline/default.yml index 82bfc68592e..e33975ecac8 100644 --- a/packages/imperva_cloud_waf/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/imperva_cloud_waf/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -5,6 +5,10 @@ processors: field: ecs.version tag: set_ecs_version value: 8.11.0 + - fail: + tag: data_collection_error + if: ctx.error?.message != null && ctx.message == null && ctx.event?.original == null + message: error message set and no data to process. - set: field: event.kind tag: set_event_kind_alert diff --git a/packages/imperva_cloud_waf/manifest.yml b/packages/imperva_cloud_waf/manifest.yml index 02e9a8f1a05..b5e8938bd3a 100644 --- a/packages/imperva_cloud_waf/manifest.yml +++ b/packages/imperva_cloud_waf/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.3 name: imperva_cloud_waf title: Imperva Cloud WAF -version: "1.6.2" +version: "1.7.0" description: Collect logs from Imperva Cloud WAF with Elastic Agent. type: integration categories: