Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cisco_aironet] Properly parse CLIENT_ORCH_LOG-6-CLIENT_ADDED_TO_RUN_STATE messages #12975

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[cisco_aironet] Properly parse CLIENT_ORCH_LOG-6-CLIENT_ADDED_TO_RUN_STATE messages #12975

wants to merge 2 commits into from
+77 −2

Conversation

mjwolf
Copy link
Contributor

@mjwolf mjwolf commented Mar 5, 2025
edited
Loading

Proposed commit message

Properly parse CLIENT_ORCH_LOG-6-CLIENT_ADDED_TO_RUN_STATE messages in cisco_aironet. The pipeline will now parse out all values from this message type: user name, SSID, and client MAC.

The client MAC will also be reformatted to follow the standard format specified in ECS.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • [ ] I have verified that any added dashboard complies with Kibana's Dashboard good practices

The format of this message was found here: https://bst.cisco.com/quickview/bug/CSCwj11043

@mjwolf
[cisco_aironet] Properly parse CLIENT_ORCH_LOG-6-CLIENT_ADDED_TO_RUN_…
71f3b4f 
…STATE messages

Properly parse CLIENT_ORCH_LOG-6-CLIENT_ADDED_TO_RUN_STATE messages in
cisco_aironet. The messages will now parse out all values from this
message type: user name, SSID, and client MAC.

The client MAC will also be reformatted to follow the standard format
specified in ECS.
@mjwolf mjwolf added Integration:cisco_aironet Cisco Aironet bugfix Pull request that fixes a bug issue Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices] labels Mar 5, 2025
@mjwolf mjwolf requested a review from a team as a code owner March 5, 2025 20:47
@elasticmachine
Copy link

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

@mjwolf mjwolf self-assigned this Mar 5, 2025
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

cc @mjwolf

@tomizius
Copy link

tomizius commented Mar 6, 2025

Please also add the event.action, for example in following log we have the event.action: "joined". This would make sense for analysing what the user is doing.

example event:
<190>238413: Mar 4 10:05:20.109: %CLIENT_ORCH_LOG-6-CLIENT_ADDED_TO_RUN_STATE: Chassis 1 R0/0: wncd: Username entry (t.test) joined with ssid (test) for device with MAC: 7e00.b000.0000

Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@mjwolf mjwolf

Labels
bugfix Pull request that fixes a bug issue Integration:cisco_aironet Cisco Aironet Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mjwolf @elasticmachine @tomizius