From 5821616e21f0ecee45f8e5445d8d095d9d911164 Mon Sep 17 00:00:00 2001 From: mstopa-splunk Date: Fri, 25 Aug 2023 12:34:46 +0000 Subject: [PATCH 1/2] docs: add missing key in pan_panos --- docs/sources/vendor/PaloaltoNetworks/panos.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/vendor/PaloaltoNetworks/panos.md b/docs/sources/vendor/PaloaltoNetworks/panos.md index 02f29bedef..761a2824d5 100644 --- a/docs/sources/vendor/PaloaltoNetworks/panos.md +++ b/docs/sources/vendor/PaloaltoNetworks/panos.md @@ -25,6 +25,7 @@ | pan:config | None | | pan:hipmatch | None | | pan:correlation | None | +| pan:userid | None | ## Sourcetype and Index Configuration @@ -38,6 +39,7 @@ | pan_panos_config | pan:config | netops | none | | pan_panos_hipmatch | pan:hipmatch | netops | none | | pan_panos_correlation | pan:correlation | netops | none | +| pan_panos_userid | pan:userid | netauth | none | ### Filter type From 76f8a28d4620889af7ce5901d935a12c9da7a046 Mon Sep 17 00:00:00 2001 From: mstopa-splunk Date: Fri, 25 Aug 2023 14:15:38 +0000 Subject: [PATCH 2/2] fix: fix testing app-syslog-arista_eos --- tests/test_arista.py | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/tests/test_arista.py b/tests/test_arista.py index 7af5273d74..5f59185f68 100644 --- a/tests/test_arista.py +++ b/tests/test_arista.py @@ -14,9 +14,19 @@ env = Environment() test_data = [ - "{{ mark }} {{ iso }}Z host Acl: %ACL-6-IPACCESS: list acl-internet Ethernet1 denied tcp xxx.xx.xx.xx(63751) -> xxx.xx.xx.xx(445)", - "{{ mark }} {{ iso }}Z AleL3Agent-primary: %AGENT-6-INITIALIZED: Agent 'AleL3Agent-primary' initialized; pid=XXXX", - "{{ mark }} {{ iso }}Z ProcMgr-worker: %PROCMGR-6-WORKER_WARMSTART: ProcMgr worker warm start. (PID=XXXXX)" + { + + "template": "{{ mark }} {{ iso }}Z host {{ program }}: %ACL-6-IPACCESS: list acl-internet Ethernet1 denied tcp xxx.xx.xx.xx(63751) -> xxx.xx.xx.xx(445)", + "program": "Acl" + }, + { + "template": "{{ mark }} {{ iso }}Z {{ program }}: %AGENT-6-INITIALIZED: Agent 'AleL3Agent-primary' initialized; pid=XXXX", + "program": "AleL3Agent-primary" + }, + { + "template": "{{ mark }} {{ iso }}Z {{ program }}: %PROCMGR-6-WORKER_WARMSTART: ProcMgr worker warm start. (PID=XXXXX)", + "program": "ProcMgr-worker" + } ] @@ -32,15 +42,15 @@ def test_arista_switch(record_property, setup_wordlist, setup_splunk, setup_sc4s iso = dt.isoformat()[0:19] epoch = epoch[:-7] - mt = env.from_string(event + "\n") - message = mt.render(mark="<166>", iso=iso, epoch=epoch) + mt = env.from_string(event["template"] + "\n") + message = mt.render(mark="<166>", iso=iso, epoch=epoch, program=event["program"]) sendsingle(message, setup_sc4s[0], setup_sc4s[1][514]) st = env.from_string( - 'search _time={{ epoch }} index=netops sourcetype="arista:eos" source="arista:eos:acl" "ACL-6-IPACCESS"' + 'search _time={{ epoch }} index=netops sourcetype="arista:eos" source="arista:eos:{{ program }}"' ) - search = st.render(epoch=epoch) + search = st.render(epoch=epoch, program=event["program"].lower()) resultCount, eventCount = splunk_single(setup_splunk, search)