Skip to content

System auth log fixes #14456

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

System auth log fixes #14456

wants to merge 5 commits into from
+165 −4

Conversation

Tacklebox
Copy link
Contributor

@Tacklebox Tacklebox commented Jul 8, 2025
edited
Loading

Proposed commit message

This adds a grok pattern and a few replacements to handle previously unmatched fields in some auth log messages.

Checklist

  • I have added an entry to my package's changelog.yml file.

@Tacklebox Tacklebox self-assigned this Jul 8, 2025
@Tacklebox Tacklebox requested a review from a team as a code owner July 8, 2025 17:54
@Tacklebox Tacklebox added the bugfix Pull request that fixes a bug issue label Jul 8, 2025
@Tacklebox Tacklebox requested review from a team as code owners July 8, 2025 17:58
@Tacklebox Tacklebox requested review from belimawr and efd6 July 8, 2025 17:59
nicholasberlin
nicholasberlin reviewed Jul 8, 2025
View reviewed changes
packages/system/data_stream/auth/elasticsearch/ingest_pipeline/log.yml Outdated
target_field: source.address
ignore_missing: true
ignore_failure: true
- rename:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this rename looks like a repeat of line 82's .. intentional? if so, why?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unintentional, thanks!

@andrewkroh andrewkroh added Integration:system System Team:Security-Linux Platform Linux Platform Security team [elastic/sec-linux-platform] labels Jul 8, 2025
@elasticmachine
Copy link

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)

@elasticmachine
Copy link

elasticmachine commented Jul 9, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

History

cc @Tacklebox

nicholasberlin
nicholasberlin approved these changes Jul 9, 2025
View reviewed changes
Copy link
Contributor

@nicholasberlin nicholasberlin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM once CI agrees

belimawr
belimawr reviewed Jul 9, 2025
View reviewed changes
Copy link
Contributor

@belimawr belimawr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Once CI is green, request a re-review and I'll approve it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@belimawr belimawr belimawr left review comments

@nicholasberlin nicholasberlin nicholasberlin approved these changes

@efd6 efd6 Awaiting requested review from efd6

Assignees

@Tacklebox Tacklebox

Labels
bugfix Pull request that fixes a bug issue Integration:system System Team:Security-Linux Platform Linux Platform Security team [elastic/sec-linux-platform]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Tacklebox @elasticmachine @belimawr @nicholasberlin @andrewkroh