HEX

Warning: set_time_limit() [function.set-time-limit]: Cannot set time limit - prohibited by configuration in /home/u547966/brikov.ru/www/wp-content/plugins/admin-menu-editor/menu-editor.php on line 745
Server: Apache
System: Linux 4.19.0-0.bpo.9-amd64 x86_64 at red40
User: u547966 (5490)
PHP: 5.3.29-mh2
Disabled: syslog, dl, popen, proc_open, proc_nice, proc_get_status, proc_close, proc_terminate, posix_mkfifo, chown, chgrp, accelerator_reset, opcache_reset, accelerator_get_status, opcache_get_status, pcntl_alarm, pcntl_fork, pcntl_waitpid, pcntl_wait, pcntl_wifexited, pcntl_wifstopped, pcntl_wifsignaled, pcntl_wifcontinued, pcntl_wexitstatus, pcntl_wtermsig, pcntl_wstopsig, pcntl_signal, pcntl_signal_dispatch, pcntl_get_last_error, pcntl_strerror, pcntl_sigprocmask, pcntl_sigwaitinfo, pcntl_sigtimedwait, pcntl_exec, pcntl_getpriority, pcntl_setpriority
$ pwd: /usr/share/filebeat/module/panw/panos/ingest/
Upload Files
File: //usr/share/filebeat/module/panw/panos/ingest/traffic.yml
---
description: Pipeline for PanOS Traffic Logs
processors:
  # Set network.direction using src/dst zone (traffic logs).
  - set:
      field: network.direction
      value: inbound
      if: >
        ctx?._temp_?.external_zones != null &&
        ctx?._temp_?.internal_zones != null &&
        ctx?.observer?.ingress?.zone != null &&
        ctx?.observer?.egress?.zone != null &&
        ctx._temp_.external_zones.contains(ctx.observer.ingress.zone) &&
        ctx._temp_.internal_zones.contains(ctx.observer.egress.zone)
  - set:
      field: network.direction
      value: outbound
      if: >
        ctx?._temp_?.external_zones != null &&
        ctx?._temp_?.internal_zones != null &&
        ctx?.observer?.ingress?.zone != null &&
        ctx?.observer?.egress?.zone != null &&
        ctx._temp_.external_zones.contains(ctx.observer.egress.zone) &&
        ctx._temp_.internal_zones.contains(ctx.observer.ingress.zone)
  - set:
      field: network.direction
      value: internal
      if: >
        ctx?._temp_?.internal_zones != null &&
        ctx?.observer?.ingress?.zone != null &&
        ctx?.observer?.egress?.zone != null &&
        ctx._temp_.internal_zones.contains(ctx.observer.egress.zone) &&
        ctx._temp_.internal_zones.contains(ctx.observer.ingress.zone)
  - set:
      field: network.direction
      value: external
      if: >
        ctx?._temp_?.external_zones != null &&
        ctx?.observer?.ingress?.zone != null &&
        ctx?.observer?.egress?.zone != null &&
        ctx._temp_.external_zones.contains(ctx.observer.egress.zone) &&
        ctx._temp_.external_zones.contains(ctx.observer.ingress.zone)
  - set:
      field: network.direction
      value: unknown
      if: >
        ctx?._temp_?.external_zones != null &&
        ctx?._temp_?.internal_zones != null &&
        (
          (
            !ctx._temp_.external_zones.contains(ctx?.observer?.egress?.zone) &&
            !ctx._temp_.internal_zones.contains(ctx?.observer?.egress?.zone)
          ) ||
          (
            !ctx._temp_.external_zones.contains(ctx?.observer?.ingress?.zone) &&
            !ctx._temp_.internal_zones.contains(ctx?.observer?.ingress?.zone)
          )
        )

  # Set network.type for TRAFFIC.
  - set:
      field: network.type
      value: 'ipv4'
      if: 'ctx?.labels?.ipv6_session == null'
  - set:
      field: network.type
      value: 'ipv6'
      if: 'ctx?.labels?.ipv6_session != null'

  # Set event.category depending on log type.
  - set:
      field: event.kind
      value: event
  - append:
      field: event.category
      allow_duplicates: false
      value:
        - network
on_failure:
  - append:
      field: error.message
      value: >-
        error in Traffic pipeline:
        error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}}
        with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}}
        {{ _ingest.on_failure_message }}
@ Telegram