Add files via upload

criblpacks · Jul 12, 2022 · 9d252a3 · 9d252a3
1 parent 370f04b
commit 9d252a3
Show file tree

Hide file tree

Showing 8 changed files with 163 additions and 98 deletions.
diff --git a/README.md b/README.md
@@ -44,8 +44,31 @@ _Tying the pipeline to sources_
 3. Repeat steps 1 and 2 for additional syslog sources as needed.
 
 
+## Upgrading Packs
+When upgrading this or any pack, it is recommended to
+* Import the updated pack under a new name that includes the version. Example: `cribl-syslog-input-120`.  This allows you to review and adjust new functionality against currently-deployed configurations.
+* Copy any modified lookup files from the previous version of the pack over to the newly installed version.  (Skip this step if lookups were not modified for your environment.)
+* Review all comments in the new pack, and enable/disable functions as necessary.  You may find it useful to reference previous and new versions of the pack side-by-side.
+* Update routes / pipelines / sources / destinations that use the previous pack to reference the new pack instead
+* Test, test test
+* Commit / Deploy 
+
 ## Release Notes
 
+### Version 1.2.1 - 2022-07-12
+1. Changed catch-all route (used when Source is not syslog) to use passthru pipeline and default destination.
+
+### Version 1.2.0 - 2022-07-11
+1. Resolved an issue where facility or severity were preserved unintentionally when the value is 0
+2. Added an option to perform lookup using Eval function instead of Lookup function
+3. Minor improvements to the order of processing for missing meta fields
+4. Improved comments to indicate which settings are disabled by default
+
+### Version 1.1.4 - 2022-03-30
+1. Added metadata for packs.cribl.io suite
+2. Added sample files for Ubiquiti routers
+3. Updated minimum version of Stream to 3.4.0
+
 ### Version 1.1.0 - 2021-11-18
 1. Increased volume reduction when event contains multiple timestamps, by removing second timestamp
 2. Improved commenting througout

diff --git a/data/lookups/SyslogLookup.csv b/data/lookups/SyslogLookup.csv
@@ -5,3 +5,4 @@ host,index,sourcetype,source,__timezone
 10.23.54.76,f5,f5
 ip-11-7-108-42,linuxhosts,syslog-linux,,EST
 mdonnelly-router,firewall,ubiquiti,
+192.168.2.251,testing,testing,testing,
diff --git a/data/lookups/SyslogLookup.yml b/data/lookups/SyslogLookup.yml
@@ -1,3 +1,3 @@
 size: 383
 description: Look up meta information for syslog senders using hostname or IP.
-rows: 6
+rows: 7
diff --git a/data/samples/bi114R.json b/data/samples/bi114R.json
@@ -0,0 +1 @@
+[{"__criblEventType":"event","__ctrlFields":[],"__final":false,"__cloneCount":0,"message":"foo=bar this=that base=ball gizmo=sprocket","severity":5,"facility":1,"host":"testbox","appname":"mdonnelly","procid":"42","msgid":"1396134","structuredData":"[timeQuality tzKnown=\"1\" isSynced=\"1\" syncAccuracy=\"93066\"]","severityName":"notice","facilityName":"user","_time":1657560871.363,"_raw":"<13>1 2022-07-11T10:34:31.363862-07:00 testbox mdonnelly 42 1396134 [timeQuality tzKnown=\"1\" isSynced=\"1\" syncAccuracy=\"93066\"] foo=bar this=that base=ball gizmo=sprocket","__srcIpPort":"udp|192.168.2.251|60366","__inputId":"syslog:in_syslog:udp"},{"__criblEventType":"event","__ctrlFields":[],"__final":false,"__cloneCount":0,"message":"foo=bar this=that base=ball gizmo=sprocket","severity":5,"facility":1,"host":"testbox","appname":"mdonnelly","procid":"42","severityName":"notice","facilityName":"user","_time":1657560875,"_raw":"<13>Jul 11 10:34:35 testbox mdonnelly[42]: foo=bar this=that base=ball gizmo=sprocket","__srcIpPort":"udp|192.168.2.251|33091","__inputId":"syslog:in_syslog:udp"}]