Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filebeat Infoblox NIOS module fails to capture client IP field #27271

Closed
adriansr opened this issue Aug 6, 2021 · 2 comments
Closed

Filebeat Infoblox NIOS module fails to capture client IP field #27271

adriansr opened this issue Aug 6, 2021 · 2 comments
Labels
bug Filebeat Filebeat

Comments

@adriansr
Copy link
Contributor

adriansr commented Aug 6, 2021

For confirmed bugs, please report:

  • Version: 7.13.4
  • Operating System: n/a
  • Discuss Forum URL: n/a
  • Steps to Reproduce:

For this original event:

<30>Aug 5 15:15:13 134.184.123.2 named[15183]: queries: client @0x7fd930dbf1f0 10.0.0.25#50045 (example.net): query: example.net IN A + (93.184.216.34)

The raw saddr field captured extra information:

 "rsa.raw.saddr": [
      "@0x7fd930dbf1f0 10.0.0.25"
    ],

This is an RSA2ELK experimental module, which means some of the original RSA patterns should be adjusted to account for this extra field before saddr.
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@jamiehynds
Copy link

Closing as this will be addressed in our new Infoblox integration: elastic/integrations#3129

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Filebeat Filebeat
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@adriansr @elasticmachine @jamiehynds