Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NUL terminator byte breaks fortinet firewall module #36026

Closed
efd6 opened this issue Jul 10, 2023 · 1 comment · Fixed by #36027
Closed

NUL terminator byte breaks fortinet firewall module #36026

efd6 opened this issue Jul 10, 2023 · 1 comment · Fixed by #36027
Assignees
@efd6

Comments

@efd6
Copy link
Contributor

efd6 commented Jul 10, 2023

When an appliance sends NUL-terminated syslog lines via TCP, we end up with a NUL in the event.original and in the last structured data field as it's rendered into the document. The Fortinet Fortigate integration approaches this by gsubing the NUL away

  - gsub:
      field: syslog5424_sd
      pattern: "\u0000"
      replacement: ""

The same should happen in the filebeat module.
@efd6 efd6 self-assigned this Jul 10, 2023
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@efd6 efd6 mentioned this issue Jul 10, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@efd6 efd6

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

x-pack/filebeat/module/fortinet: remove NUL bytes from log lines efd6/beats
2 participants
@elasticmachine @efd6