feat: allow for tcp instead of udp for panos

[knechtionscoding]

Signed-off-by: Hans Knecht [email protected]

• Enhancement

What does this PR do?

In order to support cortex datalake from palo alto (which has the same format) as panos TCP is required instead of UDP.
See #13533 for more information
Closes #13533

Why is it important?

Supporting all of palo alto log sources is vital, especially as cortex datalake is part of their cloud offering

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

• [ ]

How to test this PR locally

Create a filebeat.yml with the following:

filebeat.modules:
- module: panw
  panos:
    enabled: true
    var.syslog_host: 0.0.0.0
    var.syslog_port: 6514
    var.syslog_protocol: tcp
    var.syslog_tcp_ssl:
      enabled: true
      certificate: /cool/path.cert
      key: /cool/path.key

and desired output. Tested that tcp is a drop in replacement

Related issues

Use cases

Screenshots

Logs

[cla-checker-service]

💚 CLA has been signed

[mergify]

This pull request does not have a backport label. Could you fix it @knechtionscoding? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v./d./d./d is the label to automatically backport to the 7./d branch. /d is the digit

NOTE: backport-skip has been added to this pull request.

[knechtionscoding]

The only thing I'm not sure of is where to update the default values.

[elasticmachine]

❕ Build Aborted

The PR is not allowed to run in the CI yet

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Reason: The PR is not allowed to run in the CI yet

• Start Time: 2021-11-19T22:12:51.259+0000

• Duration: 5 min 53 sec

• Commit: 04f1c26

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[jamiehynds]

Thanks for the PR @knechtionscoding - we'll review shortly. Worth noting we plan to update all our firewall integrations to get consistently around inputs, supported formats, etc: elastic/integrations#1878

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b feat/panos-tcp-support upstream/feat/panos-tcp-support
git merge upstream/master
git push upstream feat/panos-tcp-support

[botelastic]

Hi!
We just realized that we haven't looked into this PR in a while. We're sorry!

We're labeling this issue as Stale to make it hit our filters and make sure we get back to it in as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!

[botelastic]

Hi!
This PR has been stale for a while and we're going to close it as part of our cleanup procedure.
We appreciate your contribution and would like to apologize if we have not been able to review it, due to the current heavy load of the team.
Feel free to re-open this PR if you think it should stay open and is worth rebasing.
Thank you for your contribution!

[cFire]

This PR would still be very useful. For us, being able to support TLS for log streams is considered a hard requirement in most cases.

[poochwashere]

I came here to state the same. We need to support TCP connections with TLS

[jamiehynds]

Hi @poochwashere. We are about to align the input across all of our firewall integrations, to ensure consistency. TCP + TLS for Palo Alto will be included in this effort. Please follow this issue for updates: elastic/integrations#1878