feat: add support for new sourcetypes of Cisco ESA TA v1.7.0 (#2518)

* feat: add support for new sourcetypes of Cisco ESA v1.7.0 TA * chore: reverting system_logs filter * chore: reverting system_logs filter * chore: Updated new sourcetype filters * chore: add test cases for new source and sourcetypes * fix: remove antivirus testcase * chore: revert testcase changes * feat: Removed Antivirus log --------- Co-authored-by: Tushar Balar <62089106+tbalar-splunk@users.noreply.github.com> Co-authored-by: Meet Usadadiya <musadadiya@splunk.com> Co-authored-by: Tushar Balar <tbalar@splunk.com> Co-authored-by: cwadhwani-splunk <cwadhwani@splunk.com>
splunk · Jul 18, 2024 · cef8125 · cef8125
1 parent 7710cdd
commit cef8125
Show file tree

Hide file tree

Showing 3 changed files with 364 additions and 0 deletions.
diff --git a/package/etc/conf.d/conflib/netsource/app-netsource-cisco_esa.conf b/package/etc/conf.d/conflib/netsource/app-netsource-cisco_esa.conf
@@ -48,6 +48,36 @@ filter f_cisco_esa_antispam {
     or program('sc4s_antispam' type(string) flags(prefix))
 };
 
+filter f_cisco_esa_euq_logs {
+    program('euq_logs' type(string) flags(prefix))
+    or program('sc4s_euq_logs' type(string) flags(prefix))
+};
+
+filter f_cisco_esa_service_logs {
+    program('service_logs' type(string) flags(prefix))
+    or program('sc4s_service_logs' type(string) flags(prefix))
+};
+
+filter f_cisco_esa_reportd_logs {
+    program('reportd_logs' type(string) flags(prefix))
+    or program('sc4s_reportd_logs' type(string) flags(prefix))
+};
+
+filter f_cisco_esa_sntpd_logs {
+    program('sntpd_logs' type(string) flags(prefix))
+    or program('sc4s_sntpd_logs' type(string) flags(prefix))
+};
+
+filter f_cisco_esa_smartlicense {
+    program('smartlicense' type(string) flags(prefix))
+    or program('sc4s_smartlicense' type(string) flags(prefix))
+};
+
+filter f_cisco_esa_updater_logs {
+    program('updater_logs' type(string) flags(prefix))
+    or program('sc4s_updater_logs' type(string) flags(prefix))
+};
+
 filter f_cisco_esa_content_scanner {
     program('content_scanner' type(string) flags(prefix))
     or program('sc4s_content_scanner' type(string) flags(prefix))
@@ -95,6 +125,54 @@ block parser app-netsource-cisco_esa() {
                      sourcetype('cisco:esa:http')
                 );
             };
+        } elif {
+            filter(f_cisco_esa_euq_logs);
+            rewrite {
+                r_set_splunk_dest_update_v2(
+                     source('esa:euq_logs')
+                     sourcetype('cisco:esa:system_logs')
+                );
+            };
+        } elif {
+            filter(f_cisco_esa_service_logs);
+            rewrite {
+                r_set_splunk_dest_update_v2(
+                     source('esa:service_logs')
+                     sourcetype('cisco:esa:system_logs')
+                );
+            };
+        } elif {
+            filter(f_cisco_esa_reportd_logs);
+            rewrite {
+                r_set_splunk_dest_update_v2(
+                     source('esa:reportd_logs')
+                     sourcetype('cisco:esa:system_logs')
+                );
+            };
+        } elif {
+            filter(f_cisco_esa_sntpd_logs);
+            rewrite {
+                r_set_splunk_dest_update_v2(
+                     source('esa:sntpd_logs')
+                     sourcetype('cisco:esa:system_logs')
+                );
+            };
+        } elif {
+            filter(f_cisco_esa_smartlicense);
+            rewrite {
+                r_set_splunk_dest_update_v2(
+                     source('esa:smartlicense')
+                     sourcetype('cisco:esa:system_logs')
+                );
+            };
+        } elif {
+            filter(f_cisco_esa_updater_logs);
+            rewrite {
+                r_set_splunk_dest_update_v2(
+                     source('esa:updater_logs')
+                     sourcetype('cisco:esa:error_logs')
+                );
+            };
         } elif {
             filter(f_cisco_esa_textmail);
             rewrite {

diff --git a/package/lite/etc/addons/cisco/app-netsource-cisco_esa.conf b/package/lite/etc/addons/cisco/app-netsource-cisco_esa.conf
@@ -48,6 +48,36 @@ filter f_cisco_esa_antispam {
     or program('sc4s_antispam' type(string) flags(prefix))
 };
 
+filter f_cisco_esa_euq_logs {
+    program('euq_logs' type(string) flags(prefix))
+    or program('sc4s_euq_logs' type(string) flags(prefix))
+};
+
+filter f_cisco_esa_service_logs {
+    program('service_logs' type(string) flags(prefix))
+    or program('sc4s_service_logs' type(string) flags(prefix))
+};
+
+filter f_cisco_esa_reportd_logs {
+    program('reportd_logs' type(string) flags(prefix))
+    or program('sc4s_reportd_logs' type(string) flags(prefix))
+};
+
+filter f_cisco_esa_sntpd_logs {
+    program('sntpd_logs' type(string) flags(prefix))
+    or program('sc4s_sntpd_logs' type(string) flags(prefix))
+};
+
+filter f_cisco_esa_smartlicense {
+    program('smartlicense' type(string) flags(prefix))
+    or program('sc4s_smartlicense' type(string) flags(prefix))
+};
+
+filter f_cisco_esa_updater_logs {
+    program('updater_logs' type(string) flags(prefix))
+    or program('sc4s_updater_logs' type(string) flags(prefix))
+};
+
 filter f_cisco_esa_content_scanner {
     program('content_scanner' type(string) flags(prefix))
     or program('sc4s_content_scanner' type(string) flags(prefix))
@@ -95,6 +125,54 @@ block parser app-netsource-cisco_esa() {
                      sourcetype('cisco:esa:http')
                 );
             };
+        } elif {
+            filter(f_cisco_esa_euq_logs);
+            rewrite {
+                r_set_splunk_dest_update_v2(
+                     source('esa:euq_logs')
+                     sourcetype('cisco:esa:system_logs')
+                );
+            };
+        } elif {
+            filter(f_cisco_esa_service_logs);
+            rewrite {
+                r_set_splunk_dest_update_v2(
+                     source('esa:service_logs')
+                     sourcetype('cisco:esa:system_logs')
+                );
+            };
+        } elif {
+            filter(f_cisco_esa_reportd_logs);
+            rewrite {
+                r_set_splunk_dest_update_v2(
+                     source('esa:reportd_logs')
+                     sourcetype('cisco:esa:system_logs')
+                );
+            };
+        } elif {
+            filter(f_cisco_esa_sntpd_logs);
+            rewrite {
+                r_set_splunk_dest_update_v2(
+                     source('esa:sntpd_logs')
+                     sourcetype('cisco:esa:system_logs')
+                );
+            };
+        } elif {
+            filter(f_cisco_esa_smartlicense);
+            rewrite {
+                r_set_splunk_dest_update_v2(
+                     source('esa:smartlicense')
+                     sourcetype('cisco:esa:system_logs')
+                );
+            };
+        } elif {
+            filter(f_cisco_esa_updater_logs);
+            rewrite {
+                r_set_splunk_dest_update_v2(
+                     source('esa:updater_logs')
+                     sourcetype('cisco:esa:error_logs')
+                );
+            };
         } elif {
             filter(f_cisco_esa_textmail);
             rewrite {