From 94d8b5085a3d564de76736778198731c0c5a3205 Mon Sep 17 00:00:00 2001 From: Krishna Chaitanya Reddy Burri Date: Sat, 1 Feb 2025 11:35:24 +0530 Subject: [PATCH] infoblox_nios: Add network.protocol for dns and dhcp pipelines (#12383) * Add network.protocol for dns and dhcp pipelines --- packages/infoblox_nios/changelog.yml | 5 + .../pipeline/test-audit.log-expected.json | 54 +- .../test/pipeline/test-dhcp.log-expected.json | 462 +++++++++++++----- .../test/pipeline/test-dns.log-expected.json | 167 +++++-- .../ingest_pipeline/pipeline_dhcp.yml | 3 + .../ingest_pipeline/pipeline_dns.yml | 3 + packages/infoblox_nios/manifest.yml | 2 +- 7 files changed, 487 insertions(+), 209 deletions(-) diff --git a/packages/infoblox_nios/changelog.yml b/packages/infoblox_nios/changelog.yml index d4e297563b8..a7f10de9531 100644 --- a/packages/infoblox_nios/changelog.yml +++ b/packages/infoblox_nios/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.26.0" + changes: + - description: Add network.protocol for dns and dhcp pipelines. + type: enhancement + link: https://github.com/elastic/integrations/pull/12383 - version: "1.25.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-audit.log-expected.json b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-audit.log-expected.json index d1a1d1e5e9f..be8b61c7896 100644 --- a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-audit.log-expected.json @@ -10,7 +10,7 @@ "category": [ "authentication" ], - "created": "2024-03-21T09:53:51.000Z", + "created": "2025-03-21T09:53:51.000Z", "original": "<29>Mar 21 09:53:51 infoblox.localdomain httpd[]: 2022-03-18 13:24:41.705Z [admin]: Logout - - ip=10.50.0.1 group=admin-group trigger_event=Session\\040Expiration", "type": [ "end" @@ -64,7 +64,7 @@ "category": [ "authentication" ], - "created": "2024-04-13T22:14:36.000Z", + "created": "2025-04-13T22:14:36.000Z", "original": "<141>Apr 13 22:14:36 ns1.infoblox.localdomain 10.50.1.227 httpd: 2022-04-13 16:44:36.850Z [fefdn\\040wdbj]: Login_Denied - - to=AdminConnector ip=10.50.0.1 info=Local apparently_via=GUI", "outcome": "failure" }, @@ -121,7 +121,7 @@ "category": [ "authentication" ], - "created": "2024-03-21T09:53:51.000Z", + "created": "2025-03-21T09:53:51.000Z", "original": "<29>Mar 21 09:53:51 infoblox.localdomain 10.0.0.1 httpd: 2022-03-21 08:53:51.087Z [service_account_test]: Login_Allowed - - to=AdminConnector ip=10.0.0.2 auth=LOCAL group=some-Group apparently_via=API", "outcome": "success", "type": [ @@ -182,7 +182,7 @@ "category": [ "authentication" ], - "created": "2024-03-22T14:26:54.000Z", + "created": "2025-03-22T14:26:54.000Z", "original": "<29>Mar 22 14:26:54 10.0.0.1 httpd: 2011-10-19 19:48:37.299Z [admin]: Login_Allowed - - to=Serial\\040Console apparently_via=Direct auth=Local group=admin-group", "outcome": "success", "type": [ @@ -237,7 +237,7 @@ "category": [ "authentication" ], - "created": "2024-03-22T14:26:54.000Z", + "created": "2025-03-22T14:26:54.000Z", "original": "<29>Mar 22 14:26:54 10.0.0.1 httpd: 2011-10-19 14:02:32.750Z [admin]: Login_Denied - - to=Serial\\040Console apparently_via=Direct error=invalid\\040login\\040or\\040password", "outcome": "failure" }, @@ -285,7 +285,7 @@ }, "event": { "action": "first_login", - "created": "2024-03-22T14:26:54.000Z", + "created": "2025-03-22T14:26:54.000Z", "original": "<29>Mar 22 14:26:54 10.0.0.1 httpd: 2011-10-19 12:43:47.375Z [user]: First_Login - - to=AdminConnector ip=10.0.0.2 auth=LOCAL group=admin-group apparently_via=GUI\\040first\\040login" }, "host": { @@ -335,7 +335,7 @@ }, "event": { "action": "password_reset_error", - "created": "2024-03-22T14:26:54.000Z", + "created": "2025-03-22T14:26:54.000Z", "original": "<29>Mar 22 14:26:54 10.0.0.1 httpd: 2011-10-19 13:07:33.343Z [user]: Password_Reset_Error - - to=AdminConnector auth=LOCALgroup=admin-group apparently_via=GUI" }, "host": { @@ -382,7 +382,7 @@ }, "event": { "action": "modified", - "created": "2024-03-18T13:40:05.000Z", + "created": "2025-03-18T13:40:05.000Z", "original": "<29>Mar 18 13:40:05 10.0.0.1 httpd: 2022-03-21 17:19:02.204Z [admin]: Modified Network 192.168.0.0/24 network_view=default: Changed dhcp_members:[]->[[grid_member=Member:infoblox.localdomain]]" }, "host": { @@ -431,7 +431,7 @@ }, "event": { "action": "created", - "created": "2024-03-18T13:40:05.000Z", + "created": "2025-03-18T13:40:05.000Z", "original": "<29>Mar 18 13:40:05 10.0.0.1 httpd: 2022-03-24 09:37:29.261Z [admin]: Created Network 192.168.0.0/24 network_view=default: Set extensible_attributes=[],address=\"192.168.2.0\",auto_create_reversezone=False,cidr=24,comment=\"\",common_properties=[domain_name_servers=[],routers=[]],dhcp_members=[[grid_member=Member:infoblox.localdomain]],disabled=False,discovery_member=NULL,enable_discovery=False,enable_immediate_discovery=False,network_view=NetworkView:default,use_basic_polling_settings=False,use_member_enable_discovery=False,vlans=[]" }, "host": { @@ -480,7 +480,7 @@ }, "event": { "action": "modified", - "created": "2024-03-18T13:40:05.000Z", + "created": "2025-03-18T13:40:05.000Z", "original": "<29>Mar 18 13:40:05 10.0.0.1 httpd: 2022-03-18 11:46:38.877Z [admin]: Modified MemberDhcp infoblox.localdomain: Changed enable_service:False->True" }, "host": { @@ -529,7 +529,7 @@ }, "event": { "action": "called", - "created": "2024-03-18T13:40:05.000Z", + "created": "2025-03-18T13:40:05.000Z", "original": "<29>Mar 18 13:40:05 10.0.0.1 httpd: 2022-03-29 19:29:20.468Z [admin]: Called - RestartService: Args services=[\"ALL\"],parents=[],force=True,mode=\"GROUPED\"" }, "host": { @@ -577,7 +577,7 @@ }, "event": { "action": "created", - "created": "2024-03-18T13:40:05.000Z", + "created": "2025-03-18T13:40:05.000Z", "original": "<29>Mar 18 13:40:05 10.0.0.1 httpd: 2022-03-29 18:30:58.656Z [admin]: Created Ruleset Block: Set comment=\"\",disabled=True,name=\"Block\",type=\"BLACKLIST\"" }, "host": { @@ -626,7 +626,7 @@ }, "event": { "action": "called", - "created": "2024-03-18T13:40:05.000Z", + "created": "2025-03-18T13:40:05.000Z", "original": "<29>Mar 18 13:40:05 10.0.0.1 httpd: 2022-03-24 09:28:24.476Z [admin]: Called - TransferTrafficCapture message=Download\\040Traffic\\040capture\\040file: Args message=\"Download Traffic capture file\",members=[Member:infoblox.localdomain]" }, "host": { @@ -674,7 +674,7 @@ }, "event": { "action": "created", - "created": "2024-03-21T16:08:08.000Z", + "created": "2025-03-21T16:08:08.000Z", "original": "<29>Mar 21 16:08:08 10.0.0.1 httpd: 2022-03-21 15:08:08.238Z [service_account_test]: Created HostAddress 10.0.0.1 network_view=default: Set address=\"10.0.0.1\",configure_for_dhcp=False,match_option=\"MAC_ADDRESS\",parent=HostRecord:._default.tld.domain.subdomain.hostrecord" }, "host": { @@ -723,7 +723,7 @@ }, "event": { "action": "created", - "created": "2024-03-21T16:08:08.000Z", + "created": "2025-03-21T16:08:08.000Z", "original": "<29>Mar 21 16:08:08 10.0.0.1 httpd: 2022-03-21 15:08:08.239Z [service_account_test]: Created HostRecord somerecord.subdomain.domain.tld DnsView=default alias=somealias.subdomain.domain.tld address=10.0.0.1: Set extensible_attributes=[[name=\"NAC-Policy\",value=\"Host\"]],addresses=[address=\"10.0.0.1\"],aliases=[HostAlias:._default.tld.domain.subdomain.somealias.._default.tld.domain.subdomain.somehostrecord],fqdn=\"somerecord.subdomain.domain.tld\"" }, "host": { @@ -772,7 +772,7 @@ }, "event": { "action": "deleted", - "created": "2024-03-21T16:08:48.000Z", + "created": "2025-03-21T16:08:48.000Z", "original": "<29>Mar 21 16:08:48 10.0.0.1 httpd: 2022-03-21 15:08:48.455Z [service_account_test]: Deleted HostRecord somerecord.subdomain.domain.tld DnsView=default address=10.0.0.0" }, "host": { @@ -821,7 +821,7 @@ }, "event": { "action": "deleted", - "created": "2024-03-22T14:26:54.000Z", + "created": "2025-03-22T14:26:54.000Z", "original": "<29>Mar 22 14:26:54 10.0.0.1 httpd: 2022-03-22 13:26:54.596Z [some_admin_account]: Deleted CaaRecord somecaarecord.domain.tld DnsView=default " }, "host": { @@ -870,7 +870,7 @@ }, "event": { "action": "created", - "created": "2024-03-22T14:26:54.000Z", + "created": "2025-03-22T14:26:54.000Z", "original": "<29>Mar 22 14:26:54 10.0.0.1 httpd: 2022-03-22 13:26:54.596Z [some_admin_account]: Created HostAddress 192.168.0.0 network_view=default: Set address=\"192.168.0.0\",configure_for_dhcp=True,mac_address=\"01:01:01:01:01:01\",match_option=\"MAC_ADDRESS\",network=Network:192.168.0.0/24\\054network_view\\075default,parent=HostRecord:._default.test.test3,reserved_interface=NULL,use_for_ea_inheritance=True" }, "host": { @@ -919,7 +919,7 @@ }, "event": { "action": "modified", - "created": "2024-03-22T14:26:54.000Z", + "created": "2025-03-22T14:26:54.000Z", "original": "<29>Mar 22 14:26:54 10.0.0.1 httpd: 2022-03-22 13:26:54.596Z [some_admin_account]: Modified Network 192.168.0.0/24 network_view=default: Changed dhcp_members:[]->[[grid_member=Member:infoblox.localdomain]]" }, "host": { @@ -968,7 +968,7 @@ }, "event": { "action": "modified", - "created": "2024-03-18T13:40:05.000Z", + "created": "2025-03-18T13:40:05.000Z", "original": "<29>Mar 18 13:40:05 10.0.0.1 httpd: 2022-03-18 12:40:05.241Z [adminuser]: Modified Grid Unibe-DNS-Grid: Changed backup_setting:[password=\"******\",restore_password=\"******\"]->[password=\"******\",restore_password=\"******\"],csp_api_config:[password=\"******\"]->[password=\"******\"],csp_settings:[csp_join_token=\"******\"]->[csp_join_token=\"******\"],download_member_conf:[[interface=\"ANY\",is_online=True,member=\"Member:Grid Master\"]]->[[interface=\"ANY\",is_online=True,member=NULL]],email_setting:[password=\"******\"]->[password=\"******\"],http_proxy_server_setting:NULL->[password=\"******\"],snmp_setting:[snmpv3_queries_users=NULL]->[snmpv3_queries_users=[]],syslog_servers:[[address=\"67.43.156.15\"],[address=\"67.43.156.15\"]]->[[address=\"67.43.156.15\"]]" }, "host": { @@ -1011,12 +1011,12 @@ } }, { - "@timestamp": "2024-03-18T13:40:05.000Z", + "@timestamp": "2025-03-18T13:40:05.000Z", "ecs": { "version": "8.11.0" }, "event": { - "created": "2024-03-18T13:40:05.000Z", + "created": "2025-03-18T13:40:05.000Z", "original": "<29>Mar 18 13:40:05 10.0.0.1 syslog: any random text" }, "host": { @@ -1051,7 +1051,7 @@ }, "event": { "action": "called", - "created": "2024-03-18T13:40:05.000Z", + "created": "2025-03-18T13:40:05.000Z", "original": "<29>Mar 18 13:40:05 10.0.0.1 httpd: 2022-03-29 19:29:20.468Z [admin]: Called - RestartService" }, "host": { @@ -1096,7 +1096,7 @@ }, "event": { "action": "modified", - "created": "2024-03-18T13:40:05.000Z", + "created": "2025-03-18T13:40:05.000Z", "original": "<29>Mar 18 13:40:05 10.0.0.1 httpd: 2022-03-21 17:19:02.204Z [admin]: Modified Network" }, "host": { @@ -1141,7 +1141,7 @@ }, "event": { "action": "created", - "created": "2024-03-18T13:40:05.000Z", + "created": "2025-03-18T13:40:05.000Z", "original": "<29>Mar 18 13:40:05 10.0.0.1 httpd: 2022-03-29 18:30:58.656Z [admin]: Created Ruleset" }, "host": { @@ -1180,12 +1180,12 @@ } }, { - "@timestamp": "2024-08-24T19:50:09.000Z", + "@timestamp": "2025-08-24T19:50:09.000Z", "ecs": { "version": "8.11.0" }, "event": { - "created": "2024-08-24T19:50:09.000Z", + "created": "2025-08-24T19:50:09.000Z", "original": "<46>Aug 24 19:50:09 10.0.0.1 -- MARK --" }, "host": { diff --git a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json index 0d7138753ae..03387c34d23 100644 --- a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json +++ b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2024-04-18T05:02:05.000Z", + "@timestamp": "2025-04-18T05:02:05.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-81-14-6C" @@ -11,7 +11,7 @@ }, "event": { "action": "dhcprequest", - "created": "2024-04-18T05:02:05.000Z", + "created": "2025-04-18T05:02:05.000Z", "original": "<30>Apr 18 05:02:05 10.50.1.227 dhcpd[2301]: DHCPREQUEST for 192.168.0.4 from 00:50:56:81:14:6c via eth3" }, "host": { @@ -31,6 +31,9 @@ } }, "message": "DHCPREQUEST for 192.168.0.4 from 00:50:56:81:14:6c via eth3", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -52,7 +55,7 @@ ] }, { - "@timestamp": "2024-04-18T05:02:05.000Z", + "@timestamp": "2025-04-18T05:02:05.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-81-14-6C" @@ -62,7 +65,7 @@ }, "event": { "action": "dhcprequest", - "created": "2024-04-18T05:02:05.000Z", + "created": "2025-04-18T05:02:05.000Z", "original": "<30>Apr 18 05:02:05 10.50.1.227 dhcpd[2301]: DHCPREQUEST for 192.168.0.4 from 00:50:56:81:14:6c via 192.168.0.2" }, "host": { @@ -87,6 +90,9 @@ } }, "message": "DHCPREQUEST for 192.168.0.4 from 00:50:56:81:14:6c via 192.168.0.2", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 2301 }, @@ -102,7 +108,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "mac": "00-50-56-83-6C-A0" }, @@ -111,7 +117,7 @@ }, "event": { "action": "dhcpdiscover", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[1761]: DHCPDISCOVER from 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 TransID a76ecf84 uid 01:00:50:56:83:6c:a0" }, "host": { @@ -134,6 +140,9 @@ } }, "message": "DHCPDISCOVER from 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 TransID a76ecf84 uid 01:00:50:56:83:6c:a0", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -155,7 +164,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "mac": "00-50-56-83-6C-A0" }, @@ -164,7 +173,7 @@ }, "event": { "action": "dhcpdiscover", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain 10.0.0.1 dhcpd[7024]: DHCPDISCOVER from 00:50:56:83:6c:a0 via eth3 TransID b5e92c59 uid 01:00:50:56:83:6c:a0" }, "host": { @@ -189,6 +198,9 @@ } }, "message": "DHCPDISCOVER from 00:50:56:83:6c:a0 via eth3 TransID b5e92c59 uid 01:00:50:56:83:6c:a0", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -212,7 +224,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "mac": "00-50-56-83-D0-F6" }, @@ -221,7 +233,7 @@ }, "event": { "action": "dhcpdiscover", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 10.0.0.1 dhcpd[2750]: DHCPDISCOVER from 00:50:56:83:d0:f6 via eth1 TransID 6214ab45: network 10.50.0.0/20: no free leases" }, "host": { @@ -248,6 +260,9 @@ } }, "message": "DHCPDISCOVER from 00:50:56:83:d0:f6 via eth1 TransID 6214ab45: network 10.50.0.0/20: no free leases", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -268,7 +283,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "mac": "00-50-56-83-6C-A0" }, @@ -277,7 +292,7 @@ }, "event": { "action": "dhcpdiscover", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[21114]: DHCPDISCOVER from 00:50:56:83:6c:a0 via eth3 TransID 748f30ab" }, "host": { @@ -298,6 +313,9 @@ } }, "message": "DHCPDISCOVER from 00:50:56:83:6c:a0 via eth3 TransID 748f30ab", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -318,7 +336,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "mac": "00-00-00-00-00-00" }, @@ -327,7 +345,7 @@ }, "event": { "action": "dhcpdiscover", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox_localdomain.com dhcpd[29258]: DHCPDISCOVER from 00:00:00:00:00:00 (h000000000000) via 192.168.0.2 TransID 01000000" }, "host": { @@ -352,6 +370,9 @@ } }, "message": "DHCPDISCOVER from 00:00:00:00:00:00 (h000000000000) via 192.168.0.2 TransID 01000000", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 29258 }, @@ -369,7 +390,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-6C-A0" @@ -379,7 +400,7 @@ }, "event": { "action": "dhcpoffer", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[2567]: DHCPOFFER on 192.168.0.4 to 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 relay eth3 lease-duration 119 offered-duration 1800 uid 01:00:50:56:83:6c:a0" }, "host": { @@ -412,6 +433,9 @@ } }, "message": "DHCPOFFER on 192.168.0.4 to 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 relay eth3 lease-duration 119 offered-duration 1800 uid 01:00:50:56:83:6c:a0", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -436,7 +460,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-6C-A0" @@ -446,7 +470,7 @@ }, "event": { "action": "dhcpoffer", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[21114]: DHCPOFFER on 192.168.0.4 to 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 relay eth3 lease-duration 120 offered-duration 1800" }, "host": { @@ -478,6 +502,9 @@ } }, "message": "DHCPOFFER on 192.168.0.4 to 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 relay eth3 lease-duration 120 offered-duration 1800", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -502,7 +529,7 @@ ] }, { - "@timestamp": "2024-03-31T15:30:05.000Z", + "@timestamp": "2025-03-31T15:30:05.000Z", "client": { "ip": "192.168.0.4", "mac": "26-9A-76-87-8A-06" @@ -512,7 +539,7 @@ }, "event": { "action": "dhcpoffer", - "created": "2024-03-31T15:30:05.000Z", + "created": "2025-03-31T15:30:05.000Z", "original": "<30>Mar 31 15:30:05 10.0.0.1 dhcpd[15752]: DHCPOFFER on 192.168.0.4 to 26:9a:76:87:8a:06 via eth2 relay 192.168.0.3 lease-duration 1795 uid 01:26:9a:76:87:8a:06" }, "host": { @@ -543,6 +570,9 @@ } }, "message": "DHCPOFFER on 192.168.0.4 to 26:9a:76:87:8a:06 via eth2 relay 192.168.0.3 lease-duration 1795 uid 01:26:9a:76:87:8a:06", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -565,7 +595,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-00-00-00-00-00" @@ -575,7 +605,7 @@ }, "event": { "action": "dhcpoffer", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox_localdomain.com dhcpd[29258]: DHCPOFFER on 192.168.0.4 to 00:00:00:00:00:00 via eth1 relay 192.168.0.3 lease-duration 43137 offered-duration 43200" }, "host": { @@ -606,6 +636,9 @@ } }, "message": "DHCPOFFER on 192.168.0.4 to 00:00:00:00:00:00 via eth1 relay 192.168.0.3 lease-duration 43137 offered-duration 43200", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -630,7 +663,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "CC-BB-CC-DD-EE-FF" @@ -640,7 +673,7 @@ }, "event": { "action": "dhcpoffer", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[6939]: DHCPOFFER on 192.168.0.4 to cc:bb:cc:dd:ee:ff via eth1 relay 192.168.0.3 lease-duration 120" }, "host": { @@ -668,6 +701,9 @@ } }, "message": "DHCPOFFER on 192.168.0.4 to cc:bb:cc:dd:ee:ff via eth1 relay 192.168.0.3 lease-duration 120", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -692,7 +728,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-6C-A0" @@ -702,7 +738,7 @@ }, "event": { "action": "dhcprequest", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[2567]: DHCPREQUEST for 192.168.0.4 (192.168.0.1) from 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 TransID 54737448 uid 01:00:50:56:83:6c:a0 (RENEW)" }, "host": { @@ -731,6 +767,9 @@ } }, "message": "DHCPREQUEST for 192.168.0.4 (192.168.0.1) from 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 TransID 54737448 uid 01:00:50:56:83:6c:a0 (RENEW)", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -756,7 +795,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-6C-A0" @@ -766,7 +805,7 @@ }, "event": { "action": "dhcprequest", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[2567]: DHCPREQUEST for 192.168.0.4 (192.168.0.1) from 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 TransID 8767dc3c uid 01:00:50:56:83:6c:a0" }, "host": { @@ -792,6 +831,9 @@ } }, "message": "DHCPREQUEST for 192.168.0.4 (192.168.0.1) from 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 TransID 8767dc3c uid 01:00:50:56:83:6c:a0", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -817,7 +859,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-6C-A0" @@ -827,7 +869,7 @@ }, "event": { "action": "dhcprequest", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[4495]: DHCPREQUEST for 192.168.0.4 from 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 TransID 54ade258 uid 01:00:50:56:83:6c:a0 (RENEW)" }, "host": { @@ -853,6 +895,9 @@ } }, "message": "DHCPREQUEST for 192.168.0.4 from 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 TransID 54ade258 uid 01:00:50:56:83:6c:a0 (RENEW)", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -877,7 +922,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-6C-A0" @@ -887,7 +932,7 @@ }, "event": { "action": "dhcprequest", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[4495]: DHCPREQUEST for 192.168.0.4 from 00:50:56:83:6c:a0 via eth3 TransID a18a70a0 uid 01:00:50:56:83:6c:a0" }, "host": { @@ -909,6 +954,9 @@ } }, "message": "DHCPREQUEST for 192.168.0.4 from 00:50:56:83:6c:a0 via eth3 TransID a18a70a0 uid 01:00:50:56:83:6c:a0", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -932,7 +980,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-D3-83" @@ -942,7 +990,7 @@ }, "event": { "action": "dhcprequest", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[25637]: DHCPREQUEST for 192.168.0.4 (192.168.0.1) from 00:50:56:83:d3:83 via eth1 TransID 3ca1e0b7: unknown lease 192.168.0.4." }, "host": { @@ -969,6 +1017,9 @@ } }, "message": "DHCPREQUEST for 192.168.0.4 (192.168.0.1) from 00:50:56:83:d3:83 via eth1 TransID 3ca1e0b7: unknown lease 192.168.0.4.", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -993,7 +1044,7 @@ ] }, { - "@timestamp": "2024-04-06T10:13:31.000Z", + "@timestamp": "2025-04-06T10:13:31.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-6C-A0" @@ -1003,7 +1054,7 @@ }, "event": { "action": "dhcprequest", - "created": "2024-04-06T10:13:31.000Z", + "created": "2025-04-06T10:13:31.000Z", "original": "<30>Apr 6 10:13:31 infoblox.localdomain dhcpd[22730]: DHCPREQUEST for 192.168.0.4 from 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 TransID 542900fa uid 01:00:50:56:83:6c:a0: database update failed" }, "host": { @@ -1029,6 +1080,9 @@ } }, "message": "DHCPREQUEST for 192.168.0.4 from 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 TransID 542900fa uid 01:00:50:56:83:6c:a0: database update failed", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -1053,7 +1107,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-6C-A0" @@ -1063,7 +1117,7 @@ }, "event": { "action": "dhcprequest", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[21114]: DHCPREQUEST for 192.168.0.4 (192.168.0.1) from 00:50:56:83:6c:a0 via eth3 TransID 748f30ab" }, "host": { @@ -1087,6 +1141,9 @@ } }, "message": "DHCPREQUEST for 192.168.0.4 (192.168.0.1) from 00:50:56:83:6c:a0 via eth3 TransID 748f30ab", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -1111,7 +1168,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-96-03" @@ -1121,7 +1178,7 @@ }, "event": { "action": "dhcprequest", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[30827]: DHCPREQUEST for 192.168.0.4 from 00:50:56:83:96:03 via eth1 TransID 9cf7c9e9: ignored (not authoritative)." }, "host": { @@ -1145,6 +1202,9 @@ } }, "message": "DHCPREQUEST for 192.168.0.4 from 00:50:56:83:96:03 via eth1 TransID 9cf7c9e9: ignored (not authoritative).", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -1168,7 +1228,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-6C-A0" @@ -1178,7 +1238,7 @@ }, "event": { "action": "dhcprequest", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[21114]: DHCPREQUEST for 192.168.0.4 from 00:50:56:83:6c:a0 via eth3 TransID 2d422d0c" }, "host": { @@ -1199,6 +1259,9 @@ } }, "message": "DHCPREQUEST for 192.168.0.4 from 00:50:56:83:6c:a0 via eth3 TransID 2d422d0c", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -1222,7 +1285,7 @@ ] }, { - "@timestamp": "2024-03-31T15:30:06.000Z", + "@timestamp": "2025-03-31T15:30:06.000Z", "client": { "ip": "192.168.0.4", "mac": "9A-DF-6E-F6-1F-23" @@ -1232,7 +1295,7 @@ }, "event": { "action": "dhcprequest", - "created": "2024-03-31T15:30:06.000Z", + "created": "2025-03-31T15:30:06.000Z", "original": "<30>Mar 31 15:30:06 10.0.0.1 dhcpd[15752]: DHCPREQUEST for 192.168.0.4 from 9a:df:6e:f6:1f:23 via 172.26.0.1 TransID 15ca711f uid 01:9a:df:6e:f6:1f:23 (RENEW)" }, "host": { @@ -1262,6 +1325,9 @@ } }, "message": "DHCPREQUEST for 192.168.0.4 from 9a:df:6e:f6:1f:23 via 172.26.0.1 TransID 15ca711f uid 01:9a:df:6e:f6:1f:23 (RENEW)", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 15752 }, @@ -1277,7 +1343,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-00-00-00-00-00" @@ -1287,7 +1353,7 @@ }, "event": { "action": "dhcprequest", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox_localdomain.com dhcpd[29258]: DHCPREQUEST for 192.168.0.4 (192.168.0.1) from 00:00:00:00:00:00 via 192.168.0.3 TransID 01000000 (RENEW)" }, "host": { @@ -1317,6 +1383,9 @@ } }, "message": "DHCPREQUEST for 192.168.0.4 (192.168.0.1) from 00:00:00:00:00:00 via 192.168.0.3 TransID 01000000 (RENEW)", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 29258 }, @@ -1335,7 +1404,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-6C-A0" @@ -1345,7 +1414,7 @@ }, "event": { "action": "dhcpack", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[17530]: DHCPACK on 192.168.0.4 to 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 relay eth3 lease-duration 1800 (RENEW) uid 01:00:50:56:83:6c:a0" }, "host": { @@ -1376,6 +1445,9 @@ } }, "message": "DHCPACK on 192.168.0.4 to 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 relay eth3 lease-duration 1800 (RENEW) uid 01:00:50:56:83:6c:a0", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -1400,7 +1472,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-6C-A0" @@ -1410,7 +1482,7 @@ }, "event": { "action": "dhcpack", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[2567]: DHCPACK on 192.168.0.4 to 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 relay eth3 lease-duration 1800 uid 01:00:50:56:83:6c:a0" }, "host": { @@ -1440,6 +1512,9 @@ } }, "message": "DHCPACK on 192.168.0.4 to 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 relay eth3 lease-duration 1800 uid 01:00:50:56:83:6c:a0", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -1464,7 +1539,7 @@ ] }, { - "@timestamp": "2024-07-12T15:07:57.000Z", + "@timestamp": "2025-07-12T15:07:57.000Z", "client": { "as": { "number": 35908 @@ -1486,7 +1561,7 @@ }, "event": { "action": "dhcpoffer", - "created": "2024-07-12T15:07:57.000Z", + "created": "2025-07-12T15:07:57.000Z", "original": "<30>Jul 12 15:07:57 67.43.156.0 dhcpd[8061]: DHCPOFFER on 67.43.156.0 to 9a:df:6e:f6:1f:23 via eth2 relay 67.43.156.0 lease-duration 40977 offered-duration 43200 uid 01:9a:df:6e:f6:1f:23" }, "host": { @@ -1520,6 +1595,9 @@ } }, "message": "DHCPOFFER on 67.43.156.0 to 9a:df:6e:f6:1f:23 via eth2 relay 67.43.156.0 lease-duration 40977 offered-duration 43200 uid 01:9a:df:6e:f6:1f:23", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -1540,7 +1618,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-6C-A0" @@ -1550,7 +1628,7 @@ }, "event": { "action": "dhcpack", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[21114]: DHCPACK on 192.168.0.4 to 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 relay eth3 lease-duration 1800" }, "host": { @@ -1579,6 +1657,9 @@ } }, "message": "DHCPACK on 192.168.0.4 to 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 relay eth3 lease-duration 1800", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -1603,7 +1684,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "9A-DF-6E-F6-1F-23" @@ -1613,7 +1694,7 @@ }, "event": { "action": "dhcpack", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 10.0.0.1 dhcpd[15752]: DHCPACK on 192.168.0.4 to 9a:df:6e:f6:1f:23 via eth2 relay 192.168.0.3 lease-duration 7257600 (RENEW) uid 01:9a:df:6e:f6:1f:23" }, "host": { @@ -1645,6 +1726,9 @@ } }, "message": "DHCPACK on 192.168.0.4 to 9a:df:6e:f6:1f:23 via eth2 relay 192.168.0.3 lease-duration 7257600 (RENEW) uid 01:9a:df:6e:f6:1f:23", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -1667,7 +1751,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-00-00-00-00-00" @@ -1677,7 +1761,7 @@ }, "event": { "action": "dhcpack", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox_localdomain.com dhcpd[29258]: DHCPACK on 192.168.0.4 to 00:00:00:00:00:00 (h000000000000) via eth1 relay 192.168.0.3 lease-duration 43200 (RENEW)" }, "host": { @@ -1707,6 +1791,9 @@ } }, "message": "DHCPACK on 192.168.0.4 to 00:00:00:00:00:00 (h000000000000) via eth1 relay 192.168.0.3 lease-duration 43200 (RENEW)", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -1732,7 +1819,7 @@ ] }, { - "@timestamp": "2024-07-12T15:10:48.000Z", + "@timestamp": "2025-07-12T15:10:48.000Z", "client": { "as": { "number": 35908 @@ -1754,7 +1841,7 @@ }, "event": { "action": "dhcpack", - "created": "2024-07-12T15:10:48.000Z", + "created": "2025-07-12T15:10:48.000Z", "original": "<30>Jul 12 15:10:48 67.43.156.0 dhcpd[13468]: DHCPACK on 67.43.156.0 to 9a:df:6e:f6:1f:23 via eth2 relay 67.43.156.0 lease-duration 7257600 (RENEW)" }, "host": { @@ -1785,6 +1872,9 @@ } }, "message": "DHCPACK on 67.43.156.0 to 9a:df:6e:f6:1f:23 via eth2 relay 67.43.156.0 lease-duration 7257600 (RENEW)", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -1805,7 +1895,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "CC-BB-CC-DD-EE-FF" @@ -1815,7 +1905,7 @@ }, "event": { "action": "dhcpack", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[6939]: DHCPACK on 192.168.0.4 to cc:bb:cc:dd:ee:ff via eth1 relay 192.168.0.3 lease-duration 43200" }, "host": { @@ -1843,6 +1933,9 @@ } }, "message": "DHCPACK on 192.168.0.4 to cc:bb:cc:dd:ee:ff via eth1 relay 192.168.0.3 lease-duration 43200", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -1867,7 +1960,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-6C-A0" @@ -1877,7 +1970,7 @@ }, "event": { "action": "dhcprelease", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[1761]: DHCPRELEASE of 192.168.0.4 from 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 (found) TransID 0286f3d0 uid 01:00:50:56:83:6c:a0" }, "host": { @@ -1903,6 +1996,9 @@ } }, "message": "DHCPRELEASE of 192.168.0.4 from 00:50:56:83:6c:a0 (DESKTOP-ABCD) via eth3 (found) TransID 0286f3d0 uid 01:00:50:56:83:6c:a0", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -1927,7 +2023,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-6C-A0" @@ -1937,7 +2033,7 @@ }, "event": { "action": "dhcprelease", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[21114]: DHCPRELEASE of 192.168.0.4 from 00:50:56:83:6c:a0 via eth3 (not found) TransID 665fd9f1" }, "host": { @@ -1961,6 +2057,9 @@ } }, "message": "DHCPRELEASE of 192.168.0.4 from 00:50:56:83:6c:a0 via eth3 (not found) TransID 665fd9f1", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -1984,7 +2083,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-6C-A0" @@ -1994,7 +2093,7 @@ }, "event": { "action": "dhcpexpire", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[20397]: DHCPEXPIRE on 192.168.0.4 to 00:50:56:83:6c:a0" }, "host": { @@ -2012,6 +2111,9 @@ } }, "message": "DHCPEXPIRE on 192.168.0.4 to 00:50:56:83:6c:a0", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 20397 }, @@ -2028,7 +2130,7 @@ ] }, { - "@timestamp": "2024-03-18T13:35:15.000Z", + "@timestamp": "2025-03-18T13:35:15.000Z", "client": { "ip": "192.168.0.4" }, @@ -2037,7 +2139,7 @@ }, "event": { "action": "dhcpinform", - "created": "2024-03-18T13:35:15.000Z", + "created": "2025-03-18T13:35:15.000Z", "original": "<30>Mar 18 13:35:15 10.0.0.1 dhcpd[18078]: DHCPINFORM from 192.168.0.4 via 192.168.0.2 TransID 5713b740" }, "host": { @@ -2063,6 +2165,9 @@ } }, "message": "DHCPINFORM from 192.168.0.4 via 192.168.0.2 TransID 5713b740", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 18078 }, @@ -2078,7 +2183,7 @@ ] }, { - "@timestamp": "2024-03-18T13:35:15.000Z", + "@timestamp": "2025-03-18T13:35:15.000Z", "client": { "ip": "192.168.0.4" }, @@ -2087,7 +2192,7 @@ }, "event": { "action": "dhcpinform", - "created": "2024-03-18T13:35:15.000Z", + "created": "2025-03-18T13:35:15.000Z", "original": "<30>Mar 18 13:35:15 10.0.0.1 dhcpd[18078]: DHCPINFORM from 192.168.0.4 via eth2 TransID 5713b740" }, "host": { @@ -2110,6 +2215,9 @@ } }, "message": "DHCPINFORM from 192.168.0.4 via eth2 TransID 5713b740", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -2131,7 +2239,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4" }, @@ -2140,7 +2248,7 @@ }, "event": { "action": "dhcpinform", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[6939]: DHCPINFORM from 192.168.0.4 via 192.168.0.2 TransID 78563412: not authoritative for subnet 10.0.0.0" }, "host": { @@ -2167,6 +2275,9 @@ } }, "message": "DHCPINFORM from 192.168.0.4 via 192.168.0.2 TransID 78563412: not authoritative for subnet 10.0.0.0", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 6939 }, @@ -2184,7 +2295,7 @@ ] }, { - "@timestamp": "2024-03-18T11:44:52.000Z", + "@timestamp": "2025-03-18T11:44:52.000Z", "client": { "ip": "192.168.0.4", "mac": "34-29-8F-71-B8-99" @@ -2194,7 +2305,7 @@ }, "event": { "action": "dhcpdecline", - "created": "2024-03-18T11:44:52.000Z", + "created": "2025-03-18T11:44:52.000Z", "original": "<30>Mar 18 11:44:52 10.0.0.1 dhcpd[32243]: DHCPDECLINE of 192.168.0.4 from 34:29:8f:71:b8:99 via 10.10.4.1 TransID 00000000: not found" }, "host": { @@ -2223,6 +2334,9 @@ } }, "message": "DHCPDECLINE of 192.168.0.4 from 34:29:8f:71:b8:99 via 10.10.4.1 TransID 00000000: not found", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 32243 }, @@ -2238,7 +2352,7 @@ ] }, { - "@timestamp": "2024-03-07T08:32:59.000Z", + "@timestamp": "2025-03-07T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "00-C0-DD-07-18-E2" @@ -2248,7 +2362,7 @@ }, "event": { "action": "dhcpdecline", - "created": "2024-03-07T08:32:59.000Z", + "created": "2025-03-07T08:32:59.000Z", "original": "<30>Mar 7 08:32:59 infoblox.localdomain dhcpd[20397]: DHCPDECLINE of 192.168.0.4 from 00:c0:dd:07:18:e2 via 192.168.0.2: abandoned\\n" }, "host": { @@ -2274,6 +2388,9 @@ } }, "message": "DHCPDECLINE of 192.168.0.4 from 00:c0:dd:07:18:e2 via 192.168.0.2: abandoned\\n", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 20397 }, @@ -2291,7 +2408,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4", "mac": "F4-30-B9-17-AB-0E" @@ -2301,7 +2418,7 @@ }, "event": { "action": "dhcpnak", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[20397]: DHCPNAK on 192.168.0.4 to f4:30:b9:17:ab:0e via 192.168.0.2" }, "host": { @@ -2324,6 +2441,9 @@ } }, "message": "DHCPNAK on 192.168.0.4 to f4:30:b9:17:ab:0e via 192.168.0.2", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 20397 }, @@ -2341,7 +2461,7 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "client": { "ip": "192.168.0.4" }, @@ -2350,7 +2470,7 @@ }, "event": { "action": "dhcpleasequery", - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[6939]: DHCPLEASEQUERY from 192.168.0.4: LEASEQUERY not allowed, query ignored" }, "host": { @@ -2373,6 +2493,9 @@ } }, "message": "DHCPLEASEQUERY from 192.168.0.4: LEASEQUERY not allowed, query ignored", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 6939 }, @@ -2389,12 +2512,12 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "ecs": { "version": "8.11.0" }, "event": { - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[1761]: DHCPDISCOVER some text" }, "host": { @@ -2415,6 +2538,9 @@ } }, "message": "DHCPDISCOVER some text", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 1761 }, @@ -2428,12 +2554,12 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "ecs": { "version": "8.11.0" }, "event": { - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[1761]: DHCPOFFER some text" }, "host": { @@ -2454,6 +2580,9 @@ } }, "message": "DHCPOFFER some text", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 1761 }, @@ -2467,12 +2596,12 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "ecs": { "version": "8.11.0" }, "event": { - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[1761]: DHCPREQUEST some text" }, "host": { @@ -2493,6 +2622,9 @@ } }, "message": "DHCPREQUEST some text", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 1761 }, @@ -2506,12 +2638,12 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "ecs": { "version": "8.11.0" }, "event": { - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[1761]: DHCPACK some text" }, "host": { @@ -2532,6 +2664,9 @@ } }, "message": "DHCPACK some text", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 1761 }, @@ -2545,12 +2680,12 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "ecs": { "version": "8.11.0" }, "event": { - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[1761]: DHCPRELEASE some text" }, "host": { @@ -2571,6 +2706,9 @@ } }, "message": "DHCPRELEASE some text", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 1761 }, @@ -2584,12 +2722,12 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "ecs": { "version": "8.11.0" }, "event": { - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[1761]: DHCPEXPIRE some text" }, "host": { @@ -2610,6 +2748,9 @@ } }, "message": "DHCPEXPIRE some text", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 1761 }, @@ -2623,12 +2764,12 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "ecs": { "version": "8.11.0" }, "event": { - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[1761]: DHCPINFORM some text" }, "host": { @@ -2649,6 +2790,9 @@ } }, "message": "DHCPINFORM some text", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 1761 }, @@ -2662,12 +2806,12 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "ecs": { "version": "8.11.0" }, "event": { - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[1761]: DHCPDECLINE some text" }, "host": { @@ -2688,6 +2832,9 @@ } }, "message": "DHCPDECLINE some text", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 1761 }, @@ -2701,12 +2848,12 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "ecs": { "version": "8.11.0" }, "event": { - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[1761]: DHCPNAK some text" }, "host": { @@ -2727,6 +2874,9 @@ } }, "message": "DHCPNAK some text", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 1761 }, @@ -2740,12 +2890,12 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "ecs": { "version": "8.11.0" }, "event": { - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[1761]: DHCPLEASEQUERY some text" }, "host": { @@ -2766,6 +2916,9 @@ } }, "message": "DHCPLEASEQUERY some text", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 1761 }, @@ -2779,12 +2932,12 @@ ] }, { - "@timestamp": "2024-03-27T08:32:59.000Z", + "@timestamp": "2025-03-27T08:32:59.000Z", "ecs": { "version": "8.11.0" }, "event": { - "created": "2024-03-27T08:32:59.000Z", + "created": "2025-03-27T08:32:59.000Z", "original": "<30>Mar 27 08:32:59 infoblox.localdomain dhcpd[1761]: some text" }, "host": { @@ -2805,6 +2958,9 @@ } }, "message": "some text", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 1761 }, @@ -2818,7 +2974,7 @@ ] }, { - "@timestamp": "2024-07-12T15:55:55.000Z", + "@timestamp": "2025-07-12T15:55:55.000Z", "client": { "geo": { "continent_name": "Europe", @@ -2837,7 +2993,7 @@ }, "event": { "action": "encapsulated solicit", - "created": "2024-07-12T15:55:55.000Z", + "created": "2025-07-12T15:55:55.000Z", "original": "<30>Jul 12 15:55:55 67.43.156.0 dhcpdv6[12271]: Encapsulated Solicit message from 2a02:cf40:: port 547 from client DUID 01:9a:df:6e:f6:1f:23:01:9a:df:6e:f6:1f:23, transaction ID 0x698AD400" }, "host": { @@ -2861,6 +3017,9 @@ } }, "message": "Encapsulated Solicit message from 2a02:cf40:: port 547 from client DUID 01:9a:df:6e:f6:1f:23:01:9a:df:6e:f6:1f:23, transaction ID 0x698AD400", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 12271 }, @@ -2875,7 +3034,7 @@ ] }, { - "@timestamp": "2024-07-12T15:55:55.000Z", + "@timestamp": "2025-07-12T15:55:55.000Z", "client": { "geo": { "continent_name": "Europe", @@ -2893,7 +3052,7 @@ }, "event": { "action": "advertise na", - "created": "2024-07-12T15:55:55.000Z", + "created": "2025-07-12T15:55:55.000Z", "original": "<30>Jul 12 15:55:55 67.43.156.0 dhcpdv6[12271]: Advertise NA: address 2a02:cf40:: to client with duid 01:9a:df:6e:f6:1f:23:01:9a:df:6e:f6:1f:23 iaid = -1620146908 valid for 43200 seconds" }, "host": { @@ -2918,6 +3077,9 @@ } }, "message": "Advertise NA: address 2a02:cf40:: to client with duid 01:9a:df:6e:f6:1f:23:01:9a:df:6e:f6:1f:23 iaid = -1620146908 valid for 43200 seconds", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 12271 }, @@ -2932,7 +3094,7 @@ ] }, { - "@timestamp": "2024-07-12T15:55:55.000Z", + "@timestamp": "2025-07-12T15:55:55.000Z", "client": { "geo": { "continent_name": "Europe", @@ -2951,7 +3113,7 @@ }, "event": { "action": "relay-forward", - "created": "2024-07-12T15:55:55.000Z", + "created": "2025-07-12T15:55:55.000Z", "original": "<30>Jul 12 15:55:55 67.43.156.0 dhcpdv6[12271]: Relay-forward message from 2a02:cf40:: port 547, link address 2a02:cf40::1, peer address 2a02:cf40::2" }, "host": { @@ -2975,6 +3137,9 @@ } }, "message": "Relay-forward message from 2a02:cf40:: port 547, link address 2a02:cf40::1, peer address 2a02:cf40::2", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 12271 }, @@ -2991,7 +3156,7 @@ ] }, { - "@timestamp": "2024-07-12T15:55:55.000Z", + "@timestamp": "2025-07-12T15:55:55.000Z", "client": { "geo": { "continent_name": "Europe", @@ -3010,7 +3175,7 @@ }, "event": { "action": "encapsulating advertise", - "created": "2024-07-12T15:55:55.000Z", + "created": "2025-07-12T15:55:55.000Z", "original": "<30>Jul 12 15:55:55 67.43.156.0 dhcpdv6[12271]: Encapsulating Advertise message to send to 2a02:cf40:: port 547" }, "host": { @@ -3030,6 +3195,9 @@ } }, "message": "Encapsulating Advertise message to send to 2a02:cf40:: port 547", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 12271 }, @@ -3044,7 +3212,7 @@ ] }, { - "@timestamp": "2024-07-12T15:55:55.000Z", + "@timestamp": "2025-07-12T15:55:55.000Z", "client": { "geo": { "continent_name": "Europe", @@ -3063,7 +3231,7 @@ }, "event": { "action": "sending relay-reply", - "created": "2024-07-12T15:55:55.000Z", + "created": "2025-07-12T15:55:55.000Z", "original": "<30>Jul 12 15:55:55 67.43.156.0 dhcpdv6[12271]: Sending Relay-reply message to 2a02:cf40:: port 547" }, "host": { @@ -3083,6 +3251,9 @@ } }, "message": "Sending Relay-reply message to 2a02:cf40:: port 547", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 12271 }, @@ -3097,7 +3268,7 @@ ] }, { - "@timestamp": "2024-09-28T09:25:49.000Z", + "@timestamp": "2025-09-28T09:25:49.000Z", "client": { "ip": "192.168.0.4", "mac": "00-50-56-83-96-03" @@ -3107,7 +3278,7 @@ }, "event": { "action": "dhcpack", - "created": "2024-09-28T09:25:49.000Z", + "created": "2025-09-28T09:25:49.000Z", "original": "<30>Sep 28 09:25:49 infoblox.localdomain 10.0.0.1 dhcpd[25691]: DHCPACK on 192.168.0.4 to 00:50:56:83:96:03 via eth2 relay 192.168.0.4 lease-duration 3600 uid 01:9a:df:6e:f6:1f:23" }, "host": { @@ -3139,6 +3310,9 @@ } }, "message": "DHCPACK on 192.168.0.4 to 00:50:56:83:96:03 via eth2 relay 192.168.0.4 lease-duration 3600 uid 01:9a:df:6e:f6:1f:23", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -3163,7 +3337,7 @@ ] }, { - "@timestamp": "2024-09-30T11:27:26.000Z", + "@timestamp": "2025-09-30T11:27:26.000Z", "client": { "ip": "192.168.0.4", "mac": "CE-93-30-8E-DB-AC" @@ -3173,7 +3347,7 @@ }, "event": { "action": "release", - "created": "2024-09-30T11:27:26.000Z", + "created": "2025-09-30T11:27:26.000Z", "original": "<30>Sep 30 11:27:26 anudhcp.anu.edu.au 10.0.0.1 dhcpd[11411]: RELEASE on 192.168.0.4 to ce:93:30:8e:db:ac" }, "host": { @@ -3194,6 +3368,9 @@ } }, "message": "RELEASE on 192.168.0.4 to ce:93:30:8e:db:ac", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 11411 }, @@ -3211,7 +3388,7 @@ ] }, { - "@timestamp": "2024-09-30T11:30:55.000Z", + "@timestamp": "2025-09-30T11:30:55.000Z", "client": { "ip": "192.168.0.4", "mac": "9C-AD-97-7A-FD-33" @@ -3221,7 +3398,7 @@ }, "event": { "action": "dhcpack", - "created": "2024-09-30T11:30:55.000Z", + "created": "2025-09-30T11:30:55.000Z", "original": "<30>Sep 30 11:30:55 anudhcp.anu.edu.au 10.0.0.1 dhcpd[11411]: DHCPACK to 192.168.0.4 (9c:ad:97:7a:fd:33) via eth2" }, "host": { @@ -3242,6 +3419,9 @@ } }, "message": "DHCPACK to 192.168.0.4 (9c:ad:97:7a:fd:33) via eth2", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -3266,7 +3446,7 @@ ] }, { - "@timestamp": "2024-09-30T11:33:03.000Z", + "@timestamp": "2025-09-30T11:33:03.000Z", "client": { "ip": "192.168.0.4", "mac": "4A-34-BF-D2-78-24" @@ -3276,7 +3456,7 @@ }, "event": { "action": "dhcpack", - "created": "2024-09-30T11:33:03.000Z", + "created": "2025-09-30T11:33:03.000Z", "original": "<30>Sep 30 11:33:03 anudhcp.anu.edu.au 10.0.0.1 dhcpd[11411]: DHCPACK on 192.168.0.4 to 4a:34:bf:d2:78:24 via eth2 relay 67.43.156.0 lease-duration 900 uid 01:4a:34:bf:d2:78:24" }, "host": { @@ -3308,6 +3488,9 @@ } }, "message": "DHCPACK on 192.168.0.4 to 4a:34:bf:d2:78:24 via eth2 relay 67.43.156.0 lease-duration 900 uid 01:4a:34:bf:d2:78:24", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -3333,7 +3516,7 @@ ] }, { - "@timestamp": "2024-09-30T11:33:03.000Z", + "@timestamp": "2025-09-30T11:33:03.000Z", "client": { "ip": "192.168.0.4", "mac": "4A-34-BF-D2-78-24" @@ -3343,7 +3526,7 @@ }, "event": { "action": "dhcpack", - "created": "2024-09-30T11:33:03.000Z", + "created": "2025-09-30T11:33:03.000Z", "original": "<30>Sep 30 11:33:03 anudhcp.anu.edu.au 10.0.0.1 dhcpd[11411]: DHCPACK on 192.168.0.4 to 4a:34:bf:d2:78:24 (my-iPhone) via eth2 relay 67.43.156.0 lease-duration 900 offered-duration 3600 (RENEW) uid 01:4a:34:bf:d2:78:24" }, "host": { @@ -3380,6 +3563,9 @@ } }, "message": "DHCPACK on 192.168.0.4 to 4a:34:bf:d2:78:24 (my-iPhone) via eth2 relay 67.43.156.0 lease-duration 900 offered-duration 3600 (RENEW) uid 01:4a:34:bf:d2:78:24", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -3406,7 +3592,7 @@ ] }, { - "@timestamp": "2024-09-30T11:33:03.000Z", + "@timestamp": "2025-09-30T11:33:03.000Z", "client": { "ip": "192.168.0.4", "mac": "4A-34-BF-D2-78-24" @@ -3416,7 +3602,7 @@ }, "event": { "action": "dhcpack", - "created": "2024-09-30T11:33:03.000Z", + "created": "2025-09-30T11:33:03.000Z", "original": "<30>Sep 30 11:33:03 anudhcp.anu.edu.au 10.0.0.1 dhcpd[11411]: DHCPACK on 192.168.0.4 to 4a:34:bf:d2:78:24 via eth2 relay 67.43.156.0 lease-duration 900 offered-duration 3600 (RENEW) uid 01:4a:34:bf:d2:78:24" }, "host": { @@ -3452,6 +3638,9 @@ } }, "message": "DHCPACK on 192.168.0.4 to 4a:34:bf:d2:78:24 via eth2 relay 67.43.156.0 lease-duration 900 offered-duration 3600 (RENEW) uid 01:4a:34:bf:d2:78:24", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -3477,7 +3666,7 @@ ] }, { - "@timestamp": "2024-09-30T11:33:03.000Z", + "@timestamp": "2025-09-30T11:33:03.000Z", "client": { "ip": "192.168.0.4", "mac": "4A-34-BF-D2-78-24" @@ -3487,7 +3676,7 @@ }, "event": { "action": "dhcpack", - "created": "2024-09-30T11:33:03.000Z", + "created": "2025-09-30T11:33:03.000Z", "original": "<30>Sep 30 11:33:03 anudhcp.anu.edu.au 10.0.0.1 dhcpd[11411]: DHCPACK on 192.168.0.4 to 4a:34:bf:d2:78:24 (my-iPhone) via eth2 relay 67.43.156.0 lease-duration 900 offered-duration 3600 (RENEW)" }, "host": { @@ -3523,6 +3712,9 @@ } }, "message": "DHCPACK on 192.168.0.4 to 4a:34:bf:d2:78:24 (my-iPhone) via eth2 relay 67.43.156.0 lease-duration 900 offered-duration 3600 (RENEW)", + "network": { + "protocol": "dhcp" + }, "observer": { "ingress": { "interface": { @@ -3549,7 +3741,7 @@ ] }, { - "@timestamp": "2024-05-31T13:21:52.000Z", + "@timestamp": "2025-05-31T13:21:52.000Z", "client": { "ip": "10.71.68.10" }, @@ -3558,7 +3750,7 @@ }, "event": { "action": "reverse_map_update", - "created": "2024-05-31T13:21:52.000Z", + "created": "2025-05-31T13:21:52.000Z", "original": "<131>May 31 13:21:52 10.54.17.251 dhcpd[1122]: Reverse map update for 10.71.68.10 abandoned because of non-retryable failure: REFUSED", "outcome": "failure" }, @@ -3579,6 +3771,9 @@ } }, "message": "Reverse map update for 10.71.68.10 abandoned because of non-retryable failure: REFUSED", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 1122 }, @@ -3593,13 +3788,13 @@ ] }, { - "@timestamp": "2024-05-31T13:21:52.000Z", + "@timestamp": "2025-05-31T13:21:52.000Z", "ecs": { "version": "8.11.0" }, "event": { "action": "add_forward_map", - "created": "2024-05-31T13:21:52.000Z", + "created": "2025-05-31T13:21:52.000Z", "original": "<131>May 31 13:21:52 10.54.17.251 dhcpd[1122]: Unable to add forward map from PRinter12345.domain.subdomain.subsubdomain to 10.71.68.10 by server 127.0.0.1#53: REFUSED", "outcome": "failure" }, @@ -3624,6 +3819,9 @@ } }, "message": "Unable to add forward map from PRinter12345.domain.subdomain.subsubdomain to 10.71.68.10 by server 127.0.0.1#53: REFUSED", + "network": { + "protocol": "dhcp" + }, "process": { "pid": 1122 }, diff --git a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json index 4a618b73d31..cc0f1983c17 100644 --- a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json @@ -47,7 +47,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<30>Mar 11 23:51:31 infoblox.localdomain named[11042]: 07-Apr-2022 08:08:10.043 client 192.168.0.1#57398 UDP: query: a1.foo.com IN A response: NOERROR +ED a1.foo.com 28800 IN A foo.com; a1.foo.com 28800 IN A 0.0.0.0;" }, "host": { @@ -69,6 +69,7 @@ }, "message": "07-Apr-2022 08:08:10.043 client 192.168.0.1#57398 UDP: query: a1.foo.com IN A response: NOERROR +ED a1.foo.com 28800 IN A foo.com; a1.foo.com 28800 IN A 0.0.0.0;", "network": { + "protocol": "dns", "transport": "udp" }, "process": { @@ -109,7 +110,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<45>Mar 11 23:51:31 infoblox.localdomain named[17742]: 07-Apr-2022 08:08:10.043 client 192.168.0.1#50565 UDP: query: test.com IN A response: REFUSED -" }, "host": { @@ -131,6 +132,7 @@ }, "message": "07-Apr-2022 08:08:10.043 client 192.168.0.1#50565 UDP: query: test.com IN A response: REFUSED -", "network": { + "protocol": "dns", "transport": "udp" }, "process": { @@ -192,7 +194,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<30>Mar 11 23:51:31 infoblox.localdomain named[17742]: 07-Apr-2022 08:08:10.043 client 192.168.0.1#57398 UDP: query: a2.foo.com IN A response: NOERROR +AED a2.foo.com 28800 IN A 192.168.0.3;" }, "host": { @@ -214,6 +216,7 @@ }, "message": "07-Apr-2022 08:08:10.043 client 192.168.0.1#57398 UDP: query: a2.foo.com IN A response: NOERROR +AED a2.foo.com 28800 IN A 192.168.0.3;", "network": { + "protocol": "dns", "transport": "udp" }, "process": { @@ -258,7 +261,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<30>Mar 11 23:51:31 infoblox.localdomain named[17742]: 07-Apr-2022 08:08:10.043 client 192.168.0.1#57398 UDP: query: non-exist.foo.com IN A response: NXDOMAIN +ED" }, "host": { @@ -280,6 +283,7 @@ }, "message": "07-Apr-2022 08:08:10.043 client 192.168.0.1#57398 UDP: query: non-exist.foo.com IN A response: NXDOMAIN +ED", "network": { + "protocol": "dns", "transport": "udp" }, "process": { @@ -345,7 +349,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<45>Mar 11 23:51:31 infoblox.localdomain named[17742]: 07-Apr-2022 08:08:10.043 client 192.168.0.1#57398 UDP: query: a1.foo.com IN A response: NOERROR +ED a1.foo.com 28800 IN A 192.168.0.2; a1.foo.com 28800 IN A 192.168.0.3;" }, "host": { @@ -367,6 +371,7 @@ }, "message": "07-Apr-2022 08:08:10.043 client 192.168.0.1#57398 UDP: query: a1.foo.com IN A response: NOERROR +ED a1.foo.com 28800 IN A 192.168.0.2; a1.foo.com 28800 IN A 192.168.0.3;", "network": { + "protocol": "dns", "transport": "udp" }, "process": { @@ -387,7 +392,7 @@ ] }, { - "@timestamp": "2024-03-09T23:59:59.000Z", + "@timestamp": "2025-03-09T23:59:59.000Z", "client": { "ip": "192.168.0.1", "port": 59735 @@ -396,7 +401,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-09T23:59:59.000Z", + "created": "2025-03-09T23:59:59.000Z", "original": "<30>Mar 9 23:59:59 infoblox.localdomain named[17742]: client @0x7f1dd4114af0 192.168.0.1#59735 (config.nos-avg.cz): query failed (REFUSED) for config.nos-avg.cz/IN/TXT at query.c:10288" }, "host": { @@ -417,6 +422,9 @@ } }, "message": "client @0x7f1dd4114af0 192.168.0.1#59735 (config.nos-avg.cz): query failed (REFUSED) for config.nos-avg.cz/IN/TXT at query.c:10288", + "network": { + "protocol": "dns" + }, "process": { "pid": 17742 }, @@ -433,7 +441,7 @@ ] }, { - "@timestamp": "2024-03-09T23:59:59.000Z", + "@timestamp": "2025-03-09T23:59:59.000Z", "client": { "ip": "192.168.0.1", "port": 59735 @@ -455,7 +463,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-09T23:59:59.000Z", + "created": "2025-03-09T23:59:59.000Z", "original": "<30>Mar 9 23:59:59 infoblox.localdomain named[17742]: client @0x7f1dd4114af0 192.168.0.1#59735 (config.nos-avg.cz): query: config.nos-avg.cz IN TXT + (192.168.0.1)" }, "host": { @@ -476,6 +484,9 @@ } }, "message": "client @0x7f1dd4114af0 192.168.0.1#59735 (config.nos-avg.cz): query: config.nos-avg.cz IN TXT + (192.168.0.1)", + "network": { + "protocol": "dns" + }, "process": { "pid": 17742 }, @@ -496,12 +507,12 @@ ] }, { - "@timestamp": "2024-03-11T23:51:31.000Z", + "@timestamp": "2025-03-11T23:51:31.000Z", "ecs": { "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<30>Mar 11 23:51:31 infoblox.localdomain named[27014]: rpz: rpz1.com: reload start" }, "host": { @@ -522,6 +533,9 @@ } }, "message": "rpz: rpz1.com: reload start", + "network": { + "protocol": "dns" + }, "process": { "pid": 27014 }, @@ -535,7 +549,7 @@ ] }, { - "@timestamp": "2024-03-11T23:51:31.000Z", + "@timestamp": "2025-03-11T23:51:31.000Z", "client": { "ip": "192.168.0.1", "port": 50460 @@ -549,7 +563,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<30>Mar 11 23:51:31 infoblox.localdomain named[29914]: client @0x7ff42c168b50 192.168.0.1#50460 (test.com): rewriting query name 'test.com' to 'query123-10-120-20-93.test.com', type A" }, "host": { @@ -571,6 +585,9 @@ } }, "message": "client @0x7ff42c168b50 192.168.0.1#50460 (test.com): rewriting query name 'test.com' to 'query123-10-120-20-93.test.com', type A", + "network": { + "protocol": "dns" + }, "process": { "pid": 29914 }, @@ -587,7 +604,7 @@ ] }, { - "@timestamp": "2024-03-11T23:51:31.000Z", + "@timestamp": "2025-03-11T23:51:31.000Z", "client": { "ip": "192.168.0.1", "port": 36483 @@ -604,7 +621,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<30>Mar 11 23:51:31 infoblox.localdomain named[19204]: client @0x7fec7c11dab0 192.168.0.1#36483: updating zone 'test1.com/IN': adding an RR at 'a6.test1.com' A 192.168.0.2" }, "host": { @@ -625,6 +642,9 @@ } }, "message": "client @0x7fec7c11dab0 192.168.0.1#36483: updating zone 'test1.com/IN': adding an RR at 'a6.test1.com' A 192.168.0.2", + "network": { + "protocol": "dns" + }, "process": { "pid": 19204 }, @@ -642,7 +662,7 @@ ] }, { - "@timestamp": "2024-03-11T23:51:31.000Z", + "@timestamp": "2025-03-11T23:51:31.000Z", "client": { "ip": "192.168.0.1", "port": 51424 @@ -659,7 +679,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<30>Mar 11 23:51:31 infoblox.localdomain named[28468]: CEF:0|Infoblox|NIOS|8.6.2-49634-e88e9df276a8|RPZ-QNAME|NXDOMAIN|7|app=DNS dst=192.168.0.1 src=192.168.0.1 spt=51424 view=_default qtype=A msg=\"rpz QNAME NXDOMAIN rewrite nxd1.com [A] via nxd1.com.rpz1.com\" CAT=RPZ" }, "host": { @@ -692,6 +712,9 @@ } }, "message": "CEF:0|Infoblox|NIOS|8.6.2-49634-e88e9df276a8|RPZ-QNAME|NXDOMAIN|7|app=DNS dst=192.168.0.1 src=192.168.0.1 spt=51424 view=_default qtype=A msg=\"rpz QNAME NXDOMAIN rewrite nxd1.com [A] via nxd1.com.rpz1.com\" CAT=RPZ", + "network": { + "protocol": "dns" + }, "process": { "pid": 28468 }, @@ -711,7 +734,7 @@ ] }, { - "@timestamp": "2024-03-11T23:51:31.000Z", + "@timestamp": "2025-03-11T23:51:31.000Z", "client": { "ip": "192.168.0.1", "port": 46982 @@ -728,7 +751,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<30>Mar 11 23:51:31 infoblox.localdomain named[7741]: zone local_7.com/IN: notify from 192.168.0.1#46982: zone is up to date" }, "host": { @@ -749,6 +772,9 @@ } }, "message": "zone local_7.com/IN: notify from 192.168.0.1#46982: zone is up to date", + "network": { + "protocol": "dns" + }, "process": { "pid": 7741 }, @@ -766,7 +792,7 @@ ] }, { - "@timestamp": "2024-03-11T23:51:31.000Z", + "@timestamp": "2025-03-11T23:51:31.000Z", "client": { "ip": "192.168.0.1", "port": 46982 @@ -775,7 +801,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<30>Mar 11 23:51:31 infoblox.localdomain named[7741]: responses: client @0x7fb550117f90 192.168.0.1#46982: received notify for zone 'local_14.com'" }, "host": { @@ -797,6 +823,9 @@ } }, "message": "responses: client @0x7fb550117f90 192.168.0.1#46982: received notify for zone 'local_14.com'", + "network": { + "protocol": "dns" + }, "process": { "pid": 7741 }, @@ -813,7 +842,7 @@ ] }, { - "@timestamp": "2024-03-11T23:51:31.000Z", + "@timestamp": "2025-03-11T23:51:31.000Z", "client": { "ip": "192.168.0.1", "port": 53 @@ -830,7 +859,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<30>Mar 11 23:51:31 infoblox.localdomain named[15242]: transfer of 'test.com/IN' from 192.168.0.1#53: Transfer status: success" }, "host": { @@ -851,6 +880,9 @@ } }, "message": "transfer of 'test.com/IN' from 192.168.0.1#53: Transfer status: success", + "network": { + "protocol": "dns" + }, "process": { "pid": 15242 }, @@ -868,7 +900,7 @@ ] }, { - "@timestamp": "2024-03-11T23:51:31.000Z", + "@timestamp": "2025-03-11T23:51:31.000Z", "client": { "ip": "192.168.0.1", "port": 53 @@ -885,7 +917,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<30>Mar 11 23:51:31 infoblox.localdomain named[15242]: transfer of 'test.com/IN' from 192.168.0.1#53: Transfer completed: 1 messages, 9 records, 326 bytes, 0.001 secs (326000 bytes/sec)" }, "host": { @@ -906,6 +938,9 @@ } }, "message": "transfer of 'test.com/IN' from 192.168.0.1#53: Transfer completed: 1 messages, 9 records, 326 bytes, 0.001 secs (326000 bytes/sec)", + "network": { + "protocol": "dns" + }, "process": { "pid": 15242 }, @@ -923,7 +958,7 @@ ] }, { - "@timestamp": "2024-03-11T23:51:31.000Z", + "@timestamp": "2025-03-11T23:51:31.000Z", "client": { "ip": "192.168.0.1", "port": 57027 @@ -940,7 +975,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<30>Mar 11 23:51:31 infoblox.localdomain named[56199]: client @0x7f7e6c2809f0 192.168.0.1#57027 (test.com): transfer of 'test.com/IN': AXFR started (serial 3)" }, "host": { @@ -961,6 +996,9 @@ } }, "message": "client @0x7f7e6c2809f0 192.168.0.1#57027 (test.com): transfer of 'test.com/IN': AXFR started (serial 3)", + "network": { + "protocol": "dns" + }, "process": { "pid": 56199 }, @@ -978,7 +1016,7 @@ ] }, { - "@timestamp": "2024-03-11T23:51:31.000Z", + "@timestamp": "2025-03-11T23:51:31.000Z", "client": { "ip": "192.168.0.1", "port": 57027 @@ -995,7 +1033,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<30>Mar 11 23:51:31 infoblox.localdomain named[56199]: client @0x7f7e6c2809f0 192.168.0.1#57027 (test.com): transfer of 'test.com/IN': AXFR ended" }, "host": { @@ -1016,6 +1054,9 @@ } }, "message": "client @0x7f7e6c2809f0 192.168.0.1#57027 (test.com): transfer of 'test.com/IN': AXFR ended", + "network": { + "protocol": "dns" + }, "process": { "pid": 56199 }, @@ -1033,12 +1074,12 @@ ] }, { - "@timestamp": "2024-03-11T23:51:31.000Z", + "@timestamp": "2025-03-11T23:51:31.000Z", "ecs": { "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<30>Mar 11 23:51:31 infoblox.localdomain named[30325]: resolver priming query complete" }, "host": { @@ -1059,6 +1100,9 @@ } }, "message": "resolver priming query complete", + "network": { + "protocol": "dns" + }, "process": { "pid": 30325 }, @@ -1072,7 +1116,7 @@ ] }, { - "@timestamp": "2024-03-11T23:51:31.000Z", + "@timestamp": "2025-03-11T23:51:31.000Z", "dns": { "question": { "name": "test.com", @@ -1085,7 +1129,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<30>Mar 11 23:51:31 infoblox.localdomain named[1127]: validating test.com/DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches a trusted key for 'test.com'" }, "host": { @@ -1106,6 +1150,9 @@ } }, "message": "validating test.com/DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches a trusted key for 'test.com'", + "network": { + "protocol": "dns" + }, "process": { "pid": 1127 }, @@ -1120,7 +1167,7 @@ ] }, { - "@timestamp": "2024-03-11T23:51:31.000Z", + "@timestamp": "2025-03-11T23:51:31.000Z", "dns": { "question": { "name": "test.com", @@ -1133,7 +1180,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<30>Mar 11 23:51:31 infoblox.localdomain named[1127]: validating test.com/NSEC: bad cache hit (test.com/DNSKEY)" }, "host": { @@ -1154,6 +1201,9 @@ } }, "message": "validating test.com/NSEC: bad cache hit (test.com/DNSKEY)", + "network": { + "protocol": "dns" + }, "process": { "pid": 1127 }, @@ -1168,7 +1218,7 @@ ] }, { - "@timestamp": "2024-03-11T23:51:31.000Z", + "@timestamp": "2025-03-11T23:51:31.000Z", "dns": { "question": { "name": "hostrec3.test.com", @@ -1182,7 +1232,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-03-11T23:51:31.000Z", + "created": "2025-03-11T23:51:31.000Z", "original": "<30>Mar 11 23:51:31 infoblox.localdomain named[1127]: validating hostrec3.test.com/NSEC: bad cache hit (test.com/DNSKEY)" }, "host": { @@ -1203,6 +1253,9 @@ } }, "message": "validating hostrec3.test.com/NSEC: bad cache hit (test.com/DNSKEY)", + "network": { + "protocol": "dns" + }, "process": { "pid": 1127 }, @@ -1237,7 +1290,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-04-14T16:17:20.000Z", + "created": "2025-04-14T16:17:20.000Z", "original": "<30>Apr 14 16:17:20 10.50.1.227 named[2588]: infoblox-responses: 14-Apr-2022 16:17:20.046 client 192.168.1.90#57738: UDP: query: settings-win.data.microsoft.com IN A response: REFUSED -" }, "host": { @@ -1262,6 +1315,7 @@ }, "message": "infoblox-responses: 14-Apr-2022 16:17:20.046 client 192.168.1.90#57738: UDP: query: settings-win.data.microsoft.com IN A response: REFUSED -", "network": { + "protocol": "dns", "transport": "udp" }, "process": { @@ -1281,7 +1335,7 @@ ] }, { - "@timestamp": "2024-04-14T16:16:05.000Z", + "@timestamp": "2025-04-14T16:16:05.000Z", "client": { "ip": "192.168.1.90", "port": 64727 @@ -1303,7 +1357,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-04-14T16:16:05.000Z", + "created": "2025-04-14T16:16:05.000Z", "original": "<30>Apr 14 16:16:05 10.50.1.227 named[2588]: queries: client @0x7f97e40eb500 192.168.1.90#64727 (ocsp.digicert.com): query: ocsp.digicert.com IN A + (192.168.1.10)" }, "host": { @@ -1327,6 +1381,9 @@ } }, "message": "queries: client @0x7f97e40eb500 192.168.1.90#64727 (ocsp.digicert.com): query: ocsp.digicert.com IN A + (192.168.1.10)", + "network": { + "protocol": "dns" + }, "process": { "pid": 2588 }, @@ -1348,7 +1405,7 @@ ] }, { - "@timestamp": "2024-04-14T16:16:05.000Z", + "@timestamp": "2025-04-14T16:16:05.000Z", "client": { "ip": "192.168.1.90", "port": 64727 @@ -1357,7 +1414,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-04-14T16:16:05.000Z", + "created": "2025-04-14T16:16:05.000Z", "original": "<30>Apr 14 16:16:05 10.50.1.227 named[2588]: query-errors: client @0x7f97e40eb500 192.168.1.90#64727 (ocsp.digicert.com): query failed (REFUSED) for ocsp.digicert.com/IN/A at query.c:10288" }, "host": { @@ -1381,6 +1438,9 @@ } }, "message": "query-errors: client @0x7f97e40eb500 192.168.1.90#64727 (ocsp.digicert.com): query failed (REFUSED) for ocsp.digicert.com/IN/A at query.c:10288", + "network": { + "protocol": "dns" + }, "process": { "pid": 2588 }, @@ -1453,7 +1513,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-10-04T10:18:07.000Z", + "created": "2025-10-04T10:18:07.000Z", "original": "<30>Oct 4 10:18:07 a1.foo.com 89.160.20.112 named[10750]: 04-Oct-2022 10:18:07.834 client 89.160.20.128#59605: UDP: query: 89.160.20.128.a1.foo.com IN PTR response: NOERROR + 89.160.20.128.a1.foo.com. 21801 IN PTR 089.160.20.112.a1.foo.com.;" }, "host": { @@ -1478,6 +1538,7 @@ }, "message": "04-Oct-2022 10:18:07.834 client 89.160.20.128#59605: UDP: query: 89.160.20.128.a1.foo.com IN PTR response: NOERROR + 89.160.20.128.a1.foo.com. 21801 IN PTR 089.160.20.112.a1.foo.com.;", "network": { + "protocol": "dns", "transport": "udp" }, "process": { @@ -1561,7 +1622,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-05-09T11:54:36.000Z", + "created": "2025-05-09T11:54:36.000Z", "original": "<30>May 9 11:54:36 a1.foo.com 89.160.20.112 named[12261]: 09-May-2023 11:54:36.185 client 89.160.20.128#59605: view 12: UDP: query: settings-win.data.microsoft.com IN TXT response: NOERROR + settings-win.data.microsoft.com. 3600 IN TXT \"k=rsa; p=abc\" \"def\" \"ghi\" \"jkl\" \"AB\";" }, "host": { @@ -1586,6 +1647,7 @@ }, "message": "09-May-2023 11:54:36.185 client 89.160.20.128#59605: view 12: UDP: query: settings-win.data.microsoft.com IN TXT response: NOERROR + settings-win.data.microsoft.com. 3600 IN TXT \"k=rsa; p=abc\" \"def\" \"ghi\" \"jkl\" \"AB\";", "network": { + "protocol": "dns", "transport": "udp" }, "process": { @@ -2386,7 +2448,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-05-09T11:54:36.000Z", + "created": "2025-05-09T11:54:36.000Z", "original": "<30>May 9 11:54:36 a1.foo.com 89.160.20.112 named[12261]: 03-Nov-2023 13:22:37.747 client 192.168.1.1#31645: view 1: TCP: query: www.elastic.co IN A response: NOERROR + www.elastic.co. 1826 IN CNAME cool.server.production.elastic.co.; cool.server.production.elastic.co. 190 IN A 175.16.199.163; cool.server.production.elastic.co. 190 IN A 175.16.199.162; cool.server.production.elastic.co. 190 IN A 175.16.199.161; cool.server.production.elastic.co. 190 IN A 175.16.199.160; cool.server.production.elastic.co. 190 IN A 175.16.199.16; cool.server.production.elastic.co. 190 IN A 175.16.199.159; cool.server.production.elastic.co. 190 IN A 175.16.199.158; cool.server.production.elastic.co. 190 IN A 175.16.199.157; cool.server.production.elastic.co. 190 IN A 175.16.199.156; cool.server.production.elastic.co. 190 IN A 175.16.199.155; cool.server.production.elastic.co. 190 IN A 175.16.199.154; cool.server.production.elastic.co. 190 IN A 175.16.199.153; cool.server.production.elastic.co. 190 IN A 175.16.199.152; cool.server.production.elastic.co. 190 IN A 175.16.199.151; cool.server.production.elastic.co. 190 IN A 175.16.199.150; cool.server.production.elastic.co. 190 IN A 175.16.199.15; cool.server.production.elastic.co. 190 IN A 175.16.199.149; cool.server.production.elastic.co. 190 IN A 175.16.199.148; cool.server.production.elastic.co. 190 IN A 175.16.199.147; cool.server.production.elastic.co. 190 IN A 175.16.199.146; cool.server.production.elastic.co. 190 IN A 175.16.199.145; cool.server.production.elastic.co. 190 IN A 175.16.199.144; cool.server.production.elastic.co. 190 IN A 175.16.199.143; cool.server.production.elastic.co. 190 IN A 175.16.199.142; cool.server.production.elastic.co. 190 IN A 175.16.199.141; cool.server.production.elastic.co. 190 IN A 175.16.199.140; cool.server.production.elastic.co. 190 IN A 175.16.199.14; cool.server.production.elastic.co. 190 IN A 175.16.199.139; cool.server.production.elastic.co. 190 IN A 175.16.199.138; cool.server.production.elastic.co. 190 IN A 175.16.199.137; cool.server.production.elastic.co. 190 IN A 175.16.199.136; cool.server.production.elastic.co. 190 IN A 175.16.199.135; cool.server.production.elastic.co. 190 IN A 175.16.199.134; cool.server.production.elastic.co. 190 IN A 175.16.199.133; cool.server.production.elastic.co. 190 IN A 175.16.199.132; cool.server.production.elastic.co. 190 IN A 175.16.199.131; cool.server.production.elastic.co. 190 IN A 175.16.199.130; cool.server.production.elastic.co. 190 IN A 175.16.199.13; cool.server.production.elastic.co. 190 IN A 175.16.199.129; cool.server.production.elastic.co. 190 IN A 175.16.199.128; cool.server.production.elastic.co. 190 IN A 175.16.199.127; cool.server.production.elastic.co. 190 IN A 175.16.199.126; cool.server.production.elastic.co. 190 IN A 175.16.199.125; cool.server.production.elastic.co. 190 IN A 175.16.199.124; cool.server.production.elastic.co. 190 IN A 175.16.199.123; cool.server.production.elastic.co. 190 IN A 175.16.199.122; cool.server.production.elastic.co. 190 IN A 175.16.199.121; cool.server.production.elastic.co. 190 IN A 175.16.199.120; cool.server.production.elastic.co. 190 IN A 175.16.199.12; cool.server.production.elastic.co. 190 IN A 175.16.199.119; cool.server.production.elastic.co. 190 IN A 175.16.199.118; cool.server.production.elastic.co. 190 IN A 175.16.199.117; cool.server.production.elastic.co. 190 IN A 175.16.199.116; cool.server.production.elastic.co. 190 IN A 175.16.199.115; cool.server.production.elastic.co. 190 IN A 175.16.199.114; cool.server.production.elastic.co. 190 IN A 175.16.199.113; cool.server.production.elastic.co. 190 IN A 175.16.199.112; cool.server.production.elastic.co. 190 IN A 175.16.199.111; cool.server.production.elastic.co. 190 IN A 175.16.199.110; cool.server.production.elastic.co. 190 IN A 175.16.199.11; cool.server.production.elastic.co. 190 IN A 175.16.199.109; cool.server.production.elastic.co. 190 IN A 175.16.199.108; cool.server.production.elastic.co. 190 IN A 175.16.199.107; cool.server.production.elastic.co. 190 IN A 175.16.199.106; cool.server.production.elastic.co. 190 IN A 175.16.199.105; cool.server.production.elastic.co. 190 IN A 175.16.199.104; cool.server.production.elastic.co. 190 IN A 175.16.199.103; cool.server.production.elastic.co. 190 IN A 175.16.199.102; cool.server.production.elastic.co. 190 IN A 175.16.199.101; cool.server.production.elastic.co. 190 IN A 175.16.199.100; cool.server.production.elastic.co. 190 IN A 175.16.199.10; cool.server.production.elastic.co. 190 IN A 175.16.199.1; cool.server.production.elastic.co. 190 IN A 175.16.199.0; cool.server.production.elastic.co. 190 IN A 175.16.199.99; cool.server.production.elastic.co. 190 IN A 175.16.199.98; cool.server.production.elastic.co. 190 IN A 175.16.199.97; cool.server.production.elastic.co. 190 IN A 175.16.199.96; cool.server.production.elastic.co. 190 IN A 175.16.199.95; cool.server.production.elastic.co. 190 IN A 175.16.199.94; cool.server.production.elastic.co. 190 IN A 175.16.199.93; cool.server.production.elastic.co. 190 IN A 175.16.199.92; cool.server.production.elastic.co. 190 IN A 175.16.199.91; cool.server.production.elastic.co. 190 IN A 175.16.199.90; cool.server.production.elastic.co. 190 IN A 175.16.199.9; cool.server.production.elastic.co. 190 IN A 175.16.199.89; cool.server.production.elastic.co. 190 IN A 175.16.199.88; cool.server.production.elastic.co. 190 IN A 175.16.199.87; cool.server.production.elastic.co. 190 IN A 175.16.199.86; cool.server.production.elastic.co. 190 IN A 175.16.199.85; cool.server.production.elastic.co. 190 IN A 175.16.199.84; cool.server.production.elastic.co. 190 IN A 175.16.199.83; cool.server.production.elastic.co. 190 IN A 175.16.199.82; cool.server.production.elastic.co. 190 IN A 175.16.199.81; cool.server.production.elastic.co. 190 IN A 175.16.199.80; cool.server.production.elastic.co. 190 IN A 175.16.199.8; cool.server.production.elastic.co. 190 IN A 175.16.199.79; cool.server.production.elastic.co. 190 IN A 175.16.199.78; cool.server.production.elastic.co. 190 IN A 175.16.199.77; cool.server.production.elastic.co. 190 IN A 175.16.199.76; cool.server.production.elastic.co. 190 IN A 175.16.199.75; cool.server.production.elastic.co. 190 IN A 175.16.199.74; cool.server.production.elastic.co. 190 IN A 175.16.199.73; cool.server.production.elastic.co. 190 IN A 175.16.199.72; cool.server.production.elastic.co. 190 IN A 175.16.199.71; cool.server.production.elastic.co. 190 IN A 175.16.199.70; cool.server.production.elastic.co. 190 IN A 175.16.199.7; cool.server.production.elastic.co. 190 IN A 175.16.199.69; cool.server.production.elastic.co. 190 IN A 175.16.199.68; cool.server.production.elastic.co. 190 IN A 175.16.199.67; cool.server.production.elastic.co. 190 IN A 175.16.199.66; cool.server.production.elastic.co. 190 IN A 175.16.199.65; cool.server.production.elastic.co. 190 IN A 175.16.199.64; cool.server.production.elastic.co. 190 IN A 175.16.199.63; cool.server.production.elastic.co. 190 IN A 175.16.199.62; cool.server.production.elastic.co. 190 IN A 175.16.199.61; cool.server.production.elastic.co. 190 IN A 175.16.199.60; cool.server.production.elastic.co. 190 IN A 175.16.199.6; cool.server.production.elastic.co. 190 IN A 175.16.199.59; cool.server.production.elastic.co. 190 IN A 175.16.199.58; cool.server.production.elastic.co. 190 IN A 175.16.199.57; cool.server.production.elastic.co. 190 IN A 175.16.199.56; cool.server.production.elastic.co. 190 IN A 175.16.199.55; cool.server.production.elastic.co. 190 IN A 175.16.199.54; cool.server.production.elastic.co. 190 IN A 175.16.199.53; cool.server.production.elastic.co. 190 IN A 175.16.199.52; cool.server.production.elastic.co. 190 IN A 175.16.199.51; cool.server.production.elastic.co. 190 IN A 175.16.199.50; cool.server.production.elastic.co. 190 IN A 175.16.199.5; cool.server.production.elastic.co. 190 IN A 175.16.199.49; cool.server.production.elastic.co. 190 IN A 175.16.199.48; cool.server.production.elastic.co. 190 IN A 175.16.199.47; cool.server.production.elastic.co. 190 IN A 175.16.199.46; cool.server.production.elastic.co. 190 IN A 175.16.199.45; cool.server.production.elastic.co. 190 IN A 175.16.199.44; cool.server.production.elastic.co. 190 IN A 175.16.199.43; cool.server.production.elastic.co. 190 IN A 175.16.199.42; cool.server.production.elastic.co. 190 IN A 175.16.199.41; cool.server.production.elastic.co. 190 IN A 175.16.199.40; cool.server.production.elastic.co. 190 IN A 175.16.199.4; cool.server.production.elastic.co. 190 IN A 175.16.199.39; cool.server.production.elastic.co. 190 IN A 175.16.199.38; cool.server.production.elastic.co. 190 IN A 175.16.199.37; cool.server.production.elastic.co. 190 IN A 175.16.199.36; cool.server.production.elastic.co. 190 IN A 175.16.199.35; cool.server.production.elastic.co. 190 IN A 175.16.199.34; cool.server.production.elastic.co. 190 IN A 175.16.199.33; cool.server.production.elastic.co. 190 IN A 175.16.199.32; cool.server.production.elastic.co. 190 IN A 175.16.199.31; cool.server.production.elastic.co ..." }, "host": { @@ -2411,6 +2473,7 @@ }, "message": "03-Nov-2023 13:22:37.747 client 192.168.1.1#31645: view 1: TCP: query: www.elastic.co IN A response: NOERROR + www.elastic.co. 1826 IN CNAME cool.server.production.elastic.co.; cool.server.production.elastic.co. 190 IN A 175.16.199.163; cool.server.production.elastic.co. 190 IN A 175.16.199.162; cool.server.production.elastic.co. 190 IN A 175.16.199.161; cool.server.production.elastic.co. 190 IN A 175.16.199.160; cool.server.production.elastic.co. 190 IN A 175.16.199.16; cool.server.production.elastic.co. 190 IN A 175.16.199.159; cool.server.production.elastic.co. 190 IN A 175.16.199.158; cool.server.production.elastic.co. 190 IN A 175.16.199.157; cool.server.production.elastic.co. 190 IN A 175.16.199.156; cool.server.production.elastic.co. 190 IN A 175.16.199.155; cool.server.production.elastic.co. 190 IN A 175.16.199.154; cool.server.production.elastic.co. 190 IN A 175.16.199.153; cool.server.production.elastic.co. 190 IN A 175.16.199.152; cool.server.production.elastic.co. 190 IN A 175.16.199.151; cool.server.production.elastic.co. 190 IN A 175.16.199.150; cool.server.production.elastic.co. 190 IN A 175.16.199.15; cool.server.production.elastic.co. 190 IN A 175.16.199.149; cool.server.production.elastic.co. 190 IN A 175.16.199.148; cool.server.production.elastic.co. 190 IN A 175.16.199.147; cool.server.production.elastic.co. 190 IN A 175.16.199.146; cool.server.production.elastic.co. 190 IN A 175.16.199.145; cool.server.production.elastic.co. 190 IN A 175.16.199.144; cool.server.production.elastic.co. 190 IN A 175.16.199.143; cool.server.production.elastic.co. 190 IN A 175.16.199.142; cool.server.production.elastic.co. 190 IN A 175.16.199.141; cool.server.production.elastic.co. 190 IN A 175.16.199.140; cool.server.production.elastic.co. 190 IN A 175.16.199.14; cool.server.production.elastic.co. 190 IN A 175.16.199.139; cool.server.production.elastic.co. 190 IN A 175.16.199.138; cool.server.production.elastic.co. 190 IN A 175.16.199.137; cool.server.production.elastic.co. 190 IN A 175.16.199.136; cool.server.production.elastic.co. 190 IN A 175.16.199.135; cool.server.production.elastic.co. 190 IN A 175.16.199.134; cool.server.production.elastic.co. 190 IN A 175.16.199.133; cool.server.production.elastic.co. 190 IN A 175.16.199.132; cool.server.production.elastic.co. 190 IN A 175.16.199.131; cool.server.production.elastic.co. 190 IN A 175.16.199.130; cool.server.production.elastic.co. 190 IN A 175.16.199.13; cool.server.production.elastic.co. 190 IN A 175.16.199.129; cool.server.production.elastic.co. 190 IN A 175.16.199.128; cool.server.production.elastic.co. 190 IN A 175.16.199.127; cool.server.production.elastic.co. 190 IN A 175.16.199.126; cool.server.production.elastic.co. 190 IN A 175.16.199.125; cool.server.production.elastic.co. 190 IN A 175.16.199.124; cool.server.production.elastic.co. 190 IN A 175.16.199.123; cool.server.production.elastic.co. 190 IN A 175.16.199.122; cool.server.production.elastic.co. 190 IN A 175.16.199.121; cool.server.production.elastic.co. 190 IN A 175.16.199.120; cool.server.production.elastic.co. 190 IN A 175.16.199.12; cool.server.production.elastic.co. 190 IN A 175.16.199.119; cool.server.production.elastic.co. 190 IN A 175.16.199.118; cool.server.production.elastic.co. 190 IN A 175.16.199.117; cool.server.production.elastic.co. 190 IN A 175.16.199.116; cool.server.production.elastic.co. 190 IN A 175.16.199.115; cool.server.production.elastic.co. 190 IN A 175.16.199.114; cool.server.production.elastic.co. 190 IN A 175.16.199.113; cool.server.production.elastic.co. 190 IN A 175.16.199.112; cool.server.production.elastic.co. 190 IN A 175.16.199.111; cool.server.production.elastic.co. 190 IN A 175.16.199.110; cool.server.production.elastic.co. 190 IN A 175.16.199.11; cool.server.production.elastic.co. 190 IN A 175.16.199.109; cool.server.production.elastic.co. 190 IN A 175.16.199.108; cool.server.production.elastic.co. 190 IN A 175.16.199.107; cool.server.production.elastic.co. 190 IN A 175.16.199.106; cool.server.production.elastic.co. 190 IN A 175.16.199.105; cool.server.production.elastic.co. 190 IN A 175.16.199.104; cool.server.production.elastic.co. 190 IN A 175.16.199.103; cool.server.production.elastic.co. 190 IN A 175.16.199.102; cool.server.production.elastic.co. 190 IN A 175.16.199.101; cool.server.production.elastic.co. 190 IN A 175.16.199.100; cool.server.production.elastic.co. 190 IN A 175.16.199.10; cool.server.production.elastic.co. 190 IN A 175.16.199.1; cool.server.production.elastic.co. 190 IN A 175.16.199.0; cool.server.production.elastic.co. 190 IN A 175.16.199.99; cool.server.production.elastic.co. 190 IN A 175.16.199.98; cool.server.production.elastic.co. 190 IN A 175.16.199.97; cool.server.production.elastic.co. 190 IN A 175.16.199.96; cool.server.production.elastic.co. 190 IN A 175.16.199.95; cool.server.production.elastic.co. 190 IN A 175.16.199.94; cool.server.production.elastic.co. 190 IN A 175.16.199.93; cool.server.production.elastic.co. 190 IN A 175.16.199.92; cool.server.production.elastic.co. 190 IN A 175.16.199.91; cool.server.production.elastic.co. 190 IN A 175.16.199.90; cool.server.production.elastic.co. 190 IN A 175.16.199.9; cool.server.production.elastic.co. 190 IN A 175.16.199.89; cool.server.production.elastic.co. 190 IN A 175.16.199.88; cool.server.production.elastic.co. 190 IN A 175.16.199.87; cool.server.production.elastic.co. 190 IN A 175.16.199.86; cool.server.production.elastic.co. 190 IN A 175.16.199.85; cool.server.production.elastic.co. 190 IN A 175.16.199.84; cool.server.production.elastic.co. 190 IN A 175.16.199.83; cool.server.production.elastic.co. 190 IN A 175.16.199.82; cool.server.production.elastic.co. 190 IN A 175.16.199.81; cool.server.production.elastic.co. 190 IN A 175.16.199.80; cool.server.production.elastic.co. 190 IN A 175.16.199.8; cool.server.production.elastic.co. 190 IN A 175.16.199.79; cool.server.production.elastic.co. 190 IN A 175.16.199.78; cool.server.production.elastic.co. 190 IN A 175.16.199.77; cool.server.production.elastic.co. 190 IN A 175.16.199.76; cool.server.production.elastic.co. 190 IN A 175.16.199.75; cool.server.production.elastic.co. 190 IN A 175.16.199.74; cool.server.production.elastic.co. 190 IN A 175.16.199.73; cool.server.production.elastic.co. 190 IN A 175.16.199.72; cool.server.production.elastic.co. 190 IN A 175.16.199.71; cool.server.production.elastic.co. 190 IN A 175.16.199.70; cool.server.production.elastic.co. 190 IN A 175.16.199.7; cool.server.production.elastic.co. 190 IN A 175.16.199.69; cool.server.production.elastic.co. 190 IN A 175.16.199.68; cool.server.production.elastic.co. 190 IN A 175.16.199.67; cool.server.production.elastic.co. 190 IN A 175.16.199.66; cool.server.production.elastic.co. 190 IN A 175.16.199.65; cool.server.production.elastic.co. 190 IN A 175.16.199.64; cool.server.production.elastic.co. 190 IN A 175.16.199.63; cool.server.production.elastic.co. 190 IN A 175.16.199.62; cool.server.production.elastic.co. 190 IN A 175.16.199.61; cool.server.production.elastic.co. 190 IN A 175.16.199.60; cool.server.production.elastic.co. 190 IN A 175.16.199.6; cool.server.production.elastic.co. 190 IN A 175.16.199.59; cool.server.production.elastic.co. 190 IN A 175.16.199.58; cool.server.production.elastic.co. 190 IN A 175.16.199.57; cool.server.production.elastic.co. 190 IN A 175.16.199.56; cool.server.production.elastic.co. 190 IN A 175.16.199.55; cool.server.production.elastic.co. 190 IN A 175.16.199.54; cool.server.production.elastic.co. 190 IN A 175.16.199.53; cool.server.production.elastic.co. 190 IN A 175.16.199.52; cool.server.production.elastic.co. 190 IN A 175.16.199.51; cool.server.production.elastic.co. 190 IN A 175.16.199.50; cool.server.production.elastic.co. 190 IN A 175.16.199.5; cool.server.production.elastic.co. 190 IN A 175.16.199.49; cool.server.production.elastic.co. 190 IN A 175.16.199.48; cool.server.production.elastic.co. 190 IN A 175.16.199.47; cool.server.production.elastic.co. 190 IN A 175.16.199.46; cool.server.production.elastic.co. 190 IN A 175.16.199.45; cool.server.production.elastic.co. 190 IN A 175.16.199.44; cool.server.production.elastic.co. 190 IN A 175.16.199.43; cool.server.production.elastic.co. 190 IN A 175.16.199.42; cool.server.production.elastic.co. 190 IN A 175.16.199.41; cool.server.production.elastic.co. 190 IN A 175.16.199.40; cool.server.production.elastic.co. 190 IN A 175.16.199.4; cool.server.production.elastic.co. 190 IN A 175.16.199.39; cool.server.production.elastic.co. 190 IN A 175.16.199.38; cool.server.production.elastic.co. 190 IN A 175.16.199.37; cool.server.production.elastic.co. 190 IN A 175.16.199.36; cool.server.production.elastic.co. 190 IN A 175.16.199.35; cool.server.production.elastic.co. 190 IN A 175.16.199.34; cool.server.production.elastic.co. 190 IN A 175.16.199.33; cool.server.production.elastic.co. 190 IN A 175.16.199.32; cool.server.production.elastic.co. 190 IN A 175.16.199.31; cool.server.production.elastic.co ...", "network": { + "protocol": "dns", "transport": "tcp" }, "process": { @@ -2433,7 +2496,7 @@ ] }, { - "@timestamp": "2024-11-27T13:03:52.000Z", + "@timestamp": "2025-11-27T13:03:52.000Z", "client": { "as": { "number": 29518, @@ -2470,7 +2533,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-11-27T13:03:52.000Z", + "created": "2025-11-27T13:03:52.000Z", "original": "<30>Nov 27 13:03:52 81.2.69.144 named[27014]: client @0x7f1dd4114af0 89.160.20.128#24602 (abugtera.tun.p2.42): view 1: query: abugtera.tun.p2.42 IN A + (81.2.69.144)" }, "host": { @@ -2494,6 +2557,9 @@ } }, "message": "client @0x7f1dd4114af0 89.160.20.128#24602 (abugtera.tun.p2.42): view 1: query: abugtera.tun.p2.42 IN A + (81.2.69.144)", + "network": { + "protocol": "dns" + }, "process": { "pid": 27014 }, @@ -2514,7 +2580,7 @@ ] }, { - "@timestamp": "2024-11-27T11:53:09.000Z", + "@timestamp": "2025-11-27T11:53:09.000Z", "client": { "ip": "10.4.71.204", "port": 40026 @@ -2533,7 +2599,7 @@ "version": "8.11.0" }, "event": { - "created": "2024-11-27T11:53:09.000Z", + "created": "2025-11-27T11:53:09.000Z", "original": "<30>Nov 27 11:53:09 192.168.0.1 named[15242]: client @0x7fec7c11dab0 10.4.71.204#40026 (version.bind): query: version.bind CH TXT +T (192.168.0.1)" }, "host": { @@ -2556,6 +2622,9 @@ } }, "message": "client @0x7fec7c11dab0 10.4.71.204#40026 (version.bind): query: version.bind CH TXT +T (192.168.0.1)", + "network": { + "protocol": "dns" + }, "process": { "pid": 15242 }, diff --git a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml index 974f63542b6..e3d4c19c650 100644 --- a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml +++ b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml @@ -1,6 +1,9 @@ --- description: Pipeline for parsing Infoblox NIOS DHCP logs. processors: + - set: + field: network.protocol + value: dhcp - grok: field: message if: ctx.message.contains('DHCPDISCOVER') diff --git a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml index 9d81cb7eccd..66e344d34b9 100644 --- a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml +++ b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml @@ -1,6 +1,9 @@ --- description: Pipeline for parsing Infoblox NIOS DNS logs. processors: + - set: + field: network.protocol + value: dns - grok: field: message patterns: diff --git a/packages/infoblox_nios/manifest.yml b/packages/infoblox_nios/manifest.yml index 83c2001051b..7e8e1082b09 100644 --- a/packages/infoblox_nios/manifest.yml +++ b/packages/infoblox_nios/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.3" name: infoblox_nios title: Infoblox NIOS -version: "1.25.0" +version: "1.26.0" description: Collect logs from Infoblox NIOS with Elastic Agent. type: integration categories: