[Cisco IOS] Syslog messages not parsed after upgrade to 1.26.6 #9857
Labels
bug
Something isn't working
Integration:CiscoIOS
Cisco IOS
Team:Security-Deployment and Devices
Deployment and Devices Security team
Kibana version: 8.13.3
Elasticsearch version: 8.13.3
After upgrade Fleet Cisco IOS Integration from version 1.25.1 to version 1.26.6, parsing of Cisco syslog messages stopped working.
Now the fields are not automatically populated.
My syslog messages have the following format:
<189>387448: host-01: May 6 16:13:09.123 UTC+1: %DOT1X-5-FAIL: Authentication failed for client (001e.0b80.13b5) on Interface Gi1/0/16 AuditSessionID 000000000000011D51B826E5
Steps to reproduce:
Upgrade Cisco IOS Integration from version 1.25.1 to version 1.26.6
Expected behavior:
No behaviour change in message parsing.
Any additional context:
I've verified the ingest pipeline from these two versions and confirmed than the old grok patterns from 1.25.1 are ok, but not the new ones.
The text was updated successfully, but these errors were encountered: