{ "name": "f5_bigip", "title": "F5 BIG-IP", "version": "1.28.0", "release": "ga", "description": "Collect logs from F5 BIG-IP with Elastic Agent.", "type": "integration", "download": "/epr/f5_bigip/f5_bigip-1.28.0.zip", "path": "/package/f5_bigip/1.28.0", "icons": [ { "src": "/img/f5-bigip-logo.svg", "path": "/package/f5_bigip/1.28.0/img/f5-bigip-logo.svg", "title": "F5 BIG-IP logo", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.16.5 || ^9.0.0" }, "elastic": { "subscription": "basic" } }, "owner": { "type": "elastic", "github": "elastic/integration-experience" }, "categories": [ "security" ], "signature_path": "/epr/f5_bigip/f5_bigip-1.28.0.zip.sig", "format_version": "3.0.2", "readme": "/package/f5_bigip/1.28.0/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/f5-bigip-screenshot.png", "path": "/package/f5_bigip/1.28.0/img/f5-bigip-screenshot.png", "title": "F5 BIG-IP dashboard screenshot", "size": "600x600", "type": "image/png" }, { "src": "/img/f5-bigip-system-information.png", "path": "/package/f5_bigip/1.28.0/img/f5-bigip-system-information.png", "title": "F5 BIG-IP System Information dashboard", "size": "600x600", "type": "image/png" }, { "src": "/img/f5-bigip-ihealth-information.png", "path": "/package/f5_bigip/1.28.0/img/f5-bigip-ihealth-information.png", "title": "F5 BIG-IP IHealth Information dashboard", "size": "600x600", "type": "image/png" }, { "src": "/img/f5-bigip-bot-dos.png", "path": "/package/f5_bigip/1.28.0/img/f5-bigip-bot-dos.png", "title": "F5 BIG-IP Bot-DoS dashboard screenshot", "size": "600x600", "type": "image/png" } ], "assets": [ "/package/f5_bigip/1.28.0/LICENSE.txt", "/package/f5_bigip/1.28.0/changelog.yml", "/package/f5_bigip/1.28.0/manifest.yml", "/package/f5_bigip/1.28.0/validation.yml", "/package/f5_bigip/1.28.0/docs/README.md", "/package/f5_bigip/1.28.0/img/f5-bigip-bot-dos.png", "/package/f5_bigip/1.28.0/img/f5-bigip-ihealth-information.png", "/package/f5_bigip/1.28.0/img/f5-bigip-logo.svg", "/package/f5_bigip/1.28.0/img/f5-bigip-screenshot.png", "/package/f5_bigip/1.28.0/img/f5-bigip-system-information.png", "/package/f5_bigip/1.28.0/kibana/tags.yml", "/package/f5_bigip/1.28.0/data_stream/log/manifest.yml", "/package/f5_bigip/1.28.0/data_stream/log/sample_event.json", "/package/f5_bigip/1.28.0/kibana/dashboard/f5_bigip-108dbde7-7604-43e0-b375-337f9229d1a2.json", "/package/f5_bigip/1.28.0/kibana/dashboard/f5_bigip-3d589240-2d03-11ed-8a2f-21ef339df797.json", "/package/f5_bigip/1.28.0/kibana/dashboard/f5_bigip-68e4e1e0-2d1f-11ed-8a2f-21ef339df797.json", "/package/f5_bigip/1.28.0/kibana/dashboard/f5_bigip-b5d90026-87d6-4310-a724-fb5235063ff8.json", "/package/f5_bigip/1.28.0/kibana/dashboard/f5_bigip-bfd3f300-2cfd-11ed-8a2f-21ef339df797.json", "/package/f5_bigip/1.28.0/kibana/dashboard/f5_bigip-c7a76440-2d16-11ed-8a2f-21ef339df797.json", "/package/f5_bigip/1.28.0/kibana/dashboard/f5_bigip-ecfd399f-89bc-41c9-beac-c629dd2a26fa.json", "/package/f5_bigip/1.28.0/kibana/dashboard/f5_bigip-f9913450-2d06-11ed-8a2f-21ef339df797.json", "/package/f5_bigip/1.28.0/kibana/search/f5_bigip-2a1f6900-2d18-11ed-8a2f-21ef339df797.json", "/package/f5_bigip/1.28.0/kibana/search/f5_bigip-4088d440-2dab-11ed-8a2f-21ef339df797.json", "/package/f5_bigip/1.28.0/data_stream/log/fields/agent.yml", "/package/f5_bigip/1.28.0/data_stream/log/fields/base-fields.yml", "/package/f5_bigip/1.28.0/data_stream/log/fields/beats.yml", "/package/f5_bigip/1.28.0/data_stream/log/fields/fields.yml", "/package/f5_bigip/1.28.0/data_stream/log/agent/stream/aws-s3.yml.hbs", "/package/f5_bigip/1.28.0/data_stream/log/agent/stream/http_endpoint.yml.hbs", "/package/f5_bigip/1.28.0/data_stream/log/agent/stream/log.yml.hbs", "/package/f5_bigip/1.28.0/data_stream/log/elasticsearch/ingest_pipeline/default.yml", "/package/f5_bigip/1.28.0/data_stream/log/elasticsearch/ingest_pipeline/pipeline_bigip_bot_and_dos.yml", "/package/f5_bigip/1.28.0/data_stream/log/elasticsearch/ingest_pipeline/pipeline_bigipafm.yml", "/package/f5_bigip/1.28.0/data_stream/log/elasticsearch/ingest_pipeline/pipeline_bigipapm.yml", "/package/f5_bigip/1.28.0/data_stream/log/elasticsearch/ingest_pipeline/pipeline_bigipasm.yml", "/package/f5_bigip/1.28.0/data_stream/log/elasticsearch/ingest_pipeline/pipeline_bigipavr.yml", "/package/f5_bigip/1.28.0/data_stream/log/elasticsearch/ingest_pipeline/pipeline_bigipihealthinfo.yml", "/package/f5_bigip/1.28.0/data_stream/log/elasticsearch/ingest_pipeline/pipeline_bigipltm.yml", "/package/f5_bigip/1.28.0/data_stream/log/elasticsearch/ingest_pipeline/pipeline_bigipsystem.yml" ], "policy_templates": [ { "name": "F5 BIG-IP", "title": "F5 BIG-IP logs", "description": "Collect F5 BIG-IP logs.", "inputs": [ { "type": "http_endpoint", "vars": [ { "name": "listen_address", "type": "text", "title": "Listen Address", "description": "The bind address to listen for http endpoint connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "secret_header", "type": "text", "title": "Secret Header", "description": "The header to check for a specific value specified by `secret.value`.", "multi": false, "required": false, "show_user": false }, { "name": "secret_value", "type": "password", "title": "Secret Value", "description": "The secret stored in the header name specified by `secret.header`.", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" } ], "title": "Collect F5 BIG-IP logs via HTTP Endpoint", "description": "Collecting logs from F5 BIG-IP via HTTP Endpoint." }, { "type": "aws-s3", "vars": [ { "name": "collect_s3_logs", "type": "bool", "title": "Collect logs via S3 Bucket", "description": "To Collect logs via S3 bucket enable the toggle switch. By default, it will collect logs via SQS Queue.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "bucket_arn", "type": "text", "title": "[S3] Bucket ARN", "description": "ARN of the AWS S3 bucket that will be polled for list operation. It is a required parameter for collecting logs via the AWS S3 Bucket unless you set an Access Point ARN. In case both configurations are added, this one takes precedence.", "multi": false, "required": false, "show_user": true }, { "name": "access_point_arn", "type": "text", "title": "[S3] Access Point ARN", "description": "ARN of the AWS S3 Access Point that will be polled for list operation. Mandatory if the \"Collect logs via S3 Bucket\" switch is on. It is a required parameter for collecting logs via the AWS S3 Bucket unless you set a Bucket ARN.", "multi": false, "required": false, "show_user": true }, { "name": "queue_url", "type": "text", "title": "[SQS] Queue URL", "description": "URL of the AWS SQS queue that messages will be received from. It is a required parameter for collecting logs via the AWS SQS.", "multi": false, "required": false, "show_user": true }, { "name": "access_key_id", "type": "password", "title": "Access Key ID", "description": "First part of access key.", "multi": false, "required": false, "show_user": true }, { "name": "secret_access_key", "type": "password", "title": "Secret Access Key", "description": "Second part of access key.", "multi": false, "required": false, "show_user": true }, { "name": "session_token", "type": "password", "title": "Session Token", "description": "Required when using temporary security credentials.", "multi": false, "required": false, "show_user": true }, { "name": "shared_credential_file", "type": "text", "title": "Shared Credential File", "description": "Directory of the shared credentials file.", "multi": false, "required": false, "show_user": false }, { "name": "credential_profile_name", "type": "text", "title": "Credential Profile Name", "description": "Profile name in shared credentials file.", "multi": false, "required": false, "show_user": false }, { "name": "role_arn", "type": "text", "title": "Role ARN", "description": "AWS IAM Role to assume.", "multi": false, "required": false, "show_user": false }, { "name": "endpoint", "type": "text", "title": "Endpoint", "description": "URL of the entry point for an AWS web service.", "multi": false, "required": false, "show_user": false }, { "name": "fips_enabled", "type": "bool", "title": "Enable S3 FIPS", "description": "Enabling this option changes the service name from `s3` to `s3-fips` for connecting to the correct service endpoint.", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "proxy_url", "type": "text", "title": "Proxy URL", "description": "URL to proxy connections in the form of http[s]://:@:. Please ensure your username and password are in URL encoded format.", "multi": false, "required": false, "show_user": false } ], "title": "Collect F5 BIG-IP logs via AWS S3 or AWS SQS", "description": "Collecting logs from F5 BIG-IP via AWS S3 or AWS SQS." }, { "type": "filestream", "title": "Collect F5 BIG-IP logs using filestream input", "description": "Collecting logs from F5 BIG-IP using filestream input." } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "f5_bigip.log", "title": "Collect logs from F5 BIG-IP", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "http_endpoint", "vars": [ { "name": "listen_port", "type": "integer", "title": "Listen Port", "description": "The port number the listener binds to.", "multi": false, "required": true, "show_user": true, "default": 9570 }, { "name": "url", "type": "text", "title": "URL", "description": "This option specifies which URL path to accept requests on. Defaults to /.", "multi": false, "required": false, "show_user": false, "default": "/" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "f5_bigip-log" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve custom fields for all ECS mappings.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "http_endpoint.yml.hbs", "title": "F5 BIG-IP logs via HTTP Endpoint", "description": "Collect F5 BIG-IP logs via HTTP Endpoint input.", "enabled": false, "ingestion_method": "Webhook" }, { "input": "aws-s3", "vars": [ { "name": "bucket_list_prefix", "type": "text", "title": "[S3] Bucket Prefix", "description": "Prefix to apply for the list request to the S3 bucket.", "multi": false, "required": false, "show_user": true }, { "name": "interval", "type": "text", "title": "[S3] Interval", "description": "Time interval for polling listing of the S3 bucket. Supported units for this parameter are h/m/s.", "multi": false, "required": false, "show_user": true, "default": "1m" }, { "name": "number_of_workers", "type": "integer", "title": "[S3] Number of Workers", "description": "Number of workers that will process the S3 objects listed.", "multi": false, "required": false, "show_user": true, "default": 5 }, { "name": "start_timestamp", "type": "text", "title": "[S3] Start Timestamp", "description": "If set, only read S3 objects with last modified timestamp newer than the given timestamp. Accepts a timestamp in `YYYY-MM-DDTHH:MM:SSZ` format. For example, \"2020-10-10T10:30:00Z\" (UTC) or \"2020-10-10T10:30:00Z+02:30\" (with zone offset).", "multi": false, "required": false, "show_user": false }, { "name": "ignore_older", "type": "text", "title": "[S3] Ignore Older Timespan", "description": "If set, ignore S3 objects whose Last-Modified time is before the ignore older timespan. Timespan is checked from the current time to S3 object's Last-Modified time. Accepts a duration like `48h`, `2h30m`.", "multi": false, "required": false, "show_user": false }, { "name": "visibility_timeout", "type": "text", "title": "[SQS] Visibility Timeout", "description": "The duration that the received messages are hidden from subsequent retrieve requests after being retrieved by a ReceiveMessage request. The maximum is 12 hours. NOTE: Supported units for this parameter are h/m/s.", "multi": false, "required": false, "show_user": true, "default": "300s" }, { "name": "api_timeout", "type": "text", "title": "[SQS] API Timeout", "description": "The maximum duration of AWS API can take. The maximum is half of the visibility timeout value. Supported units for this parameter are h/m/s.", "multi": false, "required": false, "show_user": true, "default": "120s" }, { "name": "max_number_of_messages", "type": "integer", "title": "[SQS] Maximum Concurrent SQS Messages", "description": "Deprecated in agent version 8.16.0, this parameter is ignored if present, use number_of_workers instead. The maximum number of SQS messages that can be inflight at any time.", "multi": false, "required": false, "show_user": true, "default": 5 }, { "name": "file_selectors", "type": "yaml", "title": "[SQS] File Selectors", "description": "If the SQS queue will have events that correspond to files that this integration shouldn’t process, file_selectors can be used to limit the files that are downloaded. This is a list of selectors which are made up of regex and expand_event_list_from_field options. The regex should match the S3 object key in the SQS message, and the optional expand_event_list_from_field is the same as the global setting. If file_selectors is given, then any global expand_event_list_from_field value is ignored in favor of the ones specified in the file_selectors. Regexes use [RE2 syntax](https://pkg.go.dev/regexp/syntax). Files that don’t match one of the regexes will not be processed.", "multi": false, "required": false, "show_user": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "f5_bigip-log" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve custom fields for all ECS mappings.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "aws-s3.yml.hbs", "title": "F5 BIG-IP logs via AWS S3 or SQS", "description": "Collect F5 BIG-IP logs via AWS S3 or SQS input.", "enabled": false, "ingestion_method": "AWS S3" }, { "input": "filestream", "vars": [ { "name": "paths", "type": "text", "title": "Paths", "multi": true, "required": true, "show_user": true }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "f5_bigip-log" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve custom fields for all ECS mappings.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "log.yml.hbs", "title": "F5 BIG-IP logs using filestream input", "description": "Collect F5 BIG-IP logs using filestream input.", "enabled": false, "ingestion_method": "File" } ], "package": "f5_bigip", "path": "log" } ] }