{ "name": "sonicwall_firewall", "title": "SonicWall Firewall", "version": "1.22.1", "release": "ga", "description": "Integration for SonicWall firewall logs", "type": "integration", "download": "/epr/sonicwall_firewall/sonicwall_firewall-1.22.1.zip", "path": "/package/sonicwall_firewall/1.22.1", "icons": [ { "src": "/img/logo.svg", "path": "/package/sonicwall_firewall/1.22.1/img/logo.svg", "title": "SonicWall logo", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.11.0 || ^9.0.0" } }, "owner": { "type": "elastic", "github": "elastic/integration-experience" }, "categories": [ "network", "security", "firewall_security", "network_security" ], "signature_path": "/epr/sonicwall_firewall/sonicwall_firewall-1.22.1.zip.sig", "format_version": "3.0.3", "readme": "/package/sonicwall_firewall/1.22.1/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/dashboard.png", "path": "/package/sonicwall_firewall/1.22.1/img/dashboard.png", "title": "Sample dashboard", "size": "911x1531", "type": "image/png" } ], "assets": [ "/package/sonicwall_firewall/1.22.1/LICENSE.txt", "/package/sonicwall_firewall/1.22.1/changelog.yml", "/package/sonicwall_firewall/1.22.1/manifest.yml", "/package/sonicwall_firewall/1.22.1/validation.yml", "/package/sonicwall_firewall/1.22.1/docs/README.md", "/package/sonicwall_firewall/1.22.1/img/dashboard.png", "/package/sonicwall_firewall/1.22.1/img/logo.svg", "/package/sonicwall_firewall/1.22.1/kibana/tags.yml", "/package/sonicwall_firewall/1.22.1/data_stream/log/manifest.yml", "/package/sonicwall_firewall/1.22.1/data_stream/log/sample_event.json", "/package/sonicwall_firewall/1.22.1/docs/knowledge_base/service_info.md", "/package/sonicwall_firewall/1.22.1/kibana/dashboard/sonicwall_firewall-782e2cf0-d78f-11ec-bc4f-47419689dcde.json", "/package/sonicwall_firewall/1.22.1/kibana/search/sonicwall_firewall-93af7ae0-d796-11ec-bc4f-47419689dcde.json", "/package/sonicwall_firewall/1.22.1/data_stream/log/fields/base-fields.yml", "/package/sonicwall_firewall/1.22.1/data_stream/log/fields/beats.yml", "/package/sonicwall_firewall/1.22.1/data_stream/log/fields/ecs.yml", "/package/sonicwall_firewall/1.22.1/data_stream/log/fields/package-fields.yml", "/package/sonicwall_firewall/1.22.1/data_stream/log/agent/stream/logfile.yml.hbs", "/package/sonicwall_firewall/1.22.1/data_stream/log/agent/stream/udp.yml.hbs", "/package/sonicwall_firewall/1.22.1/data_stream/log/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "sample", "title": "Sample logs", "description": "Collect sample logs", "inputs": [ { "type": "udp", "title": "Collect logs via syslog", "description": "Collecting logs via syslog" }, { "type": "logfile", "title": "Collect logs from file", "description": "Collecting logs from file" } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "sonicwall_firewall.log", "title": "SonicWall Firewall logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "udp", "vars": [ { "name": "syslog_host", "type": "text", "title": "Listen address", "description": "Address where the agent will accept syslog messages.\nUse 0.0.0.0 to receive syslog on all interfaces.\n", "multi": false, "required": true, "show_user": true, "default": "0.0.0.0" }, { "name": "syslog_port", "type": "integer", "title": "Listen Port", "description": "UDP Port where the Agent will receive syslog messages.", "multi": false, "required": true, "show_user": true, "default": 9514 }, { "name": "udp_options", "type": "yaml", "title": "Custom UDP Options", "description": "Specify custom configuration options for the UDP input.", "multi": false, "required": false, "show_user": false, "default": "#read_buffer: 100MiB\n#max_message_size: 50KiB\n#timeout: 300s\n" } ], "template_path": "udp.yml.hbs", "title": "Syslog logs", "description": "Collect logs via syslog", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "logfile", "vars": [ { "name": "paths", "type": "text", "title": "Paths", "multi": true, "required": true, "show_user": true, "default": [ "/var/log/sonicwall-firewall.log" ] } ], "template_path": "logfile.yml.hbs", "title": "Log files", "description": "Collect logs from file", "enabled": false, "ingestion_method": "File" } ], "package": "sonicwall_firewall", "path": "log" } ], "vars": [ { "name": "tz_offset", "type": "text", "title": "Timezone Offset", "description": "By default, datetimes in the logs will be interpreted as relative to the timezone configured in the host where the agent is running. If ingesting logs from a host on a different timezone, use this field to set the timezone offset so that datetimes are correctly parsed. Acceptable timezone formats are: a canonical ID (e.g. \"Europe/Amsterdam\"), abbreviated (e.g. \"EST\") or an HH:mm differential (e.g. \"-05:00\") from UTC.", "multi": false, "required": true, "show_user": true, "default": "local" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "sonicwall-firewall", "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false } ] }