From 917351036224e76d13b210964a91fdaa881c33f0 Mon Sep 17 00:00:00 2001 From: fgierlinger <2966031+fgierlinger@users.noreply.github.com> Date: Fri, 6 Oct 2023 20:28:19 +0200 Subject: [PATCH] add artifacts --- docs/fields/field-details.asciidoc | 4 ++-- experimental/generated/beats/fields.ecs.yml | 9 +++++---- experimental/generated/ecs/ecs_flat.yml | 11 ++++++----- experimental/generated/ecs/ecs_nested.yml | 9 +++++---- generated/beats/fields.ecs.yml | 9 +++++---- generated/ecs/ecs_flat.yml | 11 ++++++----- generated/ecs/ecs_nested.yml | 9 +++++---- 7 files changed, 34 insertions(+), 28 deletions(-) diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc index b71ae31f6..14e0af05b 100644 --- a/docs/fields/field-details.asciidoc +++ b/docs/fields/field-details.asciidoc @@ -5894,7 +5894,7 @@ example: `12345` a| The Syslog numeric severity of the log event, if available. -If the event source publishing via Syslog provides a different numeric severity value (e.g. firewall, IDS), your source's numeric severity should go to `event.severity`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `event.severity`. +If the event source publishing via Syslog provides a different numeric severity value than defined in RFC 5424 (0-7), your source's numeric severity should go to `event.severity`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `event.severity`. type: long @@ -5912,7 +5912,7 @@ example: `3` a| The Syslog numeric severity of the log event, if available. -If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source's text severity should go to `log.level`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `log.level`. +If the event source publishing via Syslog provides a different severity value than defined in RFC 5424 (Emergency, Alert, Critical, Error, Warning, Notice, Informational, Debug), your source's text severity should go to `log.level`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `log.level`. type: keyword diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 27ee873ef..568916ae4 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -3957,9 +3957,9 @@ description: 'The Syslog numeric severity of the log event, if available. If the event source publishing via Syslog provides a different numeric severity - value (e.g. firewall, IDS), your source''s numeric severity should go to `event.severity`. - If the event source does not specify a distinct severity, you can optionally - copy the Syslog severity to `event.severity`.' + value than defined in RFC 5424 (0-7), your source''s numeric severity should + go to `event.severity`. If the event source does not specify a distinct severity, + you can optionally copy the Syslog severity to `event.severity`.' example: 3 - name: syslog.severity.name level: extended @@ -3968,7 +3968,8 @@ description: 'The Syslog numeric severity of the log event, if available. If the event source publishing via Syslog provides a different severity value - (e.g. firewall, IDS), your source''s text severity should go to `log.level`. + than defined in RFC 5424 (Emergency, Alert, Critical, Error, Warning, Notice, + Informational, Debug), your source''s text severity should go to `log.level`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `log.level`.' example: Error diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 9b74b8e01..6e5533358 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -6490,9 +6490,9 @@ log.syslog.severity.code: description: 'The Syslog numeric severity of the log event, if available. If the event source publishing via Syslog provides a different numeric severity - value (e.g. firewall, IDS), your source''s numeric severity should go to `event.severity`. - If the event source does not specify a distinct severity, you can optionally copy - the Syslog severity to `event.severity`.' + value than defined in RFC 5424 (0-7), your source''s numeric severity should go + to `event.severity`. If the event source does not specify a distinct severity, + you can optionally copy the Syslog severity to `event.severity`.' example: 3 flat_name: log.syslog.severity.code level: extended @@ -6505,8 +6505,9 @@ log.syslog.severity.name: description: 'The Syslog numeric severity of the log event, if available. If the event source publishing via Syslog provides a different severity value - (e.g. firewall, IDS), your source''s text severity should go to `log.level`. If - the event source does not specify a distinct severity, you can optionally copy + than defined in RFC 5424 (Emergency, Alert, Critical, Error, Warning, Notice, + Informational, Debug), your source''s text severity should go to `log.level`. + If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `log.level`.' example: Error flat_name: log.syslog.severity.name diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index 0eee0300d..56404c15a 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -7978,9 +7978,9 @@ log: description: 'The Syslog numeric severity of the log event, if available. If the event source publishing via Syslog provides a different numeric severity - value (e.g. firewall, IDS), your source''s numeric severity should go to `event.severity`. - If the event source does not specify a distinct severity, you can optionally - copy the Syslog severity to `event.severity`.' + value than defined in RFC 5424 (0-7), your source''s numeric severity should + go to `event.severity`. If the event source does not specify a distinct severity, + you can optionally copy the Syslog severity to `event.severity`.' example: 3 flat_name: log.syslog.severity.code level: extended @@ -7993,7 +7993,8 @@ log: description: 'The Syslog numeric severity of the log event, if available. If the event source publishing via Syslog provides a different severity value - (e.g. firewall, IDS), your source''s text severity should go to `log.level`. + than defined in RFC 5424 (Emergency, Alert, Critical, Error, Warning, Notice, + Informational, Debug), your source''s text severity should go to `log.level`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `log.level`.' example: Error diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 0c45bd930..a12c87189 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -3907,9 +3907,9 @@ description: 'The Syslog numeric severity of the log event, if available. If the event source publishing via Syslog provides a different numeric severity - value (e.g. firewall, IDS), your source''s numeric severity should go to `event.severity`. - If the event source does not specify a distinct severity, you can optionally - copy the Syslog severity to `event.severity`.' + value than defined in RFC 5424 (0-7), your source''s numeric severity should + go to `event.severity`. If the event source does not specify a distinct severity, + you can optionally copy the Syslog severity to `event.severity`.' example: 3 - name: syslog.severity.name level: extended @@ -3918,7 +3918,8 @@ description: 'The Syslog numeric severity of the log event, if available. If the event source publishing via Syslog provides a different severity value - (e.g. firewall, IDS), your source''s text severity should go to `log.level`. + than defined in RFC 5424 (Emergency, Alert, Critical, Error, Warning, Notice, + Informational, Debug), your source''s text severity should go to `log.level`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `log.level`.' example: Error diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index e5f035baa..8c7d65af8 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -6421,9 +6421,9 @@ log.syslog.severity.code: description: 'The Syslog numeric severity of the log event, if available. If the event source publishing via Syslog provides a different numeric severity - value (e.g. firewall, IDS), your source''s numeric severity should go to `event.severity`. - If the event source does not specify a distinct severity, you can optionally copy - the Syslog severity to `event.severity`.' + value than defined in RFC 5424 (0-7), your source''s numeric severity should go + to `event.severity`. If the event source does not specify a distinct severity, + you can optionally copy the Syslog severity to `event.severity`.' example: 3 flat_name: log.syslog.severity.code level: extended @@ -6436,8 +6436,9 @@ log.syslog.severity.name: description: 'The Syslog numeric severity of the log event, if available. If the event source publishing via Syslog provides a different severity value - (e.g. firewall, IDS), your source''s text severity should go to `log.level`. If - the event source does not specify a distinct severity, you can optionally copy + than defined in RFC 5424 (Emergency, Alert, Critical, Error, Warning, Notice, + Informational, Debug), your source''s text severity should go to `log.level`. + If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `log.level`.' example: Error flat_name: log.syslog.severity.name diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 048948d37..b83c56c21 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -7898,9 +7898,9 @@ log: description: 'The Syslog numeric severity of the log event, if available. If the event source publishing via Syslog provides a different numeric severity - value (e.g. firewall, IDS), your source''s numeric severity should go to `event.severity`. - If the event source does not specify a distinct severity, you can optionally - copy the Syslog severity to `event.severity`.' + value than defined in RFC 5424 (0-7), your source''s numeric severity should + go to `event.severity`. If the event source does not specify a distinct severity, + you can optionally copy the Syslog severity to `event.severity`.' example: 3 flat_name: log.syslog.severity.code level: extended @@ -7913,7 +7913,8 @@ log: description: 'The Syslog numeric severity of the log event, if available. If the event source publishing via Syslog provides a different severity value - (e.g. firewall, IDS), your source''s text severity should go to `log.level`. + than defined in RFC 5424 (Emergency, Alert, Critical, Error, Warning, Notice, + Informational, Debug), your source''s text severity should go to `log.level`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `log.level`.' example: Error