Skip to content
This repository was archived by the owner on Dec 14, 2022. It is now read-only.

Commit a1e4fe6

Browse files
author
Chris Wiechmann
committed
Drop Audit-Message such as Local deployment data read
1 parent 6bab720 commit a1e4fe6

File tree

2 files changed

+8
-1
lines changed

2 files changed

+8
-1
lines changed

logstash/pipelines/DomainAuditPipeline.conf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ filter {
1010
add_field => { "[processInfo][gatewayRegion]" => "%{[gatewayRegion]}" }
1111
}
1212

13-
if([message] =~ "Deployment data read by user " or [message] =~ "Deployment data with pending read by user ") {
13+
if([message] =~ "Deployment data read by user " or [message] =~ "Deployment data with pending read by user " or [message] =~ "Local deployment data read by user ") {
1414
drop { }
1515
}
1616
}

logstash/test/domainAudit/test-domain-audit-events.json

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,13 @@
1818
"{\"message\":\"Deployment data with pending read by user 'admin'\",\"eventId\":1041,\"user\":\"admin\",\"outcome\":\"success\",\"additionalInfo\":\"\",\"metaData\":{},\"timeStamp\":1606742273624}"
1919
],
2020
"expected": [ ]
21+
},
22+
{
23+
"description": "Also message 'Local deployment data read by user ...' should be dropped - As it is constantly created and doesn't bring any value.",
24+
"input": [
25+
"{\"message\":\"Local deployment data read by user 'admin'\",\"eventId\":1042,\"user\":\"admin\",\"outcome\":\"success\",\"additionalInfo\":\"\",\"metaData\":{},\"timeStamp\":1611165639863}"
26+
],
27+
"expected": [ ]
2128
}
2229
]
2330
}

0 commit comments

Comments
 (0)