Final tweaks to support the sslSubject

Chris Wiechmann · Chris Wiechmann · commit b6ee16c5a264 · 2021-04-29T13:17:09.000+02:00
#104
diff --git a/apibuilder4elastic/flows/trafficMonitorApi-search.json b/apibuilder4elastic/flows/trafficMonitorApi-search.json
@@ -134,7 +134,7 @@
 				{
 					"name": "code",
 					"type": "string",
-					"value": "\"var result = {};\\n  var hits = data.elasticsearch.result.body.hits.hits;\\n  var protocol = data.params.protocol;\\n  result.processId = \\\"\\\";\\n  result.data = [];\\n  hits.map(function(entry) {\\n    var dataObject = {};\\n    var _source = entry._source;\\n    dataObject.correlationId = _source.correlationId;\\n    dataObject.timestamp = Date.parse(_source['@timestamp']);\\n    if(_source.serviceContext) {\\n      dataObject.serviceName = _source.serviceContext.service;\\n      dataObject.operation = _source.serviceContext.method;\\n    }\\n    if(!_source.http.sslSubject) {\\n      _source.http.sslSubject = \\\"null\\\";\\n    }\\n    dataObject.type = protocol;\\n    switch (protocol) {\\n      case \\\"http\\\":\\n        formatHttpFields(dataObject, _source);\\n        break;\\n      case \\\"fileTransfer\\\":\\n        formatFiletransferFields(dataObject, _source);\\n        break;\\n    }\\n    result.data.push(dataObject);\\n  });\\n  \\n  function formatHttpFields(dataObject, _source) {    \\n      dataObject.statustext = _source.http.statusText;\\n      dataObject.method = _source.http.method;\\n      dataObject.status = _source.http.status;\\n      dataObject.wafStatus = _source.http.wafStatus;\\n      dataObject.subject = _source.http.authSubjectId;\\n      dataObject.sslsubject = _source.http.sslSubject;\\n      dataObject.localPort = _source.http.localPort;\\n      dataObject.uri = _source.http.uri;\\n      dataObject.vhost = _source.http.vhost;\\n      dataObject.duration = _source.duration;\\n      dataObject.finalStatus = _source.finalStatus;\\n      dataObject.bytesReceived = _source.http.bytesReceived;\\n      dataObject.bytesSent = _source.http.bytesSent;\\n      dataObject.remoteName = _source.http.remoteName;\\n      dataObject.remoteAddr = _source.http.remoteAddr;\\n      dataObject.remotePort = _source.http.remotePort;\\n      dataObject.localAddr = _source.http.localAddr;\\n      dataObject.localPort = _source.http.localPort;\\n      dataObject.leg = 0;\\n  }\\n  \\n  function formatFiletransferFields(dataObject, _source) {\\n      dataObject.remoteAddr = _source.fileTransfer.remoteAddr;\\n      dataObject.uploadFile = _source.fileTransfer.uploadFile;\\n      dataObject.direction = _source.fileTransfer.direction;\\n      dataObject.servicetype = _source.fileTransfer.serviceType;\\n      dataObject.size = _source.fileTransfer.size;\\n      dataObject.duration = _source.duration;\\n      dataObject.subject = _source.fileTransfer.authSubjectId;\\n      dataObject.finalStatus = _source.finalStatus;\\n  }\\n\\n  \\n  return result;\"",
+					"value": "\"var result = {};\\n  var hits = data.elasticsearch.result.body.hits.hits;\\n  var protocol = data.params.protocol;\\n  result.processId = \\\"\\\";\\n  result.data = [];\\n  hits.map(function(entry) {\\n    var dataObject = {};\\n    var _source = entry._source;\\n    dataObject.correlationId = _source.correlationId;\\n    dataObject.timestamp = Date.parse(_source['@timestamp']);\\n    if(_source.serviceContext) {\\n      dataObject.serviceName = _source.serviceContext.service;\\n      dataObject.operation = _source.serviceContext.method;\\n    }\\n    dataObject.type = protocol;\\n    switch (protocol) {\\n      case \\\"http\\\":\\n        formatHttpFields(dataObject, _source);\\n        break;\\n      case \\\"fileTransfer\\\":\\n        formatFiletransferFields(dataObject, _source);\\n        break;\\n    }\\n    result.data.push(dataObject);\\n  });\\n  \\n  function formatHttpFields(dataObject, _source) {    \\n      if(!_source.http.sslSubject) {\\n        _source.http.sslSubject = \\\"null\\\";\\n      }\\n      dataObject.statustext = _source.http.statusText;\\n      dataObject.method = _source.http.method;\\n      dataObject.status = _source.http.status;\\n      dataObject.wafStatus = _source.http.wafStatus;\\n      dataObject.subject = _source.http.authSubjectId;\\n      dataObject.sslsubject = _source.http.sslSubject;\\n      dataObject.localPort = _source.http.localPort;\\n      dataObject.uri = _source.http.uri;\\n      dataObject.vhost = _source.http.vhost;\\n      dataObject.duration = _source.duration;\\n      dataObject.finalStatus = _source.finalStatus;\\n      dataObject.bytesReceived = _source.http.bytesReceived;\\n      dataObject.bytesSent = _source.http.bytesSent;\\n      dataObject.remoteName = _source.http.remoteName;\\n      dataObject.remoteAddr = _source.http.remoteAddr;\\n      dataObject.remotePort = _source.http.remotePort;\\n      dataObject.localAddr = _source.http.localAddr;\\n      dataObject.localPort = _source.http.localPort;\\n      dataObject.leg = 0;\\n  }\\n  \\n  function formatFiletransferFields(dataObject, _source) {\\n      dataObject.remoteAddr = _source.fileTransfer.remoteAddr;\\n      dataObject.uploadFile = _source.fileTransfer.uploadFile;\\n      dataObject.direction = _source.fileTransfer.direction;\\n      dataObject.servicetype = _source.fileTransfer.serviceType;\\n      dataObject.size = _source.fileTransfer.size;\\n      dataObject.duration = _source.duration;\\n      dataObject.subject = _source.fileTransfer.authSubjectId;\\n      dataObject.finalStatus = _source.finalStatus;\\n  }\\n\\n  \\n  return result;\"",
 					"metaName": "code",
 					"metaDescription": "A JavaScript function body. Supports `await` and returning promises."
 				}
diff --git a/logstash/test/http/test-opentrafficlog.json b/logstash/test/http/test-opentrafficlog.json
@@ -711,36 +711,39 @@
       ],
       "expected": [
         {
-          "@timestamp": "2020-09-15T15:37:36.487Z",
+          "@timestamp": "2021-04-29T09:35:09.827Z",
           "correlationId": "cd7d8a6097b7669f3d48c5b6",
           "type": "summaryIndex",
           "tags": [],
-          "duration": 2,
+          "duration": 26,
           "finalStatus": "Pass",
           "processInfo": {
-            "hostname": "api-env",
-            "groupId": "group-2",
-            "groupName": "QuickStart Group",
-            "serviceId": "instance-1",
-            "version": "7.7.20200730",
+            "hostname": "api-front-11",
+            "groupId": "group-3",
+            "groupName": "Front",
+            "serviceId": "instance-3",
+            "version": "7.7.20201130",
             "gatewayName": "API-Gateway 3", 
             "gatewayRegion": "US"
           },
+          "serviceContext": {
+            "service": "MapService"
+          },
           "http": {
             "status": 200,
             "statusText": "OK",
             "method": "OPTIONS",
-            "uri": "/WebShop.svc",
+            "uri": "/mapservice/v1/data/v3/1/1/1.pbf",
             "vhost": null,
             "wafStatus": 0,
-            "bytesSent": 212,
-            "bytesReceived": 477,
-            "remoteName": "192.168.65.1",
-            "remoteAddr": "192.168.65.1",
-            "localAddr": "192.168.65.133",
+            "bytesSent": 617,
+            "bytesReceived": 723,
+            "remoteName": "localhost",
+            "remoteAddr": "127.0.0.1",
+            "localAddr": "127.0.0.1",
             "remotePort": "60041",
-            "localPort": "8065",
-            "sslSubject": null,
+            "localPort": "55640",
+            "sslSubject": "/CN=Change this for production",
             "authSubjectId": null
           }
         },

Original file line number	Diff line number	Diff line change
`@@ -134,7 +134,7 @@`
`134`	`134`	`{`
`135`	`135`	`"name": "code",`
`136`	`136`	`"type": "string",`
`137`		- "value": "\"var result = {};\\n var hits = data.elasticsearch.result.body.hits.hits;\\n var protocol = data.params.protocol;\\n result.processId = \\\"\\\";\\n result.data = [];\\n hits.map(function(entry) {\\n var dataObject = {};\\n var _source = entry._source;\\n dataObject.correlationId = _source.correlationId;\\n dataObject.timestamp = Date.parse(_source['@timestamp']);\\n if(_source.serviceContext) {\\n dataObject.serviceName = _source.serviceContext.service;\\n dataObject.operation = _source.serviceContext.method;\\n }\\n if(!_source.http.sslSubject) {\\n _source.http.sslSubject = \\\"null\\\";\\n }\\n dataObject.type = protocol;\\n switch (protocol) {\\n case \\\"http\\\":\\n formatHttpFields(dataObject, _source);\\n break;\\n case \\\"fileTransfer\\\":\\n formatFiletransferFields(dataObject, _source);\\n break;\\n }\\n result.data.push(dataObject);\\n });\\n \\n function formatHttpFields(dataObject, _source) { \\n dataObject.statustext = _source.http.statusText;\\n dataObject.method = _source.http.method;\\n dataObject.status = _source.http.status;\\n dataObject.wafStatus = _source.http.wafStatus;\\n dataObject.subject = _source.http.authSubjectId;\\n dataObject.sslsubject = _source.http.sslSubject;\\n dataObject.localPort = _source.http.localPort;\\n dataObject.uri = _source.http.uri;\\n dataObject.vhost = _source.http.vhost;\\n dataObject.duration = _source.duration;\\n dataObject.finalStatus = _source.finalStatus;\\n dataObject.bytesReceived = _source.http.bytesReceived;\\n dataObject.bytesSent = _source.http.bytesSent;\\n dataObject.remoteName = _source.http.remoteName;\\n dataObject.remoteAddr = _source.http.remoteAddr;\\n dataObject.remotePort = _source.http.remotePort;\\n dataObject.localAddr = _source.http.localAddr;\\n dataObject.localPort = _source.http.localPort;\\n dataObject.leg = 0;\\n }\\n \\n function formatFiletransferFields(dataObject, _source) {\\n dataObject.remoteAddr = _source.fileTransfer.remoteAddr;\\n dataObject.uploadFile = _source.fileTransfer.uploadFile;\\n dataObject.direction = _source.fileTransfer.direction;\\n dataObject.servicetype = _source.fileTransfer.serviceType;\\n dataObject.size = _source.fileTransfer.size;\\n dataObject.duration = _source.duration;\\n dataObject.subject = _source.fileTransfer.authSubjectId;\\n dataObject.finalStatus = _source.finalStatus;\\n }\\n\\n \\n return result;\"",
	`137`	+ "value": "\"var result = {};\\n var hits = data.elasticsearch.result.body.hits.hits;\\n var protocol = data.params.protocol;\\n result.processId = \\\"\\\";\\n result.data = [];\\n hits.map(function(entry) {\\n var dataObject = {};\\n var _source = entry._source;\\n dataObject.correlationId = _source.correlationId;\\n dataObject.timestamp = Date.parse(_source['@timestamp']);\\n if(_source.serviceContext) {\\n dataObject.serviceName = _source.serviceContext.service;\\n dataObject.operation = _source.serviceContext.method;\\n }\\n dataObject.type = protocol;\\n switch (protocol) {\\n case \\\"http\\\":\\n formatHttpFields(dataObject, _source);\\n break;\\n case \\\"fileTransfer\\\":\\n formatFiletransferFields(dataObject, _source);\\n break;\\n }\\n result.data.push(dataObject);\\n });\\n \\n function formatHttpFields(dataObject, _source) { \\n if(!_source.http.sslSubject) {\\n _source.http.sslSubject = \\\"null\\\";\\n }\\n dataObject.statustext = _source.http.statusText;\\n dataObject.method = _source.http.method;\\n dataObject.status = _source.http.status;\\n dataObject.wafStatus = _source.http.wafStatus;\\n dataObject.subject = _source.http.authSubjectId;\\n dataObject.sslsubject = _source.http.sslSubject;\\n dataObject.localPort = _source.http.localPort;\\n dataObject.uri = _source.http.uri;\\n dataObject.vhost = _source.http.vhost;\\n dataObject.duration = _source.duration;\\n dataObject.finalStatus = _source.finalStatus;\\n dataObject.bytesReceived = _source.http.bytesReceived;\\n dataObject.bytesSent = _source.http.bytesSent;\\n dataObject.remoteName = _source.http.remoteName;\\n dataObject.remoteAddr = _source.http.remoteAddr;\\n dataObject.remotePort = _source.http.remotePort;\\n dataObject.localAddr = _source.http.localAddr;\\n dataObject.localPort = _source.http.localPort;\\n dataObject.leg = 0;\\n }\\n \\n function formatFiletransferFields(dataObject, _source) {\\n dataObject.remoteAddr = _source.fileTransfer.remoteAddr;\\n dataObject.uploadFile = _source.fileTransfer.uploadFile;\\n dataObject.direction = _source.fileTransfer.direction;\\n dataObject.servicetype = _source.fileTransfer.serviceType;\\n dataObject.size = _source.fileTransfer.size;\\n dataObject.duration = _source.duration;\\n dataObject.subject = _source.fileTransfer.authSubjectId;\\n dataObject.finalStatus = _source.finalStatus;\\n }\\n\\n \\n return result;\"",
`138`	`138`	`"metaName": "code",`
`139`	`139`	"metaDescription": "A JavaScript function body. Supports `await` and returning promises."
`140`	`140`	`}`