[Filebeat] Fix Cisco ASA/FTD configs that used var.input syslog (#30072)

#26159 accidentally introduced a breaking change for existing users of Cisco ASA and FTD that specified `var.input: syslog`. `syslog` was effectively an alias for the UDP input and the alias support was removed. This change allows `var.input: syslog` to continue working as it did before. (cherry picked from commit 3ddfd1f)
elastic · Feb 10, 2022 · 3e8f7b8 · 3e8f7b8
1 parent 741c9ab
commit 3e8f7b8
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 1 deletion.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -42,10 +42,19 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 
 *Filebeat*
 
+- auditd: Add error.message to events when processing fails. {pull}30009[30009]
 
-*Heartbeat*
+*Filebeat*
+
+- tcp/unix input: Stop accepting connections after socket is closed. {pull}29712[29712]
+- Fix using log_group_name_prefix in aws-cloudwatch input. {pull}29695[29695]
+- aws-s3: fix race condition in states used by s3-poller. {issue}30123[30123] {pull}30131[30131]
+- cisco module: Fix change the broke ASA and FTD configs that used `var.input: syslog`. {pull}30072[30072]
+- Fix broken Kafka input {issue}29746[29746] {pull}30277[30277]
 
 
+*Heartbeat*
+
 *Metricbeat*
 
 

diff --git a/x-pack/filebeat/module/cisco/asa/config/input.yml b/x-pack/filebeat/module/cisco/asa/config/input.yml
@@ -7,6 +7,10 @@ paths:
 {{ end }}
 exclude_files: [".gz$"]
 
+{{ else if eq .input "syslog" }}
+type: udp
+host: "{{.syslog_host}}:{{.syslog_port}}"
+
 {{ else }}
 
 type: {{.input}}

diff --git a/x-pack/filebeat/module/cisco/ftd/config/input.yml b/x-pack/filebeat/module/cisco/ftd/config/input.yml
@@ -7,6 +7,10 @@ paths:
 {{ end }}
 exclude_files: [".gz$"]
 
+{{ else if eq .input "syslog" }}
+type: udp
+host: "{{.syslog_host}}:{{.syslog_port}}"
+
 {{ else }}
 
 type: {{.input}}