Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

V1 Proxy Protocol headers parsed into host, proxy_host and proxy_port fields incorrectly #109

Open
brendanrjohnson opened this issue Feb 8, 2018 · 3 comments
Open

V1 Proxy Protocol headers parsed into host, proxy_host and proxy_port fields incorrectly #109

brendanrjohnson opened this issue Feb 8, 2018 · 3 comments
Assignees
@colinsurprenant
Labels
unconfirmed

Comments

@brendanrjohnson
Copy link

Please post all product and debugging questions on our forum. Your questions will reach our wider community members there, and if we confirm that there is a bug, then we can open a new issue here.

For all general issues, please provide the following details for fast resolution:

  • Version: 5.0.3
  • Operating System: Centos 7 based Elastic docker image logstash-oss:6.2.0
  • Config File (if you have sensitive info, please remove it):

input { tcp { port => 5002 proxy_protocol => true type => "cisco-asa" } }

  • Sample Data:

{ "_index": "logstash-cisco-asa-2018.02.08", "_type": "doc", "_id": "U4pjdWEBuOTf8uMsTEIG", "_version": 1, "_score": null, "_source": { "timestamp": "Feb 08 2018 07:28:17", "type": "cisco-asa", "@timestamp": "2018-02-08T12:28:17.231Z", "log_sequence_number": "305012", "cisco_tag": "ASA-6-305012", "host": "PROXY TCP4 19", "@version": "1", "src_interface": "inside", "log_severity": "6", "proxy_host": "PROXY TCP4 19", "proxy_port": "PROX", "src_ip": "_IP_", "tags": [ "cisco" ], "host_ip": "_IP_", "action": "Teardown", "protocol": "TCP", "message": "Teardown dynamic TCP translation from inside: _IP_/42546 to outside:_IP_/42546 duration 0:00:00", "src_port": "42546", "xlate_type": "dynamic", "log_facility": "ASA", "src_locality": "private", "src_xlated_ip": "_IP_", "src_xlated_interface": "outside" }, "fields": { "@timestamp": [ "2018-02-08T12:28:17.231Z" ] }, "sort": [ 1518092897231 ] }

  • Steps to Reproduce:

I have an nginx load balancer configured to send proxy protocol:

`server {

    listen                  5002;
    listen                  [::]:5002;
    proxy_timeout           600s;
    proxy_pass              tcp-5002-default-logstash-cisco-asa-processor-5002;
    proxy_protocol          on;

}

`
The nginx server is using proxy protocol v1

The input plugin does not appear to be parsing the proxy protocol header correctly.

"host": "PROXY TCP4 19"
"proxy_host": "PROXY TCP4 19"
"proxy_port": "PROX"

This is the first time I have attempted to use proxy protocol with the tcp input so I don't know if I am not configuring it correctly or if this is a bug. Any help will be appreciated.
@colinsurprenant
Copy link
Contributor

This look like it may be related to #80 and #51 ?

@brendanrjohnson
Copy link
Author

It may be. Although #51 refers to JSON input. In my case, I am sending syslog from mostly Cisco switches. What can I provide to help troubleshoot the issue?

@colinsurprenant
Copy link
Contributor

@brendanrjohnson can you provide your configuration details?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@colinsurprenant colinsurprenant

Labels
unconfirmed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@colinsurprenant @brendanrjohnson