feat: Support Buffalo Terastation NAS (#1415)

splunk · Jan 30, 2022 · fda0384 · fda0384
1 parent 64afccf
commit fda0384
Show file tree

Hide file tree

Showing 4 changed files with 123 additions and 0 deletions.
diff --git a/docs/sources/Buffalo/index.md b/docs/sources/Buffalo/index.md
@@ -0,0 +1,47 @@
+# Vendor - Buffalo
+
+
+## Product - Terastation
+
+| Ref            | Link                                                                                                    |
+|----------------|---------------------------------------------------------------------------------------------------------|
+| Splunk Add-on  | None                                    |
+| Product Manual | unknown   |
+
+
+### Sourcetypes
+
+| sourcetype     | notes                                                                                                   |
+|----------------|---------------------------------------------------------------------------------------------------------|
+| buffalo:terastation        | None                                                                                                    |
+
+### Sourcetype and Index Configuration
+
+| key            | sourcetype     | index          | notes          |
+|----------------|----------------|----------------|----------------|
+| buffalo_terastation      | buffalo:terastation       | infraops          | none          |
+
+### Filter type
+
+Vendor product by source
+
+### Setup and Configuration
+
+Device setup unknown 
+
+### Options
+
+| Variable       | default        | description    |
+|----------------|----------------|----------------|
+| SC4S_LISTEN_BUFFALO_TERASTATION_TCP_PORT      | empty string      | Enable a TCP port for this specific vendor product using a comma-separated list of port numbers |
+| SC4S_LISTEN_BUFFALO_TERASTATION_UDP_PORT      | empty string      | Enable a UDP port for this specific vendor product using a comma-separated list of port numbers |
+| SC4S_ARCHIVE_BUFFALO_TERASTATION | no | Enable archive to disk for this specific source |
+| SC4S_DEST_BUFFALO_TERASTATION_HEC | no | When Splunk HEC is disabled globally set to yes to enable this specific source | 
+
+### Verification
+
+An active device will generate frequent events. Use the following search to validate events are present per source device
+
+```
+index=<asconfigured> sourcetype=buffalo:terastation | stats count by host
+```
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -42,6 +42,7 @@ nav:
       - Avaya: sources/Avaya/index.md
       - "Avi Networks": sources/Avi_Networks/index.md
       - Brocade: sources/Brocade/index.md
+      - Buffalo: sources/Buffalo/index.md
       - Checkpoint: sources/Checkpoint/index.md
       - Cisco: sources/Cisco/index.md
       - Citrix: sources/Citrix/index.md

diff --git a/package/etc/conf.d/conflib/netsource/app-netsource-buffalo_terastation.conf b/package/etc/conf.d/conflib/netsource/app-netsource-buffalo_terastation.conf
@@ -0,0 +1,23 @@
+block parser app-netsource-buffalo_terastation() {    
+    channel {
+        rewrite {
+            r_set_splunk_dest_default(
+                index('infraops')
+                sourcetype('buffalo:terastation:$(lowercase $PROGRAM)')
+                vendor_product("buffalo_terastation")
+                meta_key(vendor_product("buffalo_terastation_$(lowercase $PROGRAM)"))
+                template('t_hdr_msg')
+            );            
+        };        
+    };
+};
+application app-netsource-buffalo_terastation[sc4s-network-source] {
+	filter { 
+        "${.netsource.sc4s_vendor_product}" eq "buffalo_terastation"
+        or "${SOURCE}" eq "s_BUFFALO_TERASTATION"        
+        ;
+    };	
+    parser { app-netsource-buffalo_terastation(); };   
+};
+
+
diff --git a/tests/test_buffalo.py b/tests/test_buffalo.py
@@ -0,0 +1,52 @@
+# Copyright 2019 Splunk, Inc.
+#
+# Use of this source code is governed by a BSD-2-clause-style
+# license that can be found in the LICENSE-BSD2 file or at
+# https://opensource.org/licenses/BSD-2-Clause
+
+from jinja2 import Environment
+
+from .sendmessage import *
+from .splunkutils import *
+from .timeutils import *
+
+import pytest
+
+env = Environment()
+
+
+# <134>Jan 27 14:29:26 nasapi[19090] - log - set_config - INFO- success
+testdata = [
+    "{{ mark }}{{ bsd }} nasapi[19090] - log - {{ host }} - INFO- success",
+]
+# Test disabled for now source doesn't provide host name
+
+# @pytest.mark.parametrize("event", testdata)
+# def test_buffalo_terastation(
+#     record_property, setup_wordlist, get_host_key, setup_splunk, setup_sc4s, event
+# ):
+#     host = get_host_key
+
+#     dt = datetime.datetime.now()
+#     iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt)
+
+#     # Tune time functions
+#     epoch = epoch[:-7]
+
+#     mt = env.from_string(event + "\n")
+#     message = mt.render(mark="<166>", bsd=bsd, host=host)
+
+#     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
+
+#     st = env.from_string(
+#         'search index=infraops _time={{ epoch }} sourcetype="buffalo:terrastation:nasapi" "{{ host }}")'
+#     )
+#     search = st.render(epoch=epoch, host=host)
+
+#     resultCount, eventCount = splunk_single(setup_splunk, search)
+
+#     record_property("host", host)
+#     record_property("resultCount", resultCount)
+#     record_property("message", message)
+
+#     assert resultCount == 1