[Zscaler ZIA] - Added request tracing config option for http_endpoint input (#13302)

Added request tracing config option for http_endpoint input for each
relevant data stream. The tracing options are at the data stream level so
maximum flexibility is provided.

Author: ShourieG

packages/zscaler_zia/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "3.9.0"
+  changes:
+    - description: Added request tracing config option for http_endpoint input.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/13302
 - version: "3.8.0"
   changes:
     - description: Add agentless deployment.

packages/zscaler_zia/data_stream/audit/agent/stream/http_endpoint.yml.hbs

@@ -1,5 +1,9 @@
 listen_address: {{listen_address}}
 listen_port: {{listen_port}}
+{{#if enable_request_tracer}}
+tracer.filename: "../../logs/http_endpoint/http-request-trace-*.ndjson"
+tracer.maxbackups: 5
+{{/if}}
 content_type: ""
 preserve_original_event: true
 {{#if secret_header}}

packages/zscaler_zia/data_stream/audit/manifest.yml

@@ -113,3 +113,11 @@ streams:
         description: >
           Additional settings to be added to the configuration. Be careful using this as it might break the input as those settings are not validated and can override the settings specified above. See [`HTTP Endpoint` input settings docs](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-http_endpoint.html) for details.
 
+      - name: enable_request_tracer
+        type: bool
+        title: Enable request tracing
+        multi: false
+        required: false
+        show_user: false
+        description: >-
+          The request tracer logs HTTP requests to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-http_endpoint.html#_tracer_enabled_3) for details.

packages/zscaler_zia/data_stream/dns/agent/stream/http_endpoint.yml.hbs

@@ -1,5 +1,9 @@
 listen_address: {{listen_address}}
 listen_port: {{listen_port}}
+{{#if enable_request_tracer}}
+tracer.filename: "../../logs/http_endpoint/http-request-trace-*.ndjson"
+tracer.maxbackups: 5
+{{/if}}
 content_type: ""
 preserve_original_event: true
 {{#if secret_header}}

packages/zscaler_zia/data_stream/dns/manifest.yml

@@ -113,3 +113,11 @@ streams:
         description: >
           Additional settings to be added to the configuration. Be careful using this as it might break the input as those settings are not validated and can override the settings specified above. See [`HTTP Endpoint` input settings docs](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-http_endpoint.html) for details.
 
+      - name: enable_request_tracer
+        type: bool
+        title: Enable request tracing
+        multi: false
+        required: false
+        show_user: false
+        description: >-
+          The request tracer logs HTTP requests to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-http_endpoint.html#_tracer_enabled_3) for details.

packages/zscaler_zia/data_stream/endpoint_dlp/agent/stream/http_endpoint.yml.hbs

@@ -1,5 +1,9 @@
 listen_address: {{listen_address}}
 listen_port: {{listen_port}}
+{{#if enable_request_tracer}}
+tracer.filename: "../../logs/http_endpoint/http-request-trace-*.ndjson"
+tracer.maxbackups: 5
+{{/if}}
 content_type: ""
 preserve_original_event: true
 {{#if secret_header}}

packages/zscaler_zia/data_stream/endpoint_dlp/manifest.yml

@@ -113,3 +113,11 @@ streams:
         description: >
           Additional settings to be added to the configuration. Be careful using this as it might break the input as those settings are not validated and can override the settings specified above. See [`HTTP Endpoint` input settings docs](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-http_endpoint.html) for details.
 
+      - name: enable_request_tracer
+        type: bool
+        title: Enable request tracing
+        multi: false
+        required: false
+        show_user: false
+        description: >-
+          The request tracer logs HTTP requests to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-http_endpoint.html#_tracer_enabled_3) for details.

packages/zscaler_zia/data_stream/firewall/agent/stream/http_endpoint.yml.hbs

@@ -1,5 +1,9 @@
 listen_address: {{listen_address}}
 listen_port: {{listen_port}}
+{{#if enable_request_tracer}}
+tracer.filename: "../../logs/http_endpoint/http-request-trace-*.ndjson"
+tracer.maxbackups: 5
+{{/if}}
 content_type: ""
 preserve_original_event: true
 {{#if secret_header}}

packages/zscaler_zia/data_stream/firewall/manifest.yml

@@ -112,3 +112,11 @@ streams:
         description: >
           Additional settings to be added to the configuration. Be careful using this as it might break the input as those settings are not validated and can override the settings specified above. See [`HTTP Endpoint` input settings docs](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-http_endpoint.html) for details.
 
+      - name: enable_request_tracer
+        type: bool
+        title: Enable request tracing
+        multi: false
+        required: false
+        show_user: false
+        description: >-
+          The request tracer logs HTTP requests to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-http_endpoint.html#_tracer_enabled_3) for details.

packages/zscaler_zia/data_stream/tunnel/agent/stream/http_endpoint.yml.hbs

@@ -1,5 +1,9 @@
 listen_address: {{listen_address}}
 listen_port: {{listen_port}}
+{{#if enable_request_tracer}}
+tracer.filename: "../../logs/http_endpoint/http-request-trace-*.ndjson"
+tracer.maxbackups: 5
+{{/if}}
 content_type: ""
 preserve_original_event: true
 {{#if secret_header}}