Skip to content

[codex] Release 1.8.0#344

Merged
DavidJBianco merged 4 commits into
mainfrom
dev
Jun 28, 2026
Merged

[codex] Release 1.8.0#344
DavidJBianco merged 4 commits into
mainfrom
dev

Conversation

@DavidJBianco

Copy link
Copy Markdown
Collaborator

Summary

This PR prepares the dev branch for the v1.8.0 release.

Changes

  • Adds optional network-sensor topology support already queued on dev.
  • Changes default and SOF-ELK proxy_access.log text output to Apache/Nginx combined access-log shape, aligned with existing web_access.log output.
  • Keeps Splunk proxy JSON behavior unchanged.
  • Updates proxy evaluation parsing with combined-format support plus legacy W3C fallback.
  • Adds SOF-ELK proxy access validation through the HTTPD path.
  • Updates docs, repo-tracked skills, references, and tests.
  • Bumps package version metadata to 1.8.0 in pyproject.toml, src/evidenceforge/__init__.py, and uv.lock, with a matching changelog entry.

Compatibility Notes

Default and SOF-ELK proxy text output changed from the previous custom W3C-style row shape to combined access-log rows. The default target preserves full usernames. The SOF-ELK target strips domain prefixes and trailing machine-account $ values for current SOF-ELK HTTPD parser compatibility. Splunk proxy output remains unchanged.

Validation

  • uv run pytest --include-slow --no-cov: 4596 passed, 28 skipped
  • uv run pytest --no-cov tests/unit/test_proxy_referrer.py tests/unit/test_zeek_eval_parsers.py tests/unit/test_sof_elk_sources_harness.py tests/unit/test_sof_elk_combined_harness.py: 87 passed, 10 skipped
  • uv run ruff check .
  • uv run ruff format --check .
  • Version consistency check for pyproject.toml, src/evidenceforge/__init__.py, and uv.lock
  • git diff --check
  • SOF-ELK full parser pipeline verified proxy_access cleanly: expected/observed 1016/1016, no proxy fatal tags. The full SOF-ELK pipeline still reported 8 unrelated syslog _grokparsefailure_6015-01 rows.

@DavidJBianco DavidJBianco marked this pull request as ready for review June 28, 2026 03:13
@DavidJBianco DavidJBianco merged commit 88267d3 into main Jun 28, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant