Defined observer zones and interfaces

[dainok]

Hi,

referring to network flows passing through a firewall, I think we should track ingress and egress security zones and interfaces.
I think we can have two different approaches:

• zones/interfaces are defined on the observer schema, and I think that's more correct
• zones/interfaces are defined on the client/server/source/destination schema
  In the latter case, zones/interfaces are still references observer (i.e. firewall) objects.
  Any thoughts?

[webmat]

Ping @dainperkins to align with #688 and #689

[dainperkins]

I was thinking about just this thing over the last couple of days. I'm going to add some color on the vlan and interface PRs to get the group on board, and then we can look at the observer implementation

[webmat]

Also I forgot something important, when I answered earlier: thanks @dainok for opening this. You're welcome to join the discussion on the other PRs as well :-)

[webmat]

@elasticmachine, run elasticsearch-ci/docs

Preview

[dainok]

According to #688 I moved zone under client/source/destination/server.

[dainperkins]

after talking with @webmat I've put a new PR with the basic interface & vlan info, as well as observer based zone info for ingress/egress traffic - #752

[dainok]

Agree. Closing because incorporated under #752