From 5c26e96b13c22df3893d61229849c85e7936ba21 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Tue, 30 Jan 2018 19:52:13 -0500 Subject: [PATCH] Fix event_logs.processors config being rejected (#6217) The `event_logs.processors` keyword was being rejected as invalid config by Winlogbeat. This fixes the issue by adding "processors" as an allowed configuration key for `event_logs` and adds a system test case. --- CHANGELOG.asciidoc | 1 + winlogbeat/eventlog/factory.go | 3 ++- .../tests/system/config/winlogbeat.yml.j2 | 5 ++++ winlogbeat/tests/system/test_eventlogging.py | 27 +++++++++++++++++++ winlogbeat/tests/system/test_wineventlog.py | 27 +++++++++++++++++++ 5 files changed, 62 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index 24f24047a3de..a950d3c85048 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -123,6 +123,7 @@ https://github.com/elastic/beats/compare/v6.0.0-beta2...master[Check the HEAD di - Fix the registry file. It was not correctly storing event log names, and upon restart it would begin reading at the start of each event log. {issue}5813[5813] +- Fix config validation to allow `event_logs.processors`. [pull]6217[6217] ==== Added diff --git a/winlogbeat/eventlog/factory.go b/winlogbeat/eventlog/factory.go index 35b1faf8fee6..a88a729cbef9 100644 --- a/winlogbeat/eventlog/factory.go +++ b/winlogbeat/eventlog/factory.go @@ -10,7 +10,8 @@ import ( "github.com/elastic/beats/libbeat/common" ) -var commonConfigKeys = []string{"api", "name", "fields", "fields_under_root", "tags"} +var commonConfigKeys = []string{"api", "name", "fields", "fields_under_root", + "tags", "processors"} // ConfigCommon is the common configuration data used to instantiate a new // EventLog. Each implementation is free to support additional configuration diff --git a/winlogbeat/tests/system/config/winlogbeat.yml.j2 b/winlogbeat/tests/system/config/winlogbeat.yml.j2 index 8ca238a13ba8..77bb1475eda2 100644 --- a/winlogbeat/tests/system/config/winlogbeat.yml.j2 +++ b/winlogbeat/tests/system/config/winlogbeat.yml.j2 @@ -44,6 +44,11 @@ winlogbeat.event_logs: {%- if log.invalid is defined %} invalid: {{ log.invalid }} {% endif %} + {% if log.extras -%} + {% for k, v in log.extras.items() -%} + {{ k }}: {{ v }} + {% endfor %} + {% endif -%} {% endfor -%} {% endif %} diff --git a/winlogbeat/tests/system/test_eventlogging.py b/winlogbeat/tests/system/test_eventlogging.py index c95abc78705e..adfbef280782 100644 --- a/winlogbeat/tests/system/test_eventlogging.py +++ b/winlogbeat/tests/system/test_eventlogging.py @@ -205,3 +205,30 @@ def test_registry_data(self): self.assertIn(self.providerName, event_logs) record_number = event_logs[self.providerName]["record_number"] self.assertGreater(record_number, 0) + + def test_processors(self): + """ + eventlogging - Processors are applied + """ + self.write_event_log("Hello world!") + + config = { + "event_logs": [ + { + "name": self.providerName, + "api": self.api, + "extras": { + "processors": [ + { + "drop_fields": { + "fields": ["message"], + } + } + ], + }, + } + ] + } + evts = self.read_events(config) + self.assertTrue(len(evts), 1) + self.assertNotIn("message", evts[0]) diff --git a/winlogbeat/tests/system/test_wineventlog.py b/winlogbeat/tests/system/test_wineventlog.py index 3d6aa32dd382..757bdbc7e18f 100644 --- a/winlogbeat/tests/system/test_wineventlog.py +++ b/winlogbeat/tests/system/test_wineventlog.py @@ -349,3 +349,30 @@ def test_registry_data(self): self.assertIn(self.providerName, event_logs) record_number = event_logs[self.providerName]["record_number"] self.assertGreater(record_number, 0) + + def test_processors(self): + """ + wineventlog - Processors are applied + """ + self.write_event_log("Hello world!") + + config = { + "event_logs": [ + { + "name": self.providerName, + "api": self.api, + "extras": { + "processors": [ + { + "drop_fields": { + "fields": ["message"], + } + } + ], + }, + } + ] + } + evts = self.read_events(config) + self.assertTrue(len(evts), 1) + self.assertNotIn("message", evts[0])