Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/master' into HEAD
Browse files Browse the repository at this point in the history
  • Loading branch information
jsoriano committed Apr 20, 2021
2 parents 3694925 + b9e4022 commit bb93773
Show file tree
Hide file tree
Showing 459 changed files with 34,585 additions and 6,903 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@ https://github.com/elastic/beats/compare/v7.11.2...v7.12.0[View commits]
- Upgrade okta to ECS 1.8.0 and move js processor to ingest pipeline {issue}23118[23118] {pull}23929[23929]
- Update zoom module to ECS 1.8. {pull}23904[23904] {issue}23118[23118]
- Add fileset to ingest PostgreSQL CSV logs. {pull}23334[23334]
- Add beta support for RFC 5424 to the Syslog input. {pull}23954[23954]

*Heartbeat*

Expand Down
10 changes: 9 additions & 1 deletion CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Add support for Consul 1.9. {pull}24123[24123]
- Add support for the MemoryPressure, DiskPressure, OutOfDisk and PIDPressure status conditions in state_node. {pull}23905[23905]
- Store `cloudfoundry.container.cpu.pct` in decimal form and as `scaled_float`. {pull}24219[24219]
- Remove `index_stats.created` field from Elasticsearch/index Metricset {pull}25113[25113]

*Packetbeat*

Expand Down Expand Up @@ -243,8 +244,10 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Allow cgroup self-monitoring to see alternate `hostfs` paths {pull}24334[24334]
- Add `expand_keys` to the list of permitted config fields for `decode_json_fields` {24862}[24862]
- Fix 'make setup' instructions for a new beat {pull}24944[24944]
- Fix discovery of short-living and failing pods in Kubernetes autodiscover {issue}22718[22718] {pull}24742[24742]
- Fix inode removal tracking code when files are replaced by files with the same name {pull}25002[25002]
- Fix `mage GenerateCustomBeat` instructions for a new beat {pull}17679[17679]
- Fix bug with annotations dedot config on k8s not used {pull}25111[25111]
- Fix negative Kafka partition bug {pull}25048[25048]
- Fix panic when overwriting metadata {pull}24741[24741]

Expand Down Expand Up @@ -392,6 +395,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Fix date parsing in GSuite/login and Google Workspace/login filesets. {issue}24694[24694]
- Fix date parsing in GSuite/login fileset. {issue}24694[24694]
- Improve Cisco ASA/FTD parsing of messages - better support for identity FW messages. Change network.bytes, source.bytes, and destination.bytes to long from integer since value can exceed integer capacity. Add descriptions for various processors for easier pipeline editing in Kibana UI. {pull}23766[23766]
- Fix usage of unallowed ECS event.outcome values in Cisco ASA/FTD pipeline. {pull}24744[24744].
- Updating Oauth2 flow for m365_defender fileset. {pull}24829[24829]
- Improve PanOS parsing and ingest pipeline. {issue}22413[22413] {issue}22748[22748] {pull}24799[24799]
- Fix S3 input validation for non amazonaws.com domains. {issue}24420[24420] {pull}24861[24861]
Expand Down Expand Up @@ -611,10 +615,11 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Added "add_network_direction" processor for determining perimeter-based network direction. {pull}23076[23076]
- Added new `rate_limit` processor for enforcing rate limits on event throughput. {pull}22883[22883]
- Allow node/namespace metadata to be disabled on kubernetes metagen and ensure add_kubernetes_metadata honors host {pull}23012[23012]
- Add `wineventlog` schema to `decode_xml` processor. {issue}23910[23910] {pull}24726[24726]
- Add new ECS 1.9 field `cloud.service.name` to `add_cloud_metadata` processor. {pull}24993[24993]
- Libbeat: report queue capacity, output batch size, and output client count to monitoring. {pull}24700[24700]
- Add kubernetes.pod.ip field in kubernetes metadata. {pull}25037[25037]
- Discover changes in Kubernetes namespace metadata as soon as they happen. {pull}25117[25117]
- Add `decode_xml_wineventlog` processor. {issue}23910[23910] {pull}25115[25115]

*Auditbeat*

Expand Down Expand Up @@ -830,12 +835,15 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Support X-Forwarder-For in IIS logs. {pull}19142[192142]
- Add support for logs generated by servers configured with `log_statement` and `log_duration` in PostgreSQL module. {pull}24607[24607]
- Updating field mappings for Cisco AMP module, fixing certain fields. {pull}24661[24661]
- Added fifteen new message IDs to Cisco ASA/FTD pipeline. {pull}24744[24744]
- Added NTP fileset to Zeek module {pull}24224[24224]
- Add `proxy_url` config for httpjson v2 input. {issue}24615[24615] {pull}24662[24662]
- Add support for upper case field names in Sophos XG module {pull}24693[24693]
- Add `fail_on_template_error` option for httpjson input. {pull}24784[24784]
- Change `okta.target` to `flattened` field type. {issue}24354[24354] {pull}24636[24636]
- Added `http.request.id` to `nginx/ingress_controller` and `elasticsearch/audit`. {pull}24994[24994]
- Add `awsfargate` module to collect container logs from Amazon ECS on Fargate. {pull}25041[25041]
- New module `cyberarkpas` for CyberArk Privileged Access Security audit logs. {pull}24803[24803]

*Heartbeat*

Expand Down
9 changes: 0 additions & 9 deletions auditbeat/docs/fields.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -2477,15 +2477,6 @@ type: keyword
--
*`user_agent.device.type`*::
+
--
Type of device where the user agent is running.
type: keyword
--
[[exported-fields-cloud]]
== Cloud provider metadata fields
Expand Down
2 changes: 1 addition & 1 deletion auditbeat/include/fields.go

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -561,6 +561,7 @@ rules:
- namespaces
- events
- pods
- services
verbs: ["get", "list", "watch"]
# Enable this rule only if planing to use kubernetes_secrets provider
#- apiGroups: [""]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ rules:
- namespaces
- events
- pods
- services
verbs: ["get", "list", "watch"]
# Enable this rule only if planing to use kubernetes_secrets provider
#- apiGroups: [""]
Expand Down
11 changes: 9 additions & 2 deletions filebeat/_meta/config/filebeat.inputs.reference.yml.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -320,6 +320,11 @@ filebeat.inputs:
# Time strings like 2h (2 hours), 5m (5 minutes) can be used.
#ignore_older: 0

# Ignore files that have not been updated since the selected event.
# ignore_inactive is disabled by default, so no files are ignored by setting it to "".
# Available options: since_first_start, since_last_start.
#ignore_inactive: ""

# Defines the buffer size every harvester uses when fetching the file
#harvester_buffer_size: 16384

Expand Down Expand Up @@ -467,20 +472,22 @@ filebeat.inputs:
#ssl.client_authentication: "required"

#------------------------------ Syslog input --------------------------------
# Experimental: Config options for the Syslog input
# Accept RFC3164 formatted syslog event via UDP.
#- type: syslog
#enabled: false
#format: rfc3164
#protocol.udp:
# The host and port to receive the new event
#host: "localhost:9000"

# Maximum size of the message received over UDP
#max_message_size: 10KiB

# Accept RFC3164 formatted syslog event via TCP.
# Accept RFC5424 formatted syslog event via TCP.
# RFC5424 support is in beta.
#- type: syslog
#enabled: false
#format: rfc5424

#protocol.tcp:
# The host and port to receive the new event
Expand Down
5 changes: 0 additions & 5 deletions filebeat/autodiscover/builder/hints/logs.go
Original file line number Diff line number Diff line change
Expand Up @@ -93,11 +93,6 @@ func (l *logHints) CreateConfig(event bus.Event, options ...ucfg.Option) []*comm
return []*common.Config{}
}

host, _ := event["host"].(string)
if host == "" {
return []*common.Config{}
}

if inputConfig != nil {
configs := []*common.Config{}
for _, cfg := range inputConfig {
Expand Down
Loading

0 comments on commit bb93773

Please sign in to comment.