Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Auditbeat] Cherry-pick #10225 to 6.x: System module: Update and re-enable package dataset #10400

Merged
merged 2 commits into from
Feb 1, 2019
Merged

[Auditbeat] Cherry-pick #10225 to 6.x: System module: Update and re-enable package dataset #10400

merged 2 commits into from
Feb 1, 2019

Conversation

cwurm
Copy link
Contributor

@cwurm cwurm commented Jan 29, 2019

Cherry-pick of PR #10225 to 6.x branch. Original message:

Re-enables the disabled package dataset and brings it up to date with the other, soon-to-be released datasets.

High-level changes:

  • Renamed to package (singular)
  • Scheduled state reporting based on state.period and package.state.period
  • Common fields: event.kind, event.action, event.id, message
  • Save/Restore package information to disk

Unfortunately, the changes to package.go are extensive enough that the Github diff view presents it as a new file. A lot of lines have indeed changed, though none of the concepts are net new, they either exist in the other datasets or in the disabled implementation of the dataset.

Follow-ups, already listed in #10103:

  • Improve Homebrew package collection: parse INSTALL_RECEIPT.json
  • RPM support (Add RPM packaging #9092)
  • Dashboard
  • More and better tests

@cwurm cwurm changed the title Cherry-pick #10225 to 6.x: [Auditbeat] System module: Update and re-enable package dataset [Auditbeat] Cherry-pick #10225 to 6.x: System module: Update and re-enable package dataset Jan 29, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/secops

@cwurm cwurm requested a review from a team January 29, 2019 14:48
webmat
webmat approved these changes Jan 30, 2019
View reviewed changes
Copy link
Contributor

@webmat webmat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

[Auditbeat] System module: Update and re-enable package dataset (elas…
79936db 
…tic#10225)

Re-enables the disabled `package` dataset and brings it up to date with the other, soon-to-be released datasets.

High-level changes:

- Renamed to `package` (singular)
- Scheduled state reporting based on `state.period` and `package.state.period`
- Common fields: `event.kind`, `event.action`, `event.id`, `message`
- Save/Restore package information to disk

(cherry picked from commit 1e2c30a)
@cwurm cwurm force-pushed the backport_10225_6.x branch from b8b1522 to 79936db Compare January 31, 2019 13:44
tsg
tsg approved these changes Feb 1, 2019
View reviewed changes
Copy link
Contributor

@tsg tsg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Backport LGTM.

@cwurm cwurm merged commit 33217a6 into elastic:6.x Feb 1, 2019
@cwurm cwurm deleted the backport_10225_6.x branch February 1, 2019 14:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsg tsg tsg approved these changes

@webmat webmat webmat approved these changes

Assignees
No one assigned
Labels
Auditbeat backport review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@cwurm @elasticmachine @webmat @tsg