-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rename Auditbeat modules #5875
Rename Auditbeat modules #5875
Conversation
This changes the audit.file and audit.kernel metricsets into modules named file_integrity and auditd, respectively. This requires existing users to update their configuration. The dashboards need to be updated to account for these changes. Closes elastic#5422 (see the issue for more details)
jenkins retest it, please |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is something I've always struggled with, modules with just one metricset, awesome usability improvement! 🎉
c.vm.synced_folder ".", "/vagrant", type: "virtualbox" | ||
end | ||
|
||
config.vm.define "fedora26", primary: true do |c| |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this being used by beats-tester or just for development?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not used by beats-tester. I had been using it for testing so I figured might as well add it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Have a look to https://beats-ci.elastic.co/job/elastic+beats+pull-request+multijob-docs/2505/console, it seems docs tests are failing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice change.
@@ -3,34 +3,7 @@ | |||
description: > | |||
Contains common fields available in all event types. | |||
fields: | |||
|
|||
- name: metricset.module | |||
- name: dataset.module |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interesting 👍
include_warnings: false | ||
---- | ||
|
||
*`socket_type`*:: This optional setting controls the type of |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
socket_type
option is missing from the list, above.
`include_raw_message` config setting. This setting is primarily used for | ||
development and debugging purposes. | ||
|
||
*`audit_rules`*:: A string containing the audit rules that should be |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
audit_rules
is not in the list of all options, above.
- /sbin | ||
- /usr/sbin | ||
- /etc | ||
scan_at_start: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This section implies that paths
has a default value, but if you don't declare it yourself, you get:
2017/12/22 07:09:57.004627 beat.go:644: CRIT Exiting: 1 error: 1 error: missing required field accessing 'auditbeat.modules.1.paths' (source:'auditbeat.yml')
Exiting: 1 error: 1 error: missing required field accessing 'auditbeat.modules.1.paths' (source:'auditbeat.yml')
This changes the audit.file and audit.kernel metricsets into modules
named file_integrity and auditd, respectively. This requires existing
users to update their configuration.
The dashboards need to be updated to account for these changes.
Closes #5422 (see the issue for more details)