Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rename Auditbeat modules #5875

Merged
merged 3 commits into from
Dec 14, 2017

Conversation

andrewkroh
Copy link
Member

This changes the audit.file and audit.kernel metricsets into modules
named file_integrity and auditd, respectively. This requires existing
users to update their configuration.

The dashboards need to be updated to account for these changes.

Closes #5422 (see the issue for more details)

This changes the audit.file and audit.kernel metricsets into modules
named file_integrity and auditd, respectively. This requires existing
users to update their configuration.

The dashboards need to be updated to account for these changes.

Closes elastic#5422 (see the issue for more details)
@exekias
Copy link
Contributor

exekias commented Dec 14, 2017

jenkins retest it, please

Copy link
Contributor

@exekias exekias left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is something I've always struggled with, modules with just one metricset, awesome usability improvement! 🎉

c.vm.synced_folder ".", "/vagrant", type: "virtualbox"
end

config.vm.define "fedora26", primary: true do |c|
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this being used by beats-tester or just for development?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not used by beats-tester. I had been using it for testing so I figured might as well add it.

Copy link
Contributor

@adriansr adriansr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@exekias
Copy link
Contributor

exekias commented Dec 14, 2017

Have a look to https://beats-ci.elastic.co/job/elastic+beats+pull-request+multijob-docs/2505/console, it seems docs tests are failing

@adriansr adriansr merged commit 6227d6c into elastic:master Dec 14, 2017
Copy link
Contributor

@ruflin ruflin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice change.

@@ -3,34 +3,7 @@
description: >
Contains common fields available in all event types.
fields:

- name: metricset.module
- name: dataset.module
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting 👍

include_warnings: false
----

*`socket_type`*:: This optional setting controls the type of
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

socket_type option is missing from the list, above.

`include_raw_message` config setting. This setting is primarily used for
development and debugging purposes.

*`audit_rules`*:: A string containing the audit rules that should be
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

audit_rules is not in the list of all options, above.

- /sbin
- /usr/sbin
- /etc
scan_at_start: true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This section implies that paths has a default value, but if you don't declare it yourself, you get:

2017/12/22 07:09:57.004627 beat.go:644: CRIT Exiting: 1 error: 1 error: missing required field accessing 'auditbeat.modules.1.paths' (source:'auditbeat.yml')
Exiting: 1 error: 1 error: missing required field accessing 'auditbeat.modules.1.paths' (source:'auditbeat.yml')

@andrewkroh andrewkroh deleted the feature/ab/metricset-renames branch April 20, 2018 00:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants