-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new subcommand to dump Agent Policies #862
Conversation
🌐 Coverage report
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is looking good, I also tried it and works well. Added some suggestions.
It'd be also good to add tests, also to be able to see what kind of documents are dumped. You can follow the same strategy used in the dump installed-objects
command, where an elasticsearch client is mocked with pre-recorded responses, see
client := estest.ElasticsearchClient(s.T(), s.RecordDir) |
cmd/dump.go
Outdated
@@ -19,30 +20,43 @@ const dumpInstalledObjectsLongDescription = `Use this command to dump objects in | |||
|
|||
Use this command as a exploratory tool to dump objects as they are installed by Fleet when installing a package. Dumped objects are stored in files as they are returned by APIs of the stack, without any processing.` | |||
|
|||
const dumpAgentPoliciesLongDescription = `Use this command to dump agent policies created by Fleet as part of a package installation. | |||
|
|||
Use this command as a exploratory tool to dump agent policies as they are created by Fleet when installing a package. Dumped agent policies are stored in files as they are returned by APIs of the stack, without any processing.` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mention somewhere that if no flag is provided, all policies are dumped.
cmd/dump.go
Outdated
if err != nil { | ||
return errors.Wrap(err, "dump failed") | ||
} | ||
cmd.Printf("Dumped %d agent policies filtering by package name %s to %s\n", count, packageName, outputPath) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit. Log a different message if no policies are dumped. It prints now:
Dumped 0 agent policies filtering by package name apache to package-dump
cmd/dump.go
Outdated
dumper := dump.NewAgentPoliciesDumper(kibanaClient, &agentPolicy) | ||
err = dumper.DumpAgentPolicy(cmd.Context(), outputPath) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit. This API is using different approaches to dump per agent policy or per package name. For agent policy the parameter is passed on the constructor, and for package name in the dump method.
I would suggest to use a consistent approach for both ways of duping policies.
For example it could be like this:
dumper := dump.NewAgentPoliciesDumper(kibanaClient)
err = dumper.DumpAgentPolicy(cmd.Context(), outputPath, dump.AgentPolicyOptions{Name: agentPolicy})
...
err = dumper.DumpAgentPolicy(cmd.Context(), outputPath, dump.AgentPolicyOptions{PackageName: packageName})
Or with explicit methods:
dumper := dump.NewAgentPoliciesDumper(kibanaClient)
err = dumper.DumpByName(cmd.Context(), outputPath, agentPolicy)
...
err = dumper.DumpByPackage(cmd.Context(), outputPath, packageName)
...
err = dumper.DumpAll(cmd.Context(), outputPath)
Or initialize the dumper for the given configuration:
dumper := dump.NewAgentPoliciesDumper(kibanaClient, agentPolicy, packageName)
err = dumper.Dump(cmd.Context())
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're right, there was a mix of different approaches in these calls. Updated using explicit methods.
internal/dump/agentpolicies.go
Outdated
const AgentPoliciesDumpDir = "agent_policies" | ||
|
||
type AgentPoliciesDumper struct { | ||
name *string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When possible, it'd be better to use the zero value to indicate that this is not set, de-referencing pointers is always a risk of panics.
name *string | |
name string |
And then you can check if this is set by checking if name != ""
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, I'll change to be a regular string.
Thanks for all your comments. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, added some suggestions but nothing really blocking.
|
||
itemsRetrieved += len(resp.Items) | ||
currentPage += 1 | ||
items = append(items, resp.Items...) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit. To avoid having to store all policies in memory, we could pass a visitor method here, so policies can be directly processed.
The signature of the function would be something like this:
func (c *Client) ForEachRawPolicy(visitFn func(json.RawMessage) error) error {
And then here:
for _, item := range resp.Items {
if err := visitFn(item); err != nil {
return err
}
}
But no need to do it now, we can make this change later if this is a problem at some point.
internal/dump/agentpolicies.go
Outdated
|
||
dir = filepath.Join(dir, AgentPoliciesDumpDir) | ||
for _, agentPolicy := range agentPolicies { | ||
err := dumpInstalledObject(dir, agentPolicy) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit. Maybe we should rename dumpInstalledObject
now 🙂
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've just renamed it to dumpJSONResource.
Do you think it is worthy to move it to different file in the same package dump? @jsoriano
Something like internal/dump/utils.go ? I would move that function and formatJSON
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, this could be moved to some common file, maybe called json.go
, as you prefer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚀
Failure in CI is related to this change. |
fd6f2d0
to
7e17639
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think that there is an option to cover the implementation with tests? I'm thinking about some end-to-end tests like bash scripts.
You could boot up the stack, dump default policies, and take it down.
EDIT:
I guess that you can also modify the test-stack-command and run the dump command before taking down the stack.
If no flag is provided, by default this command dumps all agent policies created by Fleet. | ||
|
||
If --package flag is provided, this command dumps all agent policies that the given package has been assigned to it.` | ||
|
||
func setupDumpCommand() *cobraext.Command { | ||
dumpInstalledObjectsCmd := &cobra.Command{ | ||
Use: "installed-objects", | ||
Short: "Dump objects installed in the stack", | ||
Long: dumpInstalledObjectsLongDescription, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Maybe we can add more guidance to the dump
description. agent-policies
would be another supported feature :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, I've updated the dump description as:
const dumpLongDescription = `Use this command as an exploratory tool to dump resources from Elastic Stack (objects installed as part of package and agent policies).`
Would you add anything else here?
return cobraext.FlagParsingError(err, cobraext.DumpOutputFlagName) | ||
} | ||
|
||
tlsSkipVerify, _ := cmd.Flags().GetBool(cobraext.TLSSkipVerifyFlagName) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
side question to @jsoriano:
With your change enforcing SSL mode, will such options (like tlsSkipVerify
) work? I'm thinking about the use case when a developer wants to dump agent policies from some random Kibana, not booted with elastic-package.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, this flag should continue working after the changes in #847.
internal/kibana/policies.go
Outdated
@@ -72,6 +72,62 @@ func (c *Client) GetPolicy(policyID string) (*Policy, error) { | |||
return &resp.Item, nil | |||
} | |||
|
|||
// GetRawPolicy fetches the given Policy with all the fields in the Ingest Manager. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, now the Ingest Manager is called the Fleet :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updating comments here. I was not totally sure about whether or not they were referring to the same.
Thanks!
Check this issue for more info elastic/security-docs#246
At first, I was planning to add the tests in a following branch, but I'll give it a try to add everything (code and tests) in this branch. I will check for this testing those scripts and the |
internal/kibana/client.go
Outdated
func (c *Client) get(resourcePath string) (int, []byte, error) { | ||
func (c *Client) Get(resourcePath string) (int, []byte, error) { | ||
return c.sendRequest(http.MethodGet, resourcePath, nil) | ||
} | ||
|
||
func (c *Client) post(resourcePath string, body []byte) (int, []byte, error) { | ||
func (c *Client) Post(resourcePath string, body []byte) (int, []byte, error) { | ||
return c.sendRequest(http.MethodPost, resourcePath, body) | ||
} | ||
|
||
func (c *Client) put(resourcePath string, body []byte) (int, []byte, error) { | ||
func (c *Client) Put(resourcePath string, body []byte) (int, []byte, error) { | ||
return c.sendRequest(http.MethodPut, resourcePath, body) | ||
} | ||
|
||
func (c *Client) delete(resourcePath string) (int, []byte, error) { | ||
func (c *Client) Delete(resourcePath string) (int, []byte, error) { | ||
return c.sendRequest(http.MethodDelete, resourcePath, nil) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In order to be used in internal/kibana/test/http_test.go
I had to set get method as public. The others I've changed it to ensure consistency.
@@ -0,0 +1 @@ | |||
{"items":[{"id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","name":"Load Balancers Servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:33:59.587Z","updated_by":"elastic","package_policies":[{"id":"a09f2609-9e8b-4b48-998f-ce99340da027","version":"WzEzMjAsMV0=","name":"system-3","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:33:55.519Z","created_by":"elastic","updated_at":"2022-06-27T15:33:55.519Z","updated_by":"elastic"},{"id":"46331ee9-90a9-4b1f-b568-98641e9bafc9","version":"WzEzMjIsMV0=","name":"nginx-load-balancers-test","namespace":"default","description":"","package":{"name":"nginx","title":"Nginx","version":"1.4.0"},"enabled":true,"policy_id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"revision":1,"created_at":"2022-06-27T15:33:58.606Z","created_by":"elastic","updated_at":"2022-06-27T15:33:58.606Z","updated_by":"elastic"}],"agents":0},{"id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","name":"HTTP servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:33:05.252Z","updated_by":"elastic","package_policies":[{"id":"863e86ed-8d12-466c-a6b9-b5c3769f4f80","version":"WzkyMywxXQ==","name":"system-2","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:32:53.484Z","created_by":"elastic","updated_at":"2022-06-27T15:32:53.484Z","updated_by":"elastic"},{"id":"9be915b0-9b9b-45e2-adfc-37f18b64d468","version":"WzEwMjIsMV0=","name":"nginx-http-servers-test","namespace":"default","description":"","package":{"name":"nginx","title":"Nginx","version":"1.4.0"},"enabled":true,"policy_id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"revision":1,"created_at":"2022-06-27T15:33:04.248Z","created_by":"elastic","updated_at":"2022-06-27T15:33:04.248Z","updated_by":"elastic"}],"agents":0},{"id":"fleet-server-policy","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Fleet Server (elastic-package)","is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:31:03.382Z","updated_by":"system","package_policies":[{"id":"default-fleet-server","version":"WzYyNCwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"fleet-server-policy","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T15:31:03.351Z","created_by":"system","updated_at":"2022-06-27T15:31:03.351Z","updated_by":"system"}],"agents":1},{"id":"elastic-agent-managed-ep","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Elastic-Agent (elastic-package)","is_default":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:31:01.360Z","updated_by":"system","package_policies":[{"id":"default-system","version":"WzYyMiwxXQ==","name":"system-1","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"elastic-agent-managed-ep","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-default-system","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-default-system","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-default-system","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-default-system","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-default-system","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-default-system"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-default-system","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-default-system","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-default-system","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-default-system","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-default-system","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-default-system","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-default-system","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-default-system","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-default-system","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-default-system","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-default-system","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-default-system"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-default-system"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-default-system"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:31:00.403Z","created_by":"system","updated_at":"2022-06-27T15:31:00.403Z","updated_by":"system"}],"agents":1}],"total":4,"page":1,"perPage":20} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: is such filename safe on Windows :)? Seriously, I don't know...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ouch... According to this doc the question mark is not a valid char in filenames on Windows. I will add that char to be replaced by ".". I don't think there will be no issue to replace both "&" and "?" chars by "." because they are used just in the query params.
internal/kibana/agents.go
Outdated
@@ -41,7 +41,7 @@ func (a *Agent) String() string { | |||
|
|||
// ListAgents returns the list of agents enrolled with Fleet. | |||
func (c *Client) ListAgents() ([]Agent, error) { | |||
statusCode, respBody, err := c.get(fmt.Sprintf("%s/agents", FleetAPI)) | |||
statusCode, respBody, err := c.Get(fmt.Sprintf("%s/agents", FleetAPI)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see that you had to modify methods in many places. If this is only because the test is in a different package, I would rather keep it in the same one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll check this option. I prefer to keep those methods as private if possible.
internal/kibana/test/httptest.go
Outdated
func pathForURL(url string) string { | ||
clean := strings.Trim(url, "/") | ||
if len(clean) == 0 { | ||
return "root.jsn" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: root.json?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, it must be json
Thanks!
@@ -23,14 +23,14 @@ type Policy struct { | |||
Revision int `json:"revision,omitempty"` | |||
} | |||
|
|||
// CreatePolicy persists the given Policy in the Ingest Manager. | |||
// CreatePolicy persists the given Policy in Fleet. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
if err := os.MkdirAll(dir, 0755); err != nil { | ||
return fmt.Errorf("failed to create dump directory: %w", err) | ||
} | ||
formatted, err := formatJSON(object.JSON()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is formatter
package in elastic-package, maybe you can use it here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, ok! Better reuse the formatter package.
I'll use it and update all the dumped files.
Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to this #862 (comment) , I'll keep using this method (formatJSON) to write the files.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, please do :)
Move test client into the same kibana package to allow use private methods of the package.
"set": { | ||
"field": "event.outcome", | ||
"value": "success", | ||
"if": "ctx?.http?.response?.status_code != null \u0026\u0026 ctx.http.response.status_code \u003c 400" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Take into account that the JSONformatter is replacing invalid HTML characters with the UTF-8 encoding, this is done by default for HTML purpouses, but not really needed here. Previous formatter was just indenting the files for readability, without Marshalling and Unmarshalling them.
In any case I guess it doesn't mind here if we are comparing documents formatted in the same way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would keep it as is for consistency reasons - the same formatter used everywhere, unless HTML entities are considered to be a bug in this case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, thinking a second time about this, this is not only used for testing. We have to take into account that these are dumps from Elasticsearch/Kibana, we are modifying them here, what could be unexpected, a user dumping these objects with elastic-package
is going to see something different to what is seen in Kibana or using the APIs.
Also, if we modify them, we should also check that they continue being valid and generate the same result if imported back in Elasticsearch/Kibana.
Thinking about this, and the purpouse of the dump command I would suggest to go back to the previous formatting.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, I see now the reason there was an explicit formatJSON method previously.
As you mentioned, it should be equivalent. However, as these dump commands are intended to be used as an exploratory tool for users, I think it would be better to just revert this change/commit and use the previous one, so these files can be inspected/debugged easier.
I'll revert this change
…les" This reverts commit ac2b8ca.
Fixes #671
Add a new subcommand under
dump
namedagent-policies
that is in charge of getting and writing the required agent policies.Example of the usage output for this new subcommand:
Examples of usages of this new subcommand:
Currently, these agent policies are obtained directly from Fleet API using this endpoint:
<fleet_api>/api/fleet/agent_policies
These agent policies are being stored as they are returned by the APIs without any processing. If there any secrets that must be redacted, probably it would be better to wait until this elastic/package-spec#339