From e42ffec0a55ceb766156f9453f2702ccca47b82a Mon Sep 17 00:00:00 2001 From: Christoph Wurm Date: Fri, 4 Jan 2019 12:35:34 +0000 Subject: [PATCH] [Auditbeat] Process metricset: Skip permission errors on Windows (#9863) Changes the process metricset to skip the System Process (PID: 0) as well as any process access has been denied to on Windows. Adds Windows to the documentation. Fixes #9748. --- x-pack/auditbeat/docs/modules/system.asciidoc | 4 ++-- x-pack/auditbeat/module/system/_meta/docs.asciidoc | 4 ++-- x-pack/auditbeat/module/system/process/_meta/docs.asciidoc | 2 +- x-pack/auditbeat/module/system/process/process.go | 7 +++++++ x-pack/auditbeat/module/system/process/process_test.go | 4 ---- x-pack/auditbeat/tests/system/test_metricsets.py | 1 - 6 files changed, 12 insertions(+), 10 deletions(-) diff --git a/x-pack/auditbeat/docs/modules/system.asciidoc b/x-pack/auditbeat/docs/modules/system.asciidoc index abbd8844b86..9447da5cc2c 100644 --- a/x-pack/auditbeat/docs/modules/system.asciidoc +++ b/x-pack/auditbeat/docs/modules/system.asciidoc @@ -14,8 +14,8 @@ a system. All metricsets send both periodic state information (e.g. all currentl running processes) and real-time changes (e.g. when a new process starts or stops). -The module is fully implemented for Linux, and partially implemented -for macOS (Darwin). +The module is fully implemented for Linux. Some metricsets are also available +for macOS (Darwin) and Windows. [float] === How it works diff --git a/x-pack/auditbeat/module/system/_meta/docs.asciidoc b/x-pack/auditbeat/module/system/_meta/docs.asciidoc index e402da99d2e..02e163f7848 100644 --- a/x-pack/auditbeat/module/system/_meta/docs.asciidoc +++ b/x-pack/auditbeat/module/system/_meta/docs.asciidoc @@ -9,8 +9,8 @@ a system. All metricsets send both periodic state information (e.g. all currentl running processes) and real-time changes (e.g. when a new process starts or stops). -The module is fully implemented for Linux, and partially implemented -for macOS (Darwin). +The module is fully implemented for Linux. Some metricsets are also available +for macOS (Darwin) and Windows. [float] === How it works diff --git a/x-pack/auditbeat/module/system/process/_meta/docs.asciidoc b/x-pack/auditbeat/module/system/process/_meta/docs.asciidoc index 8aea2852155..bf702544c3e 100644 --- a/x-pack/auditbeat/module/system/process/_meta/docs.asciidoc +++ b/x-pack/auditbeat/module/system/process/_meta/docs.asciidoc @@ -4,4 +4,4 @@ experimental[] This is the `process` metricset of the system module. -It is implemented for Linux and macOS (Darwin). +It is implemented for Linux, macOS (Darwin), and Windows. diff --git a/x-pack/auditbeat/module/system/process/process.go b/x-pack/auditbeat/module/system/process/process.go index be83e597403..87db7efab0e 100644 --- a/x-pack/auditbeat/module/system/process/process.go +++ b/x-pack/auditbeat/module/system/process/process.go @@ -329,6 +329,13 @@ func (ms *MetricSet) getProcesses() ([]*Process, error) { continue } + if runtime.GOOS == "windows" && (pid == 0 || os.IsPermission(err)) { + // On Windows, the call to Process() can fail if Auditbeat does not have + // the necessary access rights, while trying to open the System Process (PID: 0) + // will always fail. + continue + } + // Record what we can and continue process = &Process{ Info: types.ProcessInfo{ diff --git a/x-pack/auditbeat/module/system/process/process_test.go b/x-pack/auditbeat/module/system/process/process_test.go index 1f3db16311f..e5320a1ede9 100644 --- a/x-pack/auditbeat/module/system/process/process_test.go +++ b/x-pack/auditbeat/module/system/process/process_test.go @@ -5,7 +5,6 @@ package process import ( - "runtime" "testing" "github.com/elastic/beats/auditbeat/core" @@ -13,9 +12,6 @@ import ( ) func TestData(t *testing.T) { - if runtime.GOOS == "windows" { - t.Skip("Fails on Windows - https://github.com/elastic/beats/issues/9748") - } f := mbtest.NewReportingMetricSetV2(t, getConfig()) events, errs := mbtest.ReportingFetchV2(f) if len(errs) > 0 { diff --git a/x-pack/auditbeat/tests/system/test_metricsets.py b/x-pack/auditbeat/tests/system/test_metricsets.py index 0523761d2d5..0081d0f87d0 100644 --- a/x-pack/auditbeat/tests/system/test_metricsets.py +++ b/x-pack/auditbeat/tests/system/test_metricsets.py @@ -33,7 +33,6 @@ def test_metricset_packages(self): self.check_metricset("system", "packages", COMMON_FIELDS + fields, warnings_allowed=True) @unittest.skipIf(sys.platform == "darwin" and os.geteuid != 0, "Requires root on macOS") - @unittest.skipIf(sys.platform == "win32", "Fails on Windows - https://github.com/elastic/beats/issues/9748") def test_metricset_process(self): """ process metricset collects information about processes running on a system.