Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify capabilities of the Filebeat auditd module #17068

Merged
merged 3 commits into from
Jun 1, 2020

Conversation

rwaight
Copy link
Contributor

@rwaight rwaight commented Mar 17, 2020

Update filebeat/docs/modules/auditd.asciidoc - Add note regarding capabilities of the Filebeat auditd module

What does this PR do?

Update Filebeat auditd module documentation

Why is it important?

Clarify capabilities of the Filebeat auditd module

Checklist

- [ ] My code follows the style guidelines of this project
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [ ] I have made corresponding change to the default configuration files
- [ ] I have added tests that prove my fix is effective or that my feature works

Author's Checklist

  • [ ]

Related issues

Use cases

Update `filebeat/docs/modules/auditd.asciidoc` - Add note regarding capabilities of the Filebeat auditd module
@rwaight rwaight self-assigned this Mar 17, 2020
@rwaight rwaight added docs needs_edit Indicates that the doc changes need an edit after merging. Filebeat Filebeat labels Mar 17, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@dedemorton
Copy link
Contributor

Hope you don't mind me commenting on this draft-level PR. The CI intake job is failing because you've updated a generated file. You need to update this file instead: beats/filebeat/module/auditd/_meta/docs.asciidoc

Then run make update in the beats directory.

If you don't have your development environment set up, I can always run the update and push it to your branch. (I'm on vacation next week, though, so remind me when I'm back.)

@elasticmachine
Copy link
Collaborator

elasticmachine commented May 8, 2020

💔 Build Failed

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Branch indexing]

  • Start Time: 2020-05-20T20:02:45.859+0000

  • Duration: 10 min 23 sec (622684)

Steps errors

Expand to view the steps failures

  • Name: Make check
    • Description: make check

    • Result: FAILURE

    • Duration: 3 min 52 sec

    • Start Time: 2020-05-20T20:09:22.899+0000

    • log

Log output

Expand to view the last 100 lines of log output

[2020-05-20T20:12:25.892Z] Stage "Generators" skipped due to earlier failure(s)
[2020-05-20T20:12:25.896Z] Stage "Kubernetes" skipped due to earlier failure(s)
[2020-05-20T20:12:26.349Z] Stage "Heartbeat" skipped due to earlier failure(s)
[2020-05-20T20:12:26.351Z] Stage "Auditbeat oss" skipped due to earlier failure(s)
[2020-05-20T20:12:26.354Z] Stage "Libbeat" skipped due to earlier failure(s)
[2020-05-20T20:12:26.356Z] Stage "Metricbeat x-pack" skipped due to earlier failure(s)
[2020-05-20T20:12:26.358Z] Stage "Packetbeat" skipped due to earlier failure(s)
[2020-05-20T20:12:26.360Z] Stage "dockerlogbeat" skipped due to earlier failure(s)
[2020-05-20T20:12:26.361Z] Stage "Winlogbeat" skipped due to earlier failure(s)
[2020-05-20T20:12:26.363Z] Stage "Functionbeat" skipped due to earlier failure(s)
[2020-05-20T20:12:26.365Z] Stage "Journalbeat" skipped due to earlier failure(s)
[2020-05-20T20:12:26.366Z] Stage "Generators" skipped due to earlier failure(s)
[2020-05-20T20:12:27.516Z] Failed in branch Elastic Agent x-pack
[2020-05-20T20:12:27.519Z] Failed in branch Elastic Agent x-pack Windows
[2020-05-20T20:12:27.523Z] Failed in branch Elastic Agent Mac OS X
[2020-05-20T20:12:27.528Z] Failed in branch Filebeat oss
[2020-05-20T20:12:27.529Z] Failed in branch Filebeat x-pack
[2020-05-20T20:12:27.555Z] Failed in branch Filebeat Mac OS X
[2020-05-20T20:12:27.556Z] Failed in branch Filebeat x-pack Mac OS X
[2020-05-20T20:12:27.558Z] Failed in branch Filebeat Windows
[2020-05-20T20:12:27.559Z] Failed in branch Filebeat x-pack Windows
[2020-05-20T20:12:27.560Z] Failed in branch Auditbeat x-pack
[2020-05-20T20:12:27.562Z] Failed in branch Libbeat x-pack
[2020-05-20T20:12:27.562Z] Failed in branch Metricbeat OSS Unit tests
[2020-05-20T20:12:27.563Z] Failed in branch Metricbeat OSS Integration tests
[2020-05-20T20:12:27.564Z] Failed in branch Metricbeat Python integration tests
[2020-05-20T20:12:27.565Z] Failed in branch Metricbeat crosscompile
[2020-05-20T20:12:27.566Z] Failed in branch Metricbeat Mac OS X
[2020-05-20T20:12:27.568Z] Failed in branch Metricbeat x-pack Mac OS X
[2020-05-20T20:12:27.569Z] Failed in branch Metricbeat Windows
[2020-05-20T20:12:27.569Z] Failed in branch Metricbeat x-pack Windows
[2020-05-20T20:12:27.571Z] Failed in branch Winlogbeat Windows x-pack
[2020-05-20T20:12:27.574Z] Failed in branch Kubernetes
[2020-05-20T20:12:29.469Z] Stage "Heartbeat" skipped due to earlier failure(s)
[2020-05-20T20:12:29.471Z] Stage "Auditbeat oss" skipped due to earlier failure(s)
[2020-05-20T20:12:29.472Z] Stage "Libbeat" skipped due to earlier failure(s)
[2020-05-20T20:12:29.473Z] Stage "Metricbeat x-pack" skipped due to earlier failure(s)
[2020-05-20T20:12:29.493Z] Stage "Winlogbeat" skipped due to earlier failure(s)
[2020-05-20T20:12:29.531Z] Stage "Functionbeat" skipped due to earlier failure(s)
[2020-05-20T20:12:29.533Z] Stage "Generators" skipped due to earlier failure(s)
[2020-05-20T20:12:29.834Z] Failed in branch Packetbeat
[2020-05-20T20:12:29.835Z] Failed in branch dockerlogbeat
[2020-05-20T20:12:29.836Z] Failed in branch Journalbeat
[2020-05-20T20:12:31.471Z] Stage "Heartbeat" skipped due to earlier failure(s)
[2020-05-20T20:12:31.474Z] Stage "Auditbeat oss" skipped due to earlier failure(s)
[2020-05-20T20:12:31.476Z] Stage "Libbeat" skipped due to earlier failure(s)
[2020-05-20T20:12:31.477Z] Stage "Functionbeat" skipped due to earlier failure(s)
[2020-05-20T20:12:31.480Z] Stage "Generators" skipped due to earlier failure(s)
[2020-05-20T20:12:31.647Z] Failed in branch Metricbeat x-pack
[2020-05-20T20:12:31.648Z] Failed in branch Winlogbeat
[2020-05-20T20:12:32.699Z] Failed in branch Heartbeat
[2020-05-20T20:12:32.701Z] Failed in branch Libbeat
[2020-05-20T20:12:32.702Z] Failed in branch Functionbeat
[2020-05-20T20:12:32.703Z] Stage "Auditbeat oss" skipped due to earlier failure(s)
[2020-05-20T20:12:32.705Z] Stage "Generators" skipped due to earlier failure(s)
[2020-05-20T20:12:33.777Z] Failed in branch Auditbeat oss
[2020-05-20T20:12:33.778Z] Failed in branch Generators
[2020-05-20T20:12:34.502Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-17068/src/github.com/elastic/beats
[2020-05-20T20:12:35.604Z] + find . -type f -name TEST*.xml -path */build/* -delete
[2020-05-20T20:12:35.792Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-17068/src/github.com/elastic/beats/Lint
[2020-05-20T20:12:37.152Z] + cat
[2020-05-20T20:12:37.153Z] + /usr/local/bin/runbld ./runbld-script
[2020-05-20T20:12:37.153Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-05-20T20:12:42.818Z] runbld>>> runbld started
[2020-05-20T20:12:42.819Z] runbld>>> 1.6.11/a66728ff8f4356963772e6e6d2069392fa06acbe
[2020-05-20T20:12:44.740Z] runbld>>> The following profiles matched the job 'Beats/beats-beats-mbp/PR-17068' in order of occurrence in the config (last value wins).
[2020-05-20T20:12:46.119Z] runbld>>> Debug logging enabled.
[2020-05-20T20:12:46.119Z] runbld>>> Storing result
[2020-05-20T20:12:46.119Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-05-20T20:12:46.120Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200520201245-DC7774B7
[2020-05-20T20:12:46.120Z] runbld>>> Adding system facts.
[2020-05-20T20:12:46.739Z] runbld>>> Adding vcs info for the latest commit:  2da23410be5ed39cae03fd0884cb24c5082c7ff5
[2020-05-20T20:12:46.739Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-05-20T20:12:46.739Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-05-20T20:12:47.443Z] Processing JUnit reports with runbld...
[2020-05-20T20:12:47.443Z] + echo 'Processing JUnit reports with runbld...'
[2020-05-20T20:12:47.443Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-05-20T20:12:47.443Z] runbld>>> DURATION: 10ms
[2020-05-20T20:12:47.443Z] runbld>>> STDOUT: 40 bytes
[2020-05-20T20:12:47.443Z] runbld>>> STDERR: 49 bytes
[2020-05-20T20:12:47.443Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-05-20T20:12:47.443Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-17068/src/github.com/elastic/beats
[2020-05-20T20:12:48.628Z] runbld>>> Storing build metadata: 
[2020-05-20T20:12:48.628Z] runbld>>> Adding test report.
[2020-05-20T20:12:48.628Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-17068/src/github.com/elastic/beats
[2020-05-20T20:12:49.285Z] runbld>>> Found 0 test output files
[2020-05-20T20:12:49.285Z] runbld>>> Test output logs contained: Errors: 0 Failures: 0 Tests: 0 Skipped: 0
[2020-05-20T20:12:49.285Z] runbld>>> Storing result
[2020-05-20T20:12:49.923Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-05-20T20:12:49.923Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200520201245-DC7774B7
[2020-05-20T20:12:49.923Z] runbld>>> Email notification disabled by environment variable.
[2020-05-20T20:12:49.923Z] runbld>>> Slack notification disabled by environment variable.
[2020-05-20T20:13:03.605Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-17068
[2020-05-20T20:13:05.172Z] [INFO] getVaultSecret: Getting secrets
[2020-05-20T20:13:05.892Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-05-20T20:13:08.921Z] + chmod 755 generate-build-data.sh
[2020-05-20T20:13:08.921Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-17068/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-17068/runs/15 FAILURE 622684
[2020-05-20T20:13:09.472Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-17068/runs/15/steps/?limit=10000 -o steps-info.json
[2020-05-20T20:13:14.667Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-17068/runs/15/tests/?status=FAILED -o tests-errors.json
[2020-05-20T20:13:15.218Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-17068/runs/15/log/ -o pipeline-log.txt

@elasticmachine
Copy link
Collaborator

elasticmachine commented May 26, 2020

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [dedemorton commented: jenkins run the tests please]

  • Start Time: 2020-05-27T19:13:37.631+0000

  • Duration: 21 min 0 sec

@rwaight
Copy link
Contributor Author

rwaight commented May 26, 2020

Hey @dedemorton, sorry I forgot about this one and do not have a dev environment. As mentioned in #17068 (comment), would you be able to update the branch for me?

@dedemorton
Copy link
Contributor

So I made a little edit to your text, but it's weird because my second edit didn't get picked up by the update script. Anyhow, I'll figure out what's wrong and push another commit soon.

@rwaight rwaight marked this pull request as ready for review May 27, 2020 13:56
@dedemorton dedemorton removed the needs_edit Indicates that the doc changes need an edit after merging. label May 27, 2020
@dedemorton
Copy link
Contributor

jenkins run the tests please

@dedemorton dedemorton added the needs_backport PR is waiting to be backported to other branches. label May 27, 2020
@dedemorton dedemorton merged commit 2644743 into master Jun 1, 2020
@dedemorton dedemorton deleted the rwaight-patch-20200317 branch June 1, 2020 17:52
@zube zube bot added [zube]: Done and removed [zube]: Inbox labels Jun 1, 2020
dedemorton added a commit to dedemorton/beats that referenced this pull request Jun 1, 2020
* Update filebeat/docs/modules/auditd.asciidoc

Update `filebeat/docs/modules/auditd.asciidoc` - Add note regarding capabilities of the Filebeat auditd module

* Edit text and run make update

* Run make update again

Co-authored-by: DeDe Morton <dede.morton@elastic.co>
dedemorton added a commit to dedemorton/beats that referenced this pull request Jun 1, 2020
* Update filebeat/docs/modules/auditd.asciidoc

Update `filebeat/docs/modules/auditd.asciidoc` - Add note regarding capabilities of the Filebeat auditd module

* Edit text and run make update

* Run make update again

Co-authored-by: DeDe Morton <dede.morton@elastic.co>
dedemorton added a commit to dedemorton/beats that referenced this pull request Jun 1, 2020
* Update filebeat/docs/modules/auditd.asciidoc

Update `filebeat/docs/modules/auditd.asciidoc` - Add note regarding capabilities of the Filebeat auditd module

* Edit text and run make update

* Run make update again

Co-authored-by: DeDe Morton <dede.morton@elastic.co>
@dedemorton dedemorton changed the title [WIP] Clarify capabilities of the Filebeat auditd module Clarify capabilities of the Filebeat auditd module Jun 1, 2020
@dedemorton dedemorton removed the needs_backport PR is waiting to be backported to other branches. label Jun 1, 2020
v1v added a commit to v1v/beats that referenced this pull request Jun 2, 2020
…-stage-level

* upstream/master: (30 commits)
  Add a GRPC listener service for Agent (elastic#18827)
  Disable host.* fields by default for iptables module (elastic#18756)
  [WIP] Clarify capabilities of the Filebeat auditd module (elastic#17068)
  fix: rename file and remove extra separator (elastic#18881)
  ci: enable JJBB (elastic#18812)
  Disable host.* fields by default for Checkpoint module (elastic#18754)
  Disable host.* fields by default for Cisco module (elastic#18753)
  Update latest.yml testing env to 7.7.0 (elastic#18535)
  Upgrade k8s.io/client-go and k8s keystore tests (elastic#18817)
  Add missing Jenkins stages for Auditbeat (elastic#18835)
  [Elastic Log Driver] Create a config shim between libbeat and the user (elastic#18605)
  Use indexers and matchers in config when defaults are enabled (elastic#18818)
  Fix panic on `metricbeat test modules` (elastic#18797)
  [CI] Fix permissions in MacOSX agents (elastic#18847)
  [Ingest Manager] When not port are specified and the https is used fallback to 443 (elastic#18844)
  [Ingest Manager] Fix install service script for windows (elastic#18814)
  [Metricbeat] Fix getting compute instance metadata with partial zone/region config (elastic#18757)
  Improve error messages in s3 input (elastic#18824)
  Add memory metrics into compute googlecloud (elastic#18802)
  include bucket name when logging error (elastic#18679)
  ...
dedemorton added a commit that referenced this pull request Jun 2, 2020
…8884)

* Update filebeat/docs/modules/auditd.asciidoc

Update `filebeat/docs/modules/auditd.asciidoc` - Add note regarding capabilities of the Filebeat auditd module

* Edit text and run make update

* Run make update again

Co-authored-by: DeDe Morton <dede.morton@elastic.co>

Co-authored-by: Rob Waight <43173714+rwaight@users.noreply.github.com>
dedemorton added a commit that referenced this pull request Jun 2, 2020
…8885)

* Update filebeat/docs/modules/auditd.asciidoc

Update `filebeat/docs/modules/auditd.asciidoc` - Add note regarding capabilities of the Filebeat auditd module

* Edit text and run make update

* Run make update again

Co-authored-by: DeDe Morton <dede.morton@elastic.co>

Co-authored-by: Rob Waight <43173714+rwaight@users.noreply.github.com>
dedemorton added a commit that referenced this pull request Jun 2, 2020
…8886)

* Update filebeat/docs/modules/auditd.asciidoc

Update `filebeat/docs/modules/auditd.asciidoc` - Add note regarding capabilities of the Filebeat auditd module

* Edit text and run make update

* Run make update again

Co-authored-by: DeDe Morton <dede.morton@elastic.co>

Co-authored-by: Rob Waight <43173714+rwaight@users.noreply.github.com>
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
…) (elastic#18886)

* Update filebeat/docs/modules/auditd.asciidoc

Update `filebeat/docs/modules/auditd.asciidoc` - Add note regarding capabilities of the Filebeat auditd module

* Edit text and run make update

* Run make update again

Co-authored-by: DeDe Morton <dede.morton@elastic.co>

Co-authored-by: Rob Waight <43173714+rwaight@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Docs] Filebeat auditd module capabilities are unclear
4 participants