Skip to content

Commit

Permalink
[Metricbeat] Add a system/users metricset (elastic#16569)
Browse files Browse the repository at this point in the history
* fix file check bug, deal with logging

* init commit of users metricset

* vendor new sub-systemd dep

* refactor dbus calling code

* Revert "vendor new sub-systemd dep"

This reverts commit a1ddc9e.

* make fmt

* cleanup, fix tests

* fix cross-compile issues

* update docs

* code quality cleanup

* make update

* fix deps, update vendor

* update notice

* add changelog

* fix changelog, add example config
  • Loading branch information
fearful-symmetry authored Mar 6, 2020
1 parent a9a2779 commit a034a92
Show file tree
Hide file tree
Showing 60 changed files with 6,923 additions and 2 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Add OpenMetrics Metricbeat module {pull}16596[16596]
- Add `cloudfoundry` module to send events from Cloud Foundry. {pull}16671[16671]
- Add `redisenterprise` module. {pull}16482[16482] {issue}15269[15269]
- Add system/users metricset as beta {pull}16569[16569]
- Align fields to ECS and add more tests for the azure module. {issue}16024[16024] {pull}16754[16754]
- Add additional cgroup fields to docker/diskio{pull}16638[16638]
- Add PubSub metricset to Google Cloud Platform module {pull}15536[15536]
Expand Down
32 changes: 32 additions & 0 deletions NOTICE.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2393,6 +2393,38 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
--------------------------------------------------------------------
Dependency: github.com/godbus/dbus
Revision: ade71ed3457e
License type (autodetected): BSD-2-Clause
./vendor/github.com/godbus/dbus/LICENSE:
--------------------------------------------------------------------
Copyright (c) 2013, Georg Reinke (<guelfey at gmail dot com>), Google
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:

1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

--------------------------------------------------------------------
Dependency: github.com/godbus/dbus/v5
Version: v5.0.3
Expand Down
1 change: 1 addition & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ require (
github.com/go-sourcemap/sourcemap v2.1.2+incompatible // indirect
github.com/go-sql-driver/mysql v1.4.1
github.com/gocarina/gocsv v0.0.0-20170324095351-ffef3ffc77be
github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e
github.com/godror/godror v0.10.4
github.com/gofrs/flock v0.7.2-0.20190320160742-5135e617513b
github.com/gofrs/uuid v3.2.0+incompatible
Expand Down
107 changes: 107 additions & 0 deletions metricbeat/docs/fields.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -36447,6 +36447,113 @@ format: duration

--

[float]
=== users

Logged-in user session data



*`system.users.id`*::
+
--
The ID of the session


type: keyword

--

*`system.users.seat`*::
+
--
An associated logind seat


type: keyword

--

*`system.users.path`*::
+
--
The DBus object path of the session


type: keyword

--

*`system.users.type`*::
+
--
The type of the user session


type: keyword

--

*`system.users.service`*::
+
--
A session associated with the service


type: keyword

--

*`system.users.remote`*::
+
--
A bool indicating a remote session


type: boolean

--

*`system.users.state`*::
+
--
The current state of the session


type: keyword

--

*`system.users.scope`*::
+
--
The associated systemd scope


type: keyword

--

*`system.users.leader`*::
+
--
The root PID of the session


type: long

--

*`system.users.remote_host`*::
+
--
A remote host address for the session


type: keyword

--

[[exported-fields-tomcat]]
== Tomcat fields

Expand Down
4 changes: 4 additions & 0 deletions metricbeat/docs/modules/system.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -274,6 +274,8 @@ The following metricsets are available:

* <<metricbeat-metricset-system-uptime,uptime>>

* <<metricbeat-metricset-system-users,users>>

include::system/core.asciidoc[]

include::system/cpu.asciidoc[]
Expand Down Expand Up @@ -308,3 +310,5 @@ include::system/socket_summary.asciidoc[]

include::system/uptime.asciidoc[]

include::system/users.asciidoc[]

23 changes: 23 additions & 0 deletions metricbeat/docs/modules/system/users.asciidoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
////
This file is generated! See scripts/mage/docs_collector.go
////

[[metricbeat-metricset-system-users]]
=== System users metricset

beta[]

include::../../../module/system/users/_meta/docs.asciidoc[]


==== Fields

For a description of each field in the metricset, see the
<<exported-fields-system,exported fields>> section.

Here is an example document generated by this metricset:

[source,json]
----
include::../../../module/system/users/_meta/data.json[]
----
3 changes: 2 additions & 1 deletion metricbeat/docs/modules_list.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,7 @@ This file is generated! See scripts/mage/docs_collector.go
|<<metricbeat-module-statsd,Statsd>> |image:./images/icon-no.png[No prebuilt dashboards] |
.1+| .1+| |<<metricbeat-metricset-statsd-server,server>>
|<<metricbeat-module-system,System>> |image:./images/icon-yes.png[Prebuilt dashboards are available] |
.17+| .17+| |<<metricbeat-metricset-system-core,core>>
.18+| .18+| |<<metricbeat-metricset-system-core,core>>
|<<metricbeat-metricset-system-cpu,cpu>>
|<<metricbeat-metricset-system-diskio,diskio>>
|<<metricbeat-metricset-system-entropy,entropy>>
Expand All @@ -244,6 +244,7 @@ This file is generated! See scripts/mage/docs_collector.go
|<<metricbeat-metricset-system-socket,socket>>
|<<metricbeat-metricset-system-socket_summary,socket_summary>>
|<<metricbeat-metricset-system-uptime,uptime>>
|<<metricbeat-metricset-system-users,users>> beta[]
|<<metricbeat-module-tomcat,Tomcat>> beta[] |image:./images/icon-yes.png[Prebuilt dashboards are available] |
.4+| .4+| |<<metricbeat-metricset-tomcat-cache,cache>> beta[]
|<<metricbeat-metricset-tomcat-memory,memory>> beta[]
Expand Down
1 change: 1 addition & 0 deletions metricbeat/include/list_common.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions metricbeat/module/system/_meta/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
#- diskio
#- socket
#- services
#- users
process.include_top_n:
by_cpu: 5 # include top 5 processes by CPU
by_memory: 5 # include top 5 processes by memory
Expand Down
2 changes: 1 addition & 1 deletion metricbeat/module/system/fields.go

Large diffs are not rendered by default.

39 changes: 39 additions & 0 deletions metricbeat/module/system/users/_meta/data.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
{
"@timestamp": "2017-10-12T08:05:34.853Z",
"event": {
"dataset": "system.users",
"duration": 115000,
"module": "system"
},
"metricset": {
"name": "users",
"period": 10000
},
"process": {
"pid": 10786
},
"service": {
"type": "system"
},
"source": {
"ip": "192.168.1.86"
},
"system": {
"users": {
"id": 6,
"leader": 10786,
"path": "/org/freedesktop/login1/session/_36",
"remote": true,
"remote_host": "192.168.1.86",
"scope": "session-6.scope",
"seat": "",
"service": "sshd",
"state": "active",
"type": "tty"
}
},
"user": {
"id": 1000,
"name": "alexk"
}
}
11 changes: 11 additions & 0 deletions metricbeat/module/system/users/_meta/docs.asciidoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
The system/users metricset reports logged in users and associated sessions via dbus and logind, which is a systemd component. By default, the metricset will look in `/var/run/dbus/` for a system socket, although a new path can be selected with `DBUS_SYSTEM_BUS_ADDRESS`.

This metricset is available on:

- Linux
[float]
=== Configuration

There are no configuration options for this metricset.
48 changes: 48 additions & 0 deletions metricbeat/module/system/users/_meta/fields.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
- name: users
type: group
release: beta
description: >
Logged-in user session data
fields:
- name: id
type: keyword
description: >
The ID of the session
- name: seat
type: keyword
description: >
An associated logind seat
- name: path
type: keyword
description: >
The DBus object path of the session
- name: type
type: keyword
description: >
The type of the user session
- name: service
type: keyword
description: >
A session associated with the service
- name: remote
type: boolean
description: >
A bool indicating a remote session
- name: state
type: keyword
description: >
The current state of the session
- name: scope
type: keyword
description: >
The associated systemd scope
- name: leader
type: long
description: >
The root PID of the session
- name: remote_host
type: keyword
description: >
A remote host address for the session
Loading

0 comments on commit a034a92

Please sign in to comment.