Skip to content

Commit

Permalink
[Auditbeat] Namespace system module to system.audit (#9499)
Browse files Browse the repository at this point in the history
Namespaces all Auditbeat system module metricsets to `system.audit` to avoid any potential field clashes with Metricbeat.
  • Loading branch information
Christoph Wurm authored Dec 12, 2018
1 parent b814792 commit d72d86d
Show file tree
Hide file tree
Showing 10 changed files with 66 additions and 53 deletions.
2 changes: 1 addition & 1 deletion x-pack/auditbeat/include/fields.go

Large diffs are not rendered by default.

3 changes: 1 addition & 2 deletions x-pack/auditbeat/module/system/_meta/fields.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,7 @@
These are the fields generated by the system module.
release: experimental
fields:
- name: system
- name: system.audit
type: group
description: >
fields:

66 changes: 34 additions & 32 deletions x-pack/auditbeat/module/system/host/_meta/data.json
Original file line number Diff line number Diff line change
Expand Up @@ -14,38 +14,40 @@
"type": "system"
},
"system": {
"host": {
"architecture": "x86_64",
"boottime": "2018-12-04T12:13:02Z",
"containerized": false,
"id": "b0d3f38d51bdeefe224737595c03d916",
"ip": [
"10.0.2.15",
"fe80::2d:fdff:fe81:e747",
"172.28.128.3",
"fe80::a00:27ff:fe1f:7160",
"172.17.0.1",
"fe80::42:83ff:febe:1a3a",
"172.18.0.1",
"fe80::42:9eff:fed3:d888"
],
"mac": [
"02:2d:fd:81:e7:47",
"08:00:27:1f:71:60",
"02:42:83:be:1a:3a",
"02:42:9e:d3:d8:88"
],
"hostname": "ubuntu-bionic",
"os": {
"family": "debian",
"kernel": "4.15.0-39-generic",
"name": "Ubuntu",
"platform": "ubuntu",
"version": "18.04.1 LTS (Bionic Beaver)"
},
"timezone.name": "UTC",
"timezone.offset.sec": 0,
"uptime": 105705490232434
"audit": {
"host": {
"architecture": "x86_64",
"boottime": "2018-12-04T12:13:02Z",
"containerized": false,
"id": "b0d3f38d51bdeefe224737595c03d916",
"ip": [
"10.0.2.15",
"fe80::2d:fdff:fe81:e747",
"172.28.128.3",
"fe80::a00:27ff:fe1f:7160",
"172.17.0.1",
"fe80::42:83ff:febe:1a3a",
"172.18.0.1",
"fe80::42:9eff:fed3:d888"
],
"mac": [
"02:2d:fd:81:e7:47",
"08:00:27:1f:71:60",
"02:42:83:be:1a:3a",
"02:42:9e:d3:d8:88"
],
"hostname": "ubuntu-bionic",
"os": {
"family": "debian",
"kernel": "4.15.0-39-generic",
"name": "Ubuntu",
"platform": "ubuntu",
"version": "18.04.1 LTS (Bionic Beaver)"
},
"timezone.name": "UTC",
"timezone.offset.sec": 0,
"uptime": 105705490232434
}
}
}
}
2 changes: 2 additions & 0 deletions x-pack/auditbeat/module/system/host/host.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ import (
const (
moduleName = "system"
metricsetName = "host"
namespace = "system.audit.host"

bucketName = "host.v1"
bucketKeyLastHost = "lastHost"
Expand Down Expand Up @@ -146,6 +147,7 @@ func (host *Host) toMapStr() common.MapStr {
func init() {
mb.Registry.MustAddMetricSet(moduleName, metricsetName, New,
mb.DefaultMetricSet(),
mb.WithNamespace(namespace),
)
}

Expand Down
2 changes: 2 additions & 0 deletions x-pack/auditbeat/module/system/packages/packages.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ import (
const (
moduleName = "system"
metricsetName = "packages"
//namespace = "system.audit.packages"

redhat = "redhat"
debian = "debian"
Expand All @@ -40,6 +41,7 @@ const (
func init() {
/*mb.Registry.MustAddMetricSet(moduleName, metricsetName, New,
mb.DefaultMetricSet(),
mb.WithNamespace(namespace),
)*/
}

Expand Down
2 changes: 2 additions & 0 deletions x-pack/auditbeat/module/system/process/process.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
const (
moduleName = "system"
metricsetName = "process"
namespace = "system.audit.process"

bucketName = "auditbeat.process.v1"
bucketKeyStateTimestamp = "state_timestamp"
Expand All @@ -41,6 +42,7 @@ const (
func init() {
mb.Registry.MustAddMetricSet(moduleName, metricsetName, New,
mb.DefaultMetricSet(),
mb.WithNamespace(namespace),
)
}

Expand Down
2 changes: 2 additions & 0 deletions x-pack/auditbeat/module/system/socket/socket.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ import (
const (
moduleName = "system"
metricsetName = "socket"
namespace = "system.audit.socket"

eventTypeState = "state"
eventTypeEvent = "event"
Expand All @@ -42,6 +43,7 @@ const (
func init() {
mb.Registry.MustAddMetricSet(moduleName, metricsetName, New,
mb.DefaultMetricSet(),
mb.WithNamespace(namespace),
)
}

Expand Down
32 changes: 17 additions & 15 deletions x-pack/auditbeat/module/system/user/_meta/data.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,22 +16,24 @@
"name": "ubuntu"
},
"system": {
"user": {
"uid": 1001,
"gid": 1001,
"name": "ubuntu",
"dir": "/home/ubuntu",
"shell": "/bin/bash",
"user_information": "Ubuntu",
"group": [
{
"name": "sudo",
"gid": 27
"audit": {
"user": {
"uid": 1001,
"gid": 1001,
"name": "ubuntu",
"dir": "/home/ubuntu",
"shell": "/bin/bash",
"user_information": "Ubuntu",
"group": [
{
"name": "sudo",
"gid": 27
}
],
"password": {
"type": "shadow_password",
"last_changed": "2018-09-21T00:00:00.000Z"
}
],
"password": {
"type": "shadow_password",
"last_changed": "2018-09-21T00:00:00.000Z"
}
}
}
Expand Down
2 changes: 2 additions & 0 deletions x-pack/auditbeat/module/system/user/user.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ import (
const (
moduleName = "system"
metricsetName = "user"
namespace = "system.audit.user"

passwdFile = "/etc/passwd"
groupFile = "/etc/group"
Expand Down Expand Up @@ -156,6 +157,7 @@ func (user User) toMapStr() common.MapStr {
func init() {
mb.Registry.MustAddMetricSet(moduleName, metricsetName, New,
mb.DefaultMetricSet(),
mb.WithNamespace(namespace),
)
}

Expand Down
6 changes: 3 additions & 3 deletions x-pack/auditbeat/tests/system/test_metricsets.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ def test_metricset_host(self):
host metricset collects general information about a server.
"""

fields = ["system.host.uptime", "system.host.ip", "system.host.os.name"]
fields = ["system.audit.host.uptime", "system.audit.host.ip", "system.audit.host.os.name"]

# Metricset is experimental and that generates a warning, TODO: remove later
# TODO: Remove try/catch once new fields are in fields.ecs.yml
Expand All @@ -35,7 +35,7 @@ def test_metricset_packages(self):
packages metricset collects information about installed packages on a system.
"""

fields = ["system.packages.package"]
fields = ["system.audit.packages.package"]

# Metricset is experimental and that generates a warning, TODO: remove later
self.check_metricset("system", "packages", COMMON_FIELDS + fields, warnings_allowed=True)
Expand Down Expand Up @@ -81,7 +81,7 @@ def test_metricset_user(self):
user metricset collects information about users on a server.
"""

fields = ["system.user.name"]
fields = ["system.audit.user.name"]

# Metricset is experimental and that generates a warning, TODO: remove later
# TODO: Remove try/catch once new fields are in fields.ecs.yml
Expand Down

0 comments on commit d72d86d

Please sign in to comment.