Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Auditbeat] Update host metricset #9421

Merged
merged 18 commits into from
Dec 11, 2018
Merged

[Auditbeat] Update host metricset #9421

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
10e7b2d
Introduce reportState() and hostEvent().
Dec 5, 2018
84db222
Report only IPs and MACs for network.
Dec 5, 2018
b2d91e4
Update test data.
Dec 5, 2018
dc78be1
Scheduled state reporting.
Dec 6, 2018
223da9c
Add reportChanges().
Dec 6, 2018
aed16a1
Fix test data.
Dec 6, 2018
fc3b340
Persist state.
Dec 6, 2018
a279be3
Update fields.
Dec 6, 2018
7a21de6
Change to hostname.
Dec 6, 2018
73c5f69
Remove validate().
Dec 7, 2018
0ad4232
Remove newline.
Dec 7, 2018
283df81
Change to eventAction enum.
Dec 7, 2018
a70e2e9
Add hostname change detection.
Dec 7, 2018
35e4d55
Form hash directly from struct fields.
Dec 7, 2018
1dfdf9c
Id to ID makes Hound happy.
Dec 7, 2018
16ceea7
Use binary.Write instead of strconv.Itoa when forming hash.
Dec 10, 2018
fa6e4ba
Capitalize String() and remove todo.
Dec 10, 2018
3a739a4
Update to fields.go
Dec 10, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion x-pack/auditbeat/include/fields.go
View file
Open in desktop

Large diffs are not rendered by default.

53 changes: 29 additions & 24 deletions x-pack/auditbeat/module/system/host/_meta/data.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,46 +1,51 @@
{
"@timestamp": "2017-10-12T08:05:34.853Z",
"beat": {
"agent": {
tsg marked this conversation as resolved.
Show resolved Hide resolved
"hostname": "host.example.com",
"name": "host.example.com"
},
"metricset": {
"event": {
"action": "host",
"dataset": "host",
"module": "system",
"name": "host",
"rtt": 115
"type": "state"
},
"service": {
"type": "system"
},
"system": {
"host": {
"architecture": "x86_64",
"boottime": "2018-10-01T13:33:02Z",
"boottime": "2018-12-04T12:13:02Z",
"containerized": false,
"id": "87778e62461b4d609aee5a20f2ec4be6",
"name": "ubuntu-bionic",
"network": {
"interfaces": [
{
"flags": "up|broadcast|multicast",
"index": 2,
"ip": [
"10.0.2.15",
"fe80::2d:fdff:fe81:e747"
],
"mac": "02:2d:fd:81:e7:47",
"mtu": 1500,
"name": "enp0s3"
}
]
},
"id": "b0d3f38d51bdeefe224737595c03d916",
"ip": [
"10.0.2.15",
"fe80::2d:fdff:fe81:e747",
"172.28.128.3",
"fe80::a00:27ff:fe1f:7160",
"172.17.0.1",
"fe80::42:83ff:febe:1a3a",
"172.18.0.1",
"fe80::42:9eff:fed3:d888"
],
"mac": [
"02:2d:fd:81:e7:47",
"08:00:27:1f:71:60",
"02:42:83:be:1a:3a",
"02:42:9e:d3:d8:88"
],
"hostname": "ubuntu-bionic",
"os": {
"family": "debian",
"kernel": "4.15.0-34-generic",
"kernel": "4.15.0-39-generic",
"name": "Ubuntu",
"platform": "ubuntu",
"version": "18.04.1 LTS (Bionic Beaver)"
},
"timezone.name": "UTC",
"timezone.offset.sec": 0,
"uptime": 222611977726
"uptime": 105705490232434
}
}
}
44 changes: 9 additions & 35 deletions x-pack/auditbeat/module/system/host/_meta/fields.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
type: long
description: >
Timezone offset in seconds.
- name: name
- name: hostname
type: keyword
description: >
Hostname.
Expand All @@ -36,6 +36,14 @@
type: keyword
description: >
Host architecture (e.g. x86_64).
- name: mac
type: keyword
description: >
MAC addresses.
- name: ip
type: ip
description: >
IP addresses.
- name: os
type: group
description: >
Expand All @@ -61,37 +69,3 @@
type: keyword
description: >
The operating system's kernel version.
- name: network
type: group
description: >
`network` contains network information from the system.
fields:
- name: interfaces
type: array
description: >
`interfaces` contains information about network interfaces.
fields:
- name: index
type: integer
description: >
Index of the interface.
- name: mtu
type: integer
description: >
Maximum transmission unit.
- name: name
type: keyword
description: >
Interface name.
- name: mac
type: keyword
description: >
MAC address.
- name: flags
type: text
description: >
Interface flags.
- name: ip
type: ip
description: >
IP addresses.
28 changes: 28 additions & 0 deletions x-pack/auditbeat/module/system/host/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
// or more contributor license agreements. Licensed under the Elastic License;
// you may not use this file except in compliance with the Elastic License.

package host

import (
"time"
)

// config defines the metricset's configuration options.
type config struct {
StatePeriod time.Duration `config:"state.period"`
HostStatePeriod time.Duration `config:"host.state.period"`
}

func (c *config) effectiveStatePeriod() time.Duration {
if c.HostStatePeriod != 0 {
return c.HostStatePeriod
}
return c.StatePeriod
}

func defaultConfig() config {
return config{
StatePeriod: 1 * time.Hour,
}
}
Loading