Skip to content

Commit

Permalink
Specify an ECS version in Auditbeat/Packetbeat/Winlogbeat (elastic#19159
Browse files Browse the repository at this point in the history
)

When we update the Beat (include all of its modules) we will then bump the ECS
version that it includes in events.

I went for a less granular approach than what is being used in Filebeat because
I think it's desirable to move a whole beat to a new ECS version "at once" and
more realistic to do so with these Beats that have fewer updates. By "at once" I
mean we won't release a version that is partially updated. This implies that if
we will be making multiple commits that we should use a feature branch to
ensure the update is atomic.

Closes elastic#17688
  • Loading branch information
andrewkroh authored Jul 13, 2020
1 parent e69eb97 commit 256b50d
Show file tree
Hide file tree
Showing 4 changed files with 54 additions and 15 deletions.
19 changes: 17 additions & 2 deletions auditbeat/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,19 @@ import (
"github.com/elastic/beats/v7/auditbeat/core"
"github.com/elastic/beats/v7/libbeat/cmd"
"github.com/elastic/beats/v7/libbeat/cmd/instance"
"github.com/elastic/beats/v7/libbeat/common"
"github.com/elastic/beats/v7/libbeat/publisher/processing"
"github.com/elastic/beats/v7/metricbeat/beater"
"github.com/elastic/beats/v7/metricbeat/mb/module"
)

// Name of the beat (auditbeat).
const Name = "auditbeat"
const (
// Name of the beat (auditbeat).
Name = "auditbeat"

// ecsVersion specifies the version of ECS that Auditbeat is implementing.
ecsVersion = "1.5.0"
)

// RootCmd for running auditbeat.
var RootCmd *cmd.BeatsRootCmd
Expand All @@ -40,6 +47,13 @@ var ShowCmd = &cobra.Command{
Short: "Show modules information",
}

// withECSVersion is a modifier that adds ecs.version to events.
var withECSVersion = processing.WithFields(common.MapStr{
"ecs": common.MapStr{
"version": ecsVersion,
},
})

func init() {
create := beater.Creator(
beater.WithModuleOptions(
Expand All @@ -51,6 +65,7 @@ func init() {
RunFlags: runFlags,
Name: Name,
HasDashboards: true,
Processing: processing.MakeDefaultSupport(true, withECSVersion, processing.WithHost, processing.WithAgentMeta()),
}
RootCmd = cmd.GenRootCmdWithSettings(create, settings)
RootCmd.AddCommand(ShowCmd)
Expand Down
4 changes: 0 additions & 4 deletions auditbeat/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,6 @@ import (

"github.com/elastic/beats/v7/auditbeat/cmd"

// Register modules.
_ "github.com/elastic/beats/v7/auditbeat/module/auditd"
_ "github.com/elastic/beats/v7/auditbeat/module/file_integrity"

// Register includes.
_ "github.com/elastic/beats/v7/auditbeat/include"
)
Expand Down
25 changes: 20 additions & 5 deletions packetbeat/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,16 +22,30 @@ import (

"github.com/spf13/pflag"

// import protocol modules
_ "github.com/elastic/beats/v7/packetbeat/include"

cmd "github.com/elastic/beats/v7/libbeat/cmd"
"github.com/elastic/beats/v7/libbeat/cmd/instance"
"github.com/elastic/beats/v7/libbeat/common"
"github.com/elastic/beats/v7/libbeat/publisher/processing"
"github.com/elastic/beats/v7/packetbeat/beater"

// Register fields and protocol modules.
_ "github.com/elastic/beats/v7/packetbeat/include"
)

const (
// Name of this beat.
Name = "packetbeat"

// ecsVersion specifies the version of ECS that Packetbeat is implementing.
ecsVersion = "1.5.0"
)

// Name of this beat
var Name = "packetbeat"
// withECSVersion is a modifier that adds ecs.version to events.
var withECSVersion = processing.WithFields(common.MapStr{
"ecs": common.MapStr{
"version": ecsVersion,
},
})

// RootCmd to handle beats cli
var RootCmd *cmd.BeatsRootCmd
Expand All @@ -48,6 +62,7 @@ func init() {
RunFlags: runFlags,
Name: Name,
HasDashboards: true,
Processing: processing.MakeDefaultSupport(true, withECSVersion, processing.WithHost, processing.WithAgentMeta()),
}
RootCmd = cmd.GenRootCmdWithSettings(beater.New, settings)
RootCmd.AddCommand(genDevicesCommand())
Expand Down
21 changes: 17 additions & 4 deletions winlogbeat/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ package cmd
import (
"github.com/elastic/beats/v7/libbeat/cmd"
"github.com/elastic/beats/v7/libbeat/cmd/instance"
"github.com/elastic/beats/v7/libbeat/common"
"github.com/elastic/beats/v7/libbeat/publisher/processing"
"github.com/elastic/beats/v7/winlogbeat/beater"

Expand All @@ -32,12 +33,24 @@ import (
_ "github.com/elastic/beats/v7/winlogbeat/processors/script/javascript/module/winlogbeat"
)

// Name of this beat
var Name = "winlogbeat"
const (
// Name of this beat.
Name = "winlogbeat"

// RootCmd to handle beats cli
// ecsVersion specifies the version of ECS that Winlogbeat is implementing.
ecsVersion = "1.5.0"
)

// withECSVersion is a modifier that adds ecs.version to events.
var withECSVersion = processing.WithFields(common.MapStr{
"ecs": common.MapStr{
"version": ecsVersion,
},
})

// RootCmd to handle beats CLI.
var RootCmd = cmd.GenRootCmdWithSettings(beater.New, instance.Settings{
Name: Name,
HasDashboards: true,
Processing: processing.MakeDefaultSupport(true, processing.WithECS, processing.WithAgentMeta()),
Processing: processing.MakeDefaultSupport(true, withECSVersion, processing.WithAgentMeta()),
})

0 comments on commit 256b50d

Please sign in to comment.