Skip to content

Latest commit

 

History

History
192 lines (131 loc) · 8.19 KB

CHANGELOG.next.asciidoc

File metadata and controls

192 lines (131 loc) · 8.19 KB
Raw

Beats version HEAD

Breaking changes

Affecting all Beats

  • Update to Golang 1.12.1. 11330

  • Update to Golang 1.12.4. 11782

Auditbeat

  • Auditd module: Normalized value of event.category field from user-login to authentication. 11432

  • Auditd module: Unset auditd.session and user.audit.id fields are removed from audit events. 11431 11815

Filebeat - Modify apache/error dataset to follow ECS. 8963 - Rename many traefik.access.* fields to map to ECS. 9005 - Fix parsing of GC entries in elasticsearch server log. 9513 9810 - Add read_buffer configuration option. 11739

Heartbeat

  • Removed the add_host_metadata and add_cloud_metadata processors from the default config. These don’t fit well with ECS for Heartbeat and were rarely used.

Journalbeat

Metricbeat

  • Add new option OpMultiplyBuckets to scale histogram buckets to avoid decimal points in final events 10994

  • Change cloud.provider from ec2 to aws and from gce to gcp in add_cloud_metadata to align with ECS. 10775 11687

  • system/raid metricset now uses /sys/block instead of /proc/mdstat for data. 11613

Packetbeat

  • Add support for mongodb opcode 2013 (OP_MSG). 6191 8594

Winlogbeat

  • Adjust Winlogbeat fields to map to ECS. 10333

Functionbeat

Bugfixes

Affecting all Beats

  • Ensure all beat commands respect configured settings. 10721

  • Add missing fields and test cases for libbeat add_kubernetes_metadata processor. 11133, 11134

  • decode_json_field: process objects and arrays only 11312

  • decode_json_field: do not process arrays when flag not set. 11318

  • Report faulting file when config reload fails. 1130411304

  • Fix a typo in libbeat/outputs/transport/client.go by updating c.conn.LocalAddr() to c.conn.RemoteAddr(). 11242

  • Management configuration backup file will now have a timestamps in their name. 11034

  • [CM] Parse enrollment_token response correctly 11648

  • Not hiding error in case of http failure using elastic fetcher 11604

  • Relax validation of the X-Pack license UID value. 11640

  • Fix a parsing error with the X-Pack license check on 32-bit system. 11650

  • Fix ILM policy always being overwritten. 11671

  • Fix template always being overwritten. 11671

  • Fix matching of string arrays in contains condition. 11691

  • Fix formatting for event.duration, "human readable" was not working well for this. 11675

  • Fix initialization of the TCP input logger. 11605

  • Fix flaky service_integration_windows_test test by introducing a confidence factor and enriching the error message with more service details. 8880 and 7977

Auditbeat

  • Package dataset: dlopen versioned librpm shared objects. 11565

  • Package dataset: Nullify Librpm’s rpmsqEnable. 11628

Filebeat

  • Add support for Cisco syslog format used by their switch. 10760

  • Cover empty request data, url and version in Apache2 modulehttps://github.com//pull/10730[10730]

  • Fix registry entries not being cleaned due to race conditions. 10747

  • Improve detection of file deletion on Windows. 10747

  • Fix goroutine leak happening when harvesters are dynamically stopped. 11263

  • Fix add_docker_metadata source matching, using log.file.path field now. 11577

  • Add missing Kubernetes metadata fields to Filebeat CoreDNS module, and fix a documentation error. 11591

  • Reduce memory usage if long lines are truncated to fit max_bytes limit. The line buffer is copied into a smaller buffer now. This allows the runtime to release unused memory earlier. 11524

Heartbeat

Journalbeat

Metricbeat

  • Add _bucket to histogram metrics in Prometheus Collector 11578

  • Prevent the docker/memory metricset from processing invalid events before container start 11676

  • Change add_cloud_metadata processor to not overwrite cloud field when it already exist in the event. 11612 11305

Packetbeat

  • Prevent duplicate packet loss error messages in HTTP events. 10709

  • Avoid reporting unknown MongoDB opcodes more than once. 10878

Winlogbeat

Functionbeat

Added

Affecting all Beats

  • Add network condition to processors for matching IP addresses against CIDRs. 10743

  • Add if/then/else support to processors. 10744

  • Add community_id processor for computing network flow hashes. 10745

  • Add output test to kafka output 10834

  • Gracefully shut down on SIGHUP 10704

  • New processor: copy_fields. 11303

  • Add error.message to events when fail_on_error is set in rename and copy_fields processors. 11303

  • New processor: truncate_fields. 11297

  • Allow a beat to ship monitoring data directly to an Elasticsearch monitoring clsuter. 9260

  • Updated go-seccomp-bpf library to v1.1.0 which updates syscall lists for Linux v5.0. NNNN

  • Add add_observer_metadata processor. 11394

Auditbeat

  • Auditd module: Add event.outcome and event.type for ECS. 11432

  • Package: Enable suse. 11634

  • Add support to the system package dataset for the SUSE OS family. 11634

Filebeat

  • Add more info to message logged when a duplicated symlink file is found 10845

  • Add option to configure docker input with paths 10687

  • Add Netflow module to enrich flow events with geoip data. 10877

  • Set event.category: network_traffic for Suricata. 10882

  • Add configuration knob for auto-discover hints to control whether log harvesting is enabled for the pod/container. 10811 10911

  • Change Suricata module pipeline to handle destination.domain being set if a reverse DNS processor is used. 10510

  • Add the network.community_id flow identifier to field to the IPTables, Suricata, and Zeek modules. 11005

  • New Filebeat coredns module to ingest coredns logs. It supports both native coredns deployment and coredns deployment in kubernetes. 11200

  • New module for Cisco ASA logs. 9200 11171

  • Added support for Cisco ASA fields to the netflow input. 11201

  • Configurable line terminator. 11015

  • Add Filebeat envoyproxy module. 11700

Heartbeat

  • Enable add_observer_metadata processor in default config. 11394

Journalbeat

Metricbeat

  • Add AWS SQS metricset. 10684 10053

  • Add AWS s3_request metricset. 10949 10055

  • Add s3_daily_storage metricset. 10940 10055

  • Add coredns metricbeat module. 10585

  • Add SSL support for Metricbeat HTTP server. 11482 11457

  • The elasticsearch.index metricset (with xpack.enabled: true) now collects refresh.external_total_time_in_millis fields from Elasticsearch. 11616

  • Allow module configurations to have variants 9118

  • Added new disk states and raid level to the system/raid metricset. 11613

Packetbeat

Functionbeat

  • New options to configure roles and VPC. 11779

Winlogbeat

  • Add support for reading from .evtx files. 4450

Deprecated

Affecting all Beats

Filebeat

Heartbeat

Journalbeat

Metricbeat

Packetbeat

Winlogbeat

  • Close handle on signalEvent. 9838

Functionbeat

Known Issue

Journalbeat