diff --git a/x-pack/elastic-agent/pkg/agent/program/supported.go b/x-pack/elastic-agent/pkg/agent/program/supported.go index 4febf220cf40..9cfac1865650 100644 --- a/x-pack/elastic-agent/pkg/agent/program/supported.go +++ b/x-pack/elastic-agent/pkg/agent/program/supported.go @@ -25,7 +25,7 @@ func init() { // spec/metricbeat.yml // spec/osquerybeat.yml // spec/packetbeat.yml - unpacked := packer.MustUnpack("eJzUelt3oziX9v33M/r2m5mXQ0g3s1Zf2E6DwQ4p40QSukPCBmyB6RgfYNb891kSZ+xUVapq5p25qFUJETps7f3sZz+b//jtmG3oP/ws+dfj5v28ef+3ImG//ftvJDFy/HoIV2DqLIHDaIoZDbMdgatHyzQuZC2XGNkKRtbCQ7bkQxx56t2/pbQ8hPByCK2Zlbtr62jN7NyDWoQVkGOoScsEnDxoHzFc6cHclvHaOs7iSWjFsmHFl9BK5IgkRoqhzEi6OhGo7/Gr/LBE08hTjjlOrgyjVbycDNaIqCnlVAFFkIBimbhRYBpbqroFhkZOC42RxIiJCfZfkFsE8G38furJ+gUje8f3+GXt/s5t8SaBNdiDNZKCL670/Pj8Orls19YCrbIigFdGy8PCmk1yy3TOdM62galvicnK4Ek8D/k/H7mMvB7Cet/t88D849Ey2YnOgUSFvfjz6ZkwfUcULSEm2wVPh5Ak+pmKvUohgcblJWzHXjzkHl7iaUJMwIJJ+7y/t/rZJLfmNiNQVzDQ3zHaPwqbz3r/zJxtXg+hB50dRk6JFOPiV2N/aB6agAtRua9oaX/Mcj0tMJTPQQK2vgK07jzNv6mY1zK5D2gSf3e5niY+itr7fImnv29XlU1wwo6BCQqk4ojMweDcVAFHDB2JqNY9W1frzF2Nmm/dvSTGMYCgHO5LCj00zdu9wKuEkdWdfe4wYoJdYOrFjd1v1q3mIyqQ+PORbeq7zFTfBKeXeHrEUEsDMzzY8zwj6VQO5o6+WE/+v/U0CT2o7S0ziqiUs8063G8UXQ7mfIx0tGYBI6ZRBibbUQVENHEOdrFf/PYvFQhs0iA7xGk+ggAXantq6hlJV+GbAnYBsrNgvl94irx/iaeMJO6FKOwUzOQSQ0emCZM2qyyiqZvhxBAui7s5cmwCZZYKSMk85e3RevLUl6dw4UFH8qF+QkplHqTyaxBmzy0TnPB8evb59SfXM5Z14eqVaad7D9mqDx8erZl1fjVZTBOj2Kx1oznuUureX6qO5CGXLZXrGRd6b//S30s+d2HxOY8+1OTN0yG0Yv1M56uzC68RVd3MK3Sje0cvA9OQ8Fo/EoWe++dcxBp/FvPrDBR2wqaucii09s+PyLiuaKKnNDFy6y+cEROUyLi2+xU/N2sYV0pVDl+AIpOf/UrvrpM4Bwydd2E/1Y2IeXmcxVKIUcQ8WecuyhoXpqYh+fxsSc8uyGGeCgofuZpVj6vhe9G4qMXTQMKSzdrqnsVSTkw9bd5ZricxVd09RnbRPAtMlmOoy9wXnsvJgpp6GRh8/47kweuxvuMHDJ0tD1/8Wq85n0aBGT5aM/u+nzX7MI0Cq89N+OXWzG7n7u9ruZbbO6nHlYHpMppavWdWvkTgglU7wubb6LnNqKLLNHEYLXo2+MCOw/Hao48m9XxTyefpTAXSSzxRnp8mCzq3GVLByYca96kjeToslusp25hghxTuI2/1+RqYn8R9P6BdbDZrRDQJ+rDFzyuTpPWPuIOa23u8b587+07BEaPnytcS9oBUR6IJiHiK26jSon5+H5J7MPkST2s4e17000YwZxe8OtyFYm6f1i8mwl41FNvb8divQb9IOwLLKkpQn1Xx4FWuztakOkEVxJn6qbeJp0FKn9syMQd7/TjNNSmypiszEQ84I3OX0d2trfoxOaQRUuhD7RIgt2z3bNYpYNLbB8IZVdiZhIdFoESM7A4h4RiruofFzP29mtMdpZUrI0kg+TOeVmr7qVJmPT2Ez7NpRJJV6JtGuVaAxudo0tl2fQltBRw9xPHdKTE0Ck8J08Uq47SmDOZ2xOOGY6M9z4sAasLHlgkfF+nW7C/dmgURTSTFmdE2XW1jtiEb/yZdcfiANvPQqklRAvq8BETBJKtCIp6SAcNMHRbMwWWZsCNZ95gh5O7qMCu+cPPGy7e3eDmbxFQBUoAmp8AEOTWvUWC+nTDUIo+b7UlOPHgtfxGL/SRTvp6xEmQkoSdiAgXDi45NEAeQfpPdunv27L7Zxgq4W1fS56vycH1+mupWmAWzxCgCkyU8Rb/E0xhDQ6KF3rdrgRFPq7aEFJ7Ca5cz9J1vGifM03wdOt+Ci+V6mpEkY57qbn2o7TEKG9iTNmjKOAMiSlBWIcJOfgJ2gaFzN2IelLd0bp89BZRU0YsmxIiibT1FP+HkmlVVCjuJUDP0CKcuo02a4lDzykNBT+lFwEnuockIdkcwdRvmO6JONaQYR2LoEpH1o48caRDuc/f8Ek+bPZd9xne7V+1M1EmPQfKU4DA6Xz1axjHuKhpxrxmeif9bH678e1oQxWFUdc40fY7RarRX1T0j5ZpRdTVg702l0rfpgLV+6hytzWMM8ZkmFYxS4dNyS01wap/5mkMYm0qk7J61Z77UKXLuFtw3qzO4W7HvFrbH9+aM9jvNeBzfnmO4ZuVvckSfRtRklEo6/+5Shge1knCa+NqvBNp9Cb8e2A4aF2qCYlwJcb+s6ZH4eVhpTVmQAE5JK6on4oQuhpUYx4SKAmOTncSZTTcjo3UwwhyjzoHpXPj+vIH/9ecBe/p0CAPoXkZ7qeiwqe98BfDUvieK846RNZpHUPACQzejsl4SU1f5uV7iafXscnv+pepolFP38hBSlZU9O3y1Eq1TvEwVsB1VWt/z3t5DbtRi1er7Uzo2DckDDT5JJ5GnkHPxoMN+eP21Jn7neWhAFZg+oizTEnOMVt0z3d3E1G21Ox9XzLzKDcoldI5EBftAMSRPCYd/Q889qmE8BshmS1j5hz8HHX02qzlwosskcYtNH4MUTfIgO3X+IYWN73TvBzs6ky8BtMsAduP8uStRQ+/TwGbeQzB3L37qnEmHze8exO9et3YvRqSQIEPqvX/CyE24T3Z7+KN0diAKoJsN6FTPV5frYUzx3zfIGazD46q7e7Cn3Vycnj90f+O5/HrG3dwithv8++m7N1s+8eH9C56xOgzysgcDRlKRnxOOkQ3N9xT9smkwzsQFUaQbfKxULlHyCh7xOarbcbsPVJNcxB3iNN9mszQ4YPjwOKSu3drL5Odp7HI2SWkC9j56TiuOFVQ+tqZHaxYIrhKYRunPaDYL//yzpa9ss8nvi65uRQXDt6YaSJwcd9VFK2pyWsarXk4DlmuZ00ReHedEcZnFpJEwi48YAlGd1mLuSLDE2aalUdKjNc/1Wfg/K6jdnO9XrT9286/soXH3r8JyDe2t69X7bPaCOAyZf3wkBoawqEW9mdYI5admrmVy42JhQ9d6lOEcIPcSoNWiFiCbUOchyWnLHfvYouxp/SCt/SDWLkThFG1/8uHq3loN3T09z9qxn1v3/j2fOnE+OlN1NRJJ7+xTte+Loz07UtU5dnYfUbTi4dLOFzZ+36N0H1Xyt7SuD8dD4Xf2TQG4d8ZO0B7/nacvojqtb30g9A9LkY/3+X0C+xyUGOitb1k/IPKP6M6vmOMeZfrcucxh86duBpX4B8/YLz8a7Bykr+/z/881BcK7DYDK/+fD9NVXcpq0v13vwy/x5GLxcnw2PXjIWWK053PU9+3qPJXhRuVWHeYhezdOW9HGf8/vyC5rE0Q0dauUXucrf/Csl6tGMooPr3lf2sCJcaRKNeazksvH0ol8xuabvpnJ3I/el7DCF1EefyDR9OaXaArYcOzHUgsadT+ERDJ/Pg/skdqcxvHft7xUbu4ZKc7Bg1qKhfLJc9F35OlBE6pTPpEaZIEZbWkCUoyiPn7czcs0eXu0DK3ccOpuApGDlsXD+708NsKer9DQb6i8H6qv9+hoE6eVlPQjsTdSRxscuY9536SS/zz6mGzy95jeCcRXCCSasF2ty9Ude5kFczvzlFoXvd+VLzFyZTrTMmJK39YzG800dRlB06Noqd0L4q/qmR8G5UBvJdA4iZoDcoL7zc49N1rqQy1dJlcWJOD4BbrMS0E6nhcrzpaaoPA4cX6S9htJNoBh2yvpUzpojpFb+ND5bGBfeIIftuuEM+ZExWzY8hm0wjjBF5rjMlmdqcpKDorLlOVkZvW+JjAKrIg2TUygvhcgUmh7oZ+oLiNrTSPwcsImK+s7i2dpq2V+ADQigP5uSC42wcPLWDut/a/W5tqasUmaSO1pkU3QmvoJKc6ZJPjoV7bNiCBqvNbEUqsLVIDV+bP6/Ks0xK/ovDd64ehrirruBXpEzOvdLz6atXtr9kjFzdlPRNEHehpG0Q6jqSQIfFprQOhZ+LAPV5UvN/Fa6b8Xmujiqw0OgrwYHO31vi5tMgmLux7oxT96ju4OE5AIEK3bvMHcjrhPCDsZutBfu5bgiLSr7XkXwz2OnldadJtc7rYdZV31kXtAqs2wAh5a4n+n1Vglw4fToovv0p58tZX4T28/jvz9xk+53UnqCKz+mBz07mBEEPicPMZRHP7j7ekqdOsv8cP7Yn1ro2oevgbHLLevcVdEu8pX/bkTmuj5PT280ozkM56DI+60u9yDOUOKUdDE0O76cYsTTu9rqNZX2j3jfrv021ps771Oh6IJqHFb+NLitggZixDf886wcPklevGPzyEwlqrTyFPevv8Mo6JymEOqAljkkuSPRnSqv55r9tT6xajvNrjDTksc+1arQw440Olebmjz5CCWrVs9Ne3F5Ihb3RRu93TJ+8Xc4CyCG3F/Rz/zdZfgOx3BnE1SXzESX/lL/Cz6nJyriHb8oSWXh+Pfp817cY9dqs41gKDYDDvsZ6oaMka2Nu6yf6LD/nlm+TFDFBLoFxTm1DR2fiHXMtHXysPbzvp3MUomLWgCOEUvAkM/E9Z4urv1lCgiScA4ovHy8QP2eGM7T3UzzhxrD92KrFR3zElj/9Xh/1on/WcyYy8j3MmKpl5SBBhN94Osfzu/3e/Sj8rQb0otv+RbS247juYeZKdg/swz4+80BSfxgdxaE+O260n0ZT1JPWTnzm6VVpLNZL9RbZmkbkbg20lIM3MptF6l0C6fH5y4+zAm8+l+c0+jeePBoABpUBrOOZznLDBHpWFBc7eqQb9RFvIxN2MlDOWLaHnfCXa7uIR2IRvif+W7PosRcLV8e6tg6+vl4HCsqaeYp5dCO4q29pO8x9CWcRF8VM6JUhSjn9dpflIPGdKgD7WQ+v4mzbptIFf9IEPPSILP9QfS/y2ayf8ObeTw52//+f/+KwAA///73WjS") + unpacked := packer.MustUnpack("eJzUelt3oziX9v33M/r2m5mXQ0g3s1Zf2E6DwQ4p4wQJ3SFhA7aE6RgfYNb891kSBwO2U0lVzbwzF7UqIUKHrb2f/exn8x+/7bMV+UeQsX/dr96Pq/d/Kxj97d9/w8zI0esuWnhjZ+45lKSIkijbYLB4tEzjhJdyiaCtIGjNfGhLAUCxr978W0rKXQROu8iaWLm7tPbWxM59oMVI8XIENGnOvIMP7D0CCz2c2jJaWvtJMoqsRDas5BRZTI4xM1IEZIrTxQEDfYte5Yc5HMe+ss8RO1MEF8l81FsjJqaUE8UrQuYVc+bGoWmsieoWCBg5KTSKmZFg09t+g24Rgrfh+6kv6ycE7Q3f47el+zu3xZvkLb2tt4RS+M2Vnh+fX0en9dKawUVWhOBMSbmbWZNRbpnOkUzpOjT1NTZpGT6J5xH/F0CX4tddVO+7fR6afzxaJj2QqScRYS/+fHzEVN9gRWPYpJvwaRdhph+J2KsUYWCcXqJ27MmH7u4lGTNsejQctc+7e6ufjXJralMMdAV5+juC20dh80nnn5nT1esu8oGzQdApoWKcgmrsD81DmHfCKvcVLe2OmS/HBQLyMWTeOlA87XKe5t9YzGuZ3Ac0ib87X45ZAOP2Pl+S8e/rRWUTxOg+NL0CqijGU693bqJ4ewQcCavWLVtX60xdjZhvl3thxj4EXtnflxT5cJy3ewFnCUHrcvapQ7HpbUJTL67sfrVuNR9WPYk/H9imvstMDUzv8JKM9whoaWhGO3uaZzgdy+HU0WfL0f+3nkaRD7StZcYxkXK6WkbblaLL4ZSPkfbWJKTYNMrQpBuieDFhzs4utrPf/qUCgVUaZrskzQcQ4AJtS0w9w+kielO8TQjtLJxuZ74ib1+SMcXMPWGFHsKJXCLgyIRRabXIYpK6GWKGcFl0mSNHpqdMUgEpma+8PVpPvvryFM184EgB0A9QqcwDVX4Nwuy5ZXoHNB0fA3797HxEsi5cvTLteOtDWw3Aw6M1sY6vJk0IM4rVUjea486ly/tz1ZF86NK5cj6iQu/sX/p7zucuLD7nPgCavHraRVaiH8l0cXTBOSaqm/mFblze0cvQNCS01PdYIcfuOWeJxp8l/DpDhR6QqascCq3t8yM0zgvC9JQwI7f+Qhk2vRIa53a/4udmDeNMiMrhyyPQ5Gc/k5vrMGeHgPMu7Ke6MTZPj5NEihCMqS/r3EVp48LENKSAn4117AId6qteEUBXs+pxNXzPGhe1eBpglK2W1uVZIuXY1NPmnflylBDV3SJoF82z0KQ5ArrMfeG5HM2IqZehwffvSD447+s7fkDAWfPwRa/1mtNxHJrRozWxb/tZsw/TKJD63IRfbk3sdu7uvuZLub2TelwZmi4lqdV5ZuVz6J2QasfIfBs8tylRdJkwh5KiY4M7duyP1x4DOKrnG0sBT2eqJ70kI+X5aTQjU5tC1TsEQOM+tcdPu9l8OaYr09tAhfvIW32+BuZHSdcPyCU2mzViwsIubPHzypi1/pFcoOb6Hm/b58a+U2+P4HPla4w+QNWRCPNinuJWqjSrn9+G5A5MviTjGs6eZ920EU7pCS12N6GY26f1i5GwVw3F9no49iPoF2lHYFlFCeqzKj44y9XZmlQnqII4Uzf1NvHUS+lTW8Zmb6/301yTImu6MhHxgDI8dSnZXNuqG5N9GiFFAdBOIXTLds9mnQJGnX1AlBGFHnG0m4VKTPFmF2GOsaq7m03c36s53UFaOVPMQimY8LRS20+VMuvpIXqejGPMFlFgGuVS8TQ+R5PO1stTZCve3occ350SAaPwlSidLTJOa8pwasc8bjg22tO8CIEmfGzO+LhYtyZ/6dYkjAmTFGdC2nS1TugKr4KrdMXhA9jUh4smRQno85kXh6OsColkjHsMM3VoOPVOc0b3eNlhhoC7q0Ot5MTNm8zf3pL5ZJQQxZNCODqEppcT8xyH5tsBAS32udmeZOaDc/mLWOwXmfL5iJQww4wcsOkpCJx0ZHpJCMh32a27pc/um20sPHftSvp0Ue7Oz09j3YqycMKMIjQp4yn6JRknCBgSKfSuXQsEeVq1JajwFF67nKFvAtM4IJ7m69D5HlzMl+MMs4z6qrsOgLZFMGpgT1rBMeUMCCthWYUIPQTM24SGzt2I+kBek6l99BWvJIpeNCGGFW3tK/oBsXNWVSn0IELN0GOUupQ0aYpDzSsPBT0lJwEnuQ9HA9gdwNR1mG+wOtagYuyxoUtY1vcBdKReuE/d40sybvZcdhnf9V61I1ZHHQbJU4JDyXTxaBn75FLRiHvN0ET83/pw5d/jAisOJapzJOlzAheDvaruESrnjKiLHntvKpWuTXus9UvnaG2eIICOhFUwSoRPyy01Qal95Gv2YWws4fLyrD3zqU6RU7fgvlmdwV2LfbewPbw3Z7Dfccbj+Poc/TUrf5Nj8jSgJoNUcvHvS8rwgVZiThNfu5VAuy/h1z3bAeNETK8YVkLcL2t6JH7uV1pjGjKPU9KK6ok4IbN+JcYxoaLAyKQHcWbTzfBgHQQRx6hjaDonvj+/53/debwtedpFIXBPg71UdNjUN4Hi8dS+xYrzjqA1mEdQ8AIBNyOyXmJTV/m5XpJx9ex0ff656miEU/dyFxGVlh07fFiJ1ileJoq3HlRan3lv60M3brFq8fmUjkxD8r0Gn6SDyFPQOfnAoT+8/lITv/M81KMKVB9QlnGJOEar7pFsrmLqutqdDitmXuWG5Rw4e6x621AxJF+J+n+Dzx2qYTyG0KZzUPlHMPUu9Nms5kBMlzFzi1UXgxRN8gE9XPxDihrfubwfbshEPoXALkNwGRdMXYkYepcGNvPuwql7ClLniC/Y/O4D9O5f1u7EiBRhaEid9w8Iuoz75GUPf5TOxotD4GY9OtXx1fmyH1P89xV0euvwuLrcvbcll7k4PX+4/I3n8vMRXeYWsd3g30/fvdnyibv3L3jGYtfLyz4IKU5FfmYcIxua7yv6adVgnIkKrEhX+FipXKLkFTzia1T3wu3uqCa5iDvIab5NJ2m4Q+DhsU9dL2vP2c/T2PlklBLmbQP4nFYcK6x8bEn21iQUXCU0jTKYkGwS/flnS1/papXfFl3digpGb001wJwcXaqLVtTktIxXvZwGzJcyp4m8Os6x4lKLSgNhFu0R8ER1Wou5A8ESZauWRkmP1jTXJ9H/rKB2db5ftf7QzT/YQ+PuH8JyDe2t69X7bPYCOQyZf9wTAyNQ1KLeRGuE8kMz15xduVjU0LUOZTiG0D2FcDGrBcgm1HlIctpywz62KHtaP0hrP0i0E1Y4RdseArC4tVZDdw/Pk3bs19a9fc+HizgfH4m6GIikN/ap2rfF0Y4diersL3YfULTi4dTOFzV+36F09yr5a1rXheO+8Dv5rgDcOeNF0B7+nacvrDqtb90R+vulyP19fk5gn3ol8vTWt6wfEPkHdOdXzHGLMn3tXGa/+VM3g0r0g2fslh8NdvbS1+f8/2tNgehmA6Dy/2k/fXWVnCbtr5fb6FsyOlm8HJ+Mdz505ghu+Rz1fbs6T2WoUblVh/rQ3gzTVrwK3vMbssvS9GKSulVKr/NV0HvWyVUDGSUA57wrbSBm7IlSjfmq5HJfOpGPyHzTVxOZ+9H7HFT4IsrjOxJNZ36JpB7tj70vtcBB90NIJNPnY88eqc1pHP99zUvl5p6h4ux8oKVIKJ88F30iT/eaUBflE6phFprxmjAvRTDu4sfNvEzY26NlaOWKU3fTEzloXjy838pjA+z5gIZ+R+W9q77eoqNNnFZS0o/E3kAdbXDkNuZ9l0r+8+gjW+XvCbkRiK/Akwijm1qXqzv2Mg2nduYrtS56uytfIujKZKJl2JS+r2c2mmnqUgzHe9FSuxXEH+qZd4Oyp7diYBxEzQE4wf1u554bLQ2Als7ZmYbM238DLvVTLx3OixRnTUyv8DlxfpK2K0k2PMO2F9KXdNAcQbcIgPPVwD7xBN9v1wlnzLGKaL/l02uFcYIvNMc5WxyJSksOivOU5nhidb4mMAqkiDZNgoG+FSBSaFuhn6guxUtNw+B0QCYt6ztLJmmrZd4BGhFAfzckF5new8tQO639r9bm2pqxSZpQ7WiRTdCa+gEqzhEztA8q22ZYEDVeayKp1QUqwLr4s/r8qzTED3TeK71w8DVFXfd6eozN880vPpq1O2t2SMXV2Q9Y0Xt6GoLxBsGxJAh8WmtA8Fn4cAAWlS838VrpvyfCdPHVBgdBXgwO9npblzaphMRd9/TiHz3H5Q6ZxwSI1m3ecGrH3CeEnQxd6K+XluCAtKvteWf9PQ6eV1p0m1xuth1lXQ2gu4OqTZHiPbTE/0arsUqGD4fZJb5Le/RhK/Gf3n4c+PuVn3K749QRWH2fHHTuYEAQ+Jw8xmES/ePt6Sx062/Jw/tseW2jah6+Bscst6txV0S7ylfduRlhen5LD680I/mIpt4eXbS73Ac5hYpREGZoN/24xQmn8zVU6yvtnlG3Xfp9Lbbz3kWHIsyrcVv40uy6CBmKEJ95p1+4/BK9+MfnEBhL1HHsK2+fP8OgqOznkKoAFrmE/dGITvXXc82eWr8Y9N16d3jREoe+1eqQPQ50uJUb2jzZi2XrWk9NOzE54FZXhdstXfJ2Mdc7i+BG3N/hz3zdJfjOhWBORmmgGCxQ/hI/iz4n5yqiHb9ryeVu//dh9V7cYpeqcw6BV6z6HfYjUQ0ZQVsbdtm/0GH/OrO8zxCFBPoNRjkxjU1QyLVM9FF5eN1Z/xSjpNKMMI9T9CI09COmjae7a1+JY8xCyhGNl4932OOV7XzVzThzrD10LbJS3THHjf0Xu/9rnfSfyYydjHAjK5p6SaBHSbr9JLp8rtvwwYc0Nz+a+SVSC3OOWDA8I8OpW74ko+1KtWWcuhkGbwcxbipF1qsU2YpR4Fdfsouq7Lz/8QwpX578tFs+ZgHZrm7pOG88YBRP6pWPUw75OQ3NQflYkNyt6tTvlI58zNVYCQH5JNriNwDBLk6RXciG+F/51KczAtLmb28VtH1cMvbHmnqKuJMU2l60vp/kLQK2jIrwXsknylUEf17L+UnNpE+V7uol9f2NmnXbYK96RoaeYYaO9UfU/y26yv8O/WT352//+f/+KwAA//9DyXVy") SupportedMap = make(map[string]Spec) for f, v := range unpacked { diff --git a/x-pack/elastic-agent/spec/osquerybeat.yml b/x-pack/elastic-agent/spec/osquerybeat.yml index 440e33464317..bb6e7e50a891 100644 --- a/x-pack/elastic-agent/spec/osquerybeat.yml +++ b/x-pack/elastic-agent/spec/osquerybeat.yml @@ -21,6 +21,8 @@ rules: values: - osquery +- inject_agent_info: {} + - filter: selectors: - inputs diff --git a/x-pack/osquerybeat/beater/osquerybeat.go b/x-pack/osquerybeat/beater/osquerybeat.go index 8e9e2a6bd154..730cd5b493fd 100644 --- a/x-pack/osquerybeat/beater/osquerybeat.go +++ b/x-pack/osquerybeat/beater/osquerybeat.go @@ -20,6 +20,7 @@ import ( "github.com/elastic/beats/v7/libbeat/beat" "github.com/elastic/beats/v7/libbeat/common" "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/libbeat/processors" "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/config" "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/distro" @@ -159,7 +160,7 @@ func (bt *osquerybeat) Run(b *beat.Beat) error { } // Connect publisher - bt.client, err = b.Publisher.Connect() + processors, err := bt.reconnectPublisher(b, bt.config.Inputs) if err != nil { return err } @@ -201,7 +202,9 @@ func (bt *osquerybeat) Run(b *beat.Beat) error { } // Start queries execution scheduler - scheduler := NewScheduler(ctx, bt.query) + schedCtx, schedCancel := context.WithCancel(ctx) + scheduler := NewScheduler(schedCtx, bt.query) + defer schedCancel() wg.Add(1) go func() { defer wg.Done() @@ -251,12 +254,26 @@ func (bt *osquerybeat) Run(b *beat.Beat) error { } } - setManagerPayload := func(itypes []string) { - if b.Manager != nil { - b.Manager.SetPayload(map[string]interface{}{ - "osquery_version": distro.OsquerydVersion(), - }) + handleInputConfig := func(inputConfigs []config.InputConfig) error { + bt.log.Debug("Handle input configuration change") + // Only set processor if it was not set before + if processors == nil { + bt.log.Debug("Set processors for the first time") + var err error + processors, err = bt.reconnectPublisher(b, inputConfigs) + if err != nil { + bt.log.Errorf("Failed to connect beat publisher client, err: %v", err) + return err + } + } else { + bt.log.Debug("Processors are already set") } + + streams, inputTypes = config.StreamsFromInputs(inputConfigs) + registerActionHandlers(inputTypes) + bt.setManagerPayload(b) + loadSchedulerStreams(streams) + return nil } LOOP: @@ -270,10 +287,13 @@ LOOP: bt.log.Infof("Exited osqueryd process, error: %v", exitErr) break LOOP case inputConfigs := <-inputConfigCh: - streams, inputTypes = config.StreamsFromInputs(inputConfigs) - registerActionHandlers(inputTypes) - setManagerPayload(inputTypes) - loadSchedulerStreams(streams) + err = handleInputConfig(inputConfigs) + if err != nil { + bt.log.Errorf("Failed to handle input configuration, err: %v, exiting", err) + // Cancel scheduler + schedCancel() + break LOOP + } } } @@ -281,11 +301,65 @@ LOOP: unregisterActionHandlers() // Wait for clean scheduler exit + bt.log.Debug("Wait clean beat run exit") wg.Wait() + bt.log.Debug("Beat run exited, err: %v", err) return err } +func (bt *osquerybeat) setManagerPayload(b *beat.Beat) { + if b.Manager != nil { + b.Manager.SetPayload(map[string]interface{}{ + "osquery_version": distro.OsquerydVersion(), + }) + } +} + +func (bt *osquerybeat) reconnectPublisher(b *beat.Beat, inputs []config.InputConfig) (*processors.Processors, error) { + processors, err := processorsForInputsConfig(inputs) + if err != nil { + return nil, err + } + + bt.log.Debugf("Connect publisher with processors: %d", len(processors.All())) + // Connect publisher + client, err := b.Publisher.ConnectWith(beat.ClientConfig{ + Processing: beat.ProcessingConfig{ + Processor: processors, + }, + }) + if err != nil { + return nil, err + } + + // Swap client + bt.mx.Lock() + defer bt.mx.Unlock() + oldclient := bt.client + bt.client = client + if oldclient != nil { + oldclient.Close() + } + return processors, nil +} + +func processorsForInputsConfig(inputs []config.InputConfig) (procs *processors.Processors, err error) { + // Use only first input processor + // Every input will have a processor that adds the elastic_agent info, we need only one + // Not expecting other processors at the moment and this needs to work for 7.13 + for _, input := range inputs { + if len(input.Processors) > 0 { + procs, err = processors.New(input.Processors) + if err != nil { + return nil, err + } + return procs, nil + } + } + return nil, nil +} + // Stop stops osquerybeat. func (bt *osquerybeat) Stop() { bt.close() @@ -356,6 +430,8 @@ func (bt *osquerybeat) executeQuery(ctx context.Context, log *logp.Logger, index return err } + bt.mx.Lock() + defer bt.mx.Unlock() for _, hit := range hits { reqData := req["data"] event := beat.Event{ diff --git a/x-pack/osquerybeat/internal/config/config.go b/x-pack/osquerybeat/internal/config/config.go index f25f23a04073..ba7249e88969 100644 --- a/x-pack/osquerybeat/internal/config/config.go +++ b/x-pack/osquerybeat/internal/config/config.go @@ -9,6 +9,8 @@ package config import ( "time" + + "github.com/elastic/beats/v7/libbeat/processors" ) // Default index name for ad-hoc queries, since the dataset is defined at the stream level, for example: @@ -29,8 +31,9 @@ type StreamConfig struct { } type InputConfig struct { - Type string `config:"type"` - Streams []StreamConfig `config:"streams"` + Type string `config:"type"` + Streams []StreamConfig `config:"streams"` + Processors processors.PluginConfig `config:"processors"` } type Config struct {