Skip to content

Commit

Permalink
Specify an ECS version in Auditbeat/Packetbeat/Winlogbeat (#19159) (#…
Browse files Browse the repository at this point in the history
…19862)

When we update the Beat (include all of its modules) we will then bump the ECS
version that it includes in events.

I went for a less granular approach than what is being used in Filebeat because
I think it's desirable to move a whole beat to a new ECS version "at once" and
more realistic to do so with these Beats that have fewer updates. By "at once" I
mean we won't release a version that is partially updated. This implies that if
we will be making multiple commits that we should use a feature branch to
ensure the update is atomic.

Closes #17688

(cherry picked from commit 256b50d)
  • Loading branch information
andrewkroh authored Jul 14, 2020
1 parent c6d44a1 commit 09daf92
Show file tree
Hide file tree
Showing 4 changed files with 54 additions and 15 deletions.
19 changes: 17 additions & 2 deletions auditbeat/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,19 @@ import (
"github.com/elastic/beats/v7/auditbeat/core"
"github.com/elastic/beats/v7/libbeat/cmd"
"github.com/elastic/beats/v7/libbeat/cmd/instance"
"github.com/elastic/beats/v7/libbeat/common"
"github.com/elastic/beats/v7/libbeat/publisher/processing"
"github.com/elastic/beats/v7/metricbeat/beater"
"github.com/elastic/beats/v7/metricbeat/mb/module"
)

// Name of the beat (auditbeat).
const Name = "auditbeat"
const (
// Name of the beat (auditbeat).
Name = "auditbeat"

// ecsVersion specifies the version of ECS that Auditbeat is implementing.
ecsVersion = "1.5.0"
)

// RootCmd for running auditbeat.
var RootCmd *cmd.BeatsRootCmd
Expand All @@ -40,6 +47,13 @@ var ShowCmd = &cobra.Command{
Short: "Show modules information",
}

// withECSVersion is a modifier that adds ecs.version to events.
var withECSVersion = processing.WithFields(common.MapStr{
"ecs": common.MapStr{
"version": ecsVersion,
},
})

func init() {
create := beater.Creator(
beater.WithModuleOptions(
Expand All @@ -51,6 +65,7 @@ func init() {
RunFlags: runFlags,
Name: Name,
HasDashboards: true,
Processing: processing.MakeDefaultSupport(true, withECSVersion, processing.WithHost, processing.WithAgentMeta()),
}
RootCmd = cmd.GenRootCmdWithSettings(create, settings)
RootCmd.AddCommand(ShowCmd)
Expand Down
4 changes: 0 additions & 4 deletions auditbeat/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,6 @@ import (

"github.com/elastic/beats/v7/auditbeat/cmd"

// Register modules.
_ "github.com/elastic/beats/v7/auditbeat/module/auditd"
_ "github.com/elastic/beats/v7/auditbeat/module/file_integrity"

// Register includes.
_ "github.com/elastic/beats/v7/auditbeat/include"
)
Expand Down
25 changes: 20 additions & 5 deletions packetbeat/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,16 +22,30 @@ import (

"github.com/spf13/pflag"

// import protocol modules
_ "github.com/elastic/beats/v7/packetbeat/include"

cmd "github.com/elastic/beats/v7/libbeat/cmd"
"github.com/elastic/beats/v7/libbeat/cmd/instance"
"github.com/elastic/beats/v7/libbeat/common"
"github.com/elastic/beats/v7/libbeat/publisher/processing"
"github.com/elastic/beats/v7/packetbeat/beater"

// Register fields and protocol modules.
_ "github.com/elastic/beats/v7/packetbeat/include"
)

const (
// Name of this beat.
Name = "packetbeat"

// ecsVersion specifies the version of ECS that Packetbeat is implementing.
ecsVersion = "1.5.0"
)

// Name of this beat
var Name = "packetbeat"
// withECSVersion is a modifier that adds ecs.version to events.
var withECSVersion = processing.WithFields(common.MapStr{
"ecs": common.MapStr{
"version": ecsVersion,
},
})

// RootCmd to handle beats cli
var RootCmd *cmd.BeatsRootCmd
Expand All @@ -48,6 +62,7 @@ func init() {
RunFlags: runFlags,
Name: Name,
HasDashboards: true,
Processing: processing.MakeDefaultSupport(true, withECSVersion, processing.WithHost, processing.WithAgentMeta()),
}
RootCmd = cmd.GenRootCmdWithSettings(beater.New, settings)
RootCmd.AddCommand(genDevicesCommand())
Expand Down
21 changes: 17 additions & 4 deletions winlogbeat/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ package cmd
import (
"github.com/elastic/beats/v7/libbeat/cmd"
"github.com/elastic/beats/v7/libbeat/cmd/instance"
"github.com/elastic/beats/v7/libbeat/common"
"github.com/elastic/beats/v7/libbeat/publisher/processing"
"github.com/elastic/beats/v7/winlogbeat/beater"

Expand All @@ -32,12 +33,24 @@ import (
_ "github.com/elastic/beats/v7/winlogbeat/processors/script/javascript/module/winlogbeat"
)

// Name of this beat
var Name = "winlogbeat"
const (
// Name of this beat.
Name = "winlogbeat"

// RootCmd to handle beats cli
// ecsVersion specifies the version of ECS that Winlogbeat is implementing.
ecsVersion = "1.5.0"
)

// withECSVersion is a modifier that adds ecs.version to events.
var withECSVersion = processing.WithFields(common.MapStr{
"ecs": common.MapStr{
"version": ecsVersion,
},
})

// RootCmd to handle beats CLI.
var RootCmd = cmd.GenRootCmdWithSettings(beater.New, instance.Settings{
Name: Name,
HasDashboards: true,
Processing: processing.MakeDefaultSupport(true, processing.WithECS, processing.WithAgentMeta()),
Processing: processing.MakeDefaultSupport(true, withECSVersion, processing.WithAgentMeta()),
})

0 comments on commit 09daf92

Please sign in to comment.