Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Auditbeat] Start system module without host ID #12373

Merged
merged 2 commits into from
May 31, 2019
Merged

[Auditbeat] Start system module without host ID #12373

merged 2 commits into from
May 31, 2019
+34 −12

Conversation

cwurm
Copy link
Contributor

@cwurm cwurm commented May 30, 2019

At the moment, when the System module starts it runs sysinfo.Host() to determine the host ID to use when calculating entity IDs. This call will not always succeed on systems that do not implement all the functionality we rely on. For example, we have had reports of Synology NAS systems not having /etc/machine-id or /etc/lsb-release files (for getting the IDs and OS information, respectively). When this call does not succeed, Auditbeat will fail to start if the System module is enabled (which it is by default).

This PR allows the module to start without the host ID. It will log a warning, and documents will not contain any entity_id fields.

@cwurm cwurm added review needs_backport PR is waiting to be backported to other branches. Auditbeat SecOps labels May 30, 2019
@cwurm cwurm requested a review from andrewkroh May 30, 2019 22:35
@cwurm cwurm requested a review from a team as a code owner May 30, 2019 22:35
@elasticmachine
Copy link
Collaborator

Pinging @elastic/secops

andrewkroh
andrewkroh approved these changes May 30, 2019
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

x-pack/auditbeat/module/system/system.go Show resolved Hide resolved
@cwurm cwurm merged commit 1328f86 into elastic:master May 31, 2019
@cwurm cwurm deleted the system_no_hostid branch May 31, 2019 00:10
cwurm pushed a commit to cwurm/beats that referenced this pull request May 31, 2019
[Auditbeat] Start system module without host ID (elastic#12373)
8cfd783 
Allows the system module to start without the host ID. It will log a warning, and documents will not contain any `entity_id` fields.

(cherry picked from commit 1328f86)
@cwurm cwurm mentioned this pull request May 31, 2019
Merged
@cwurm cwurm added v7.2.0 and removed needs_backport PR is waiting to be backported to other branches. labels May 31, 2019
cwurm pushed a commit to cwurm/beats that referenced this pull request May 31, 2019
[Auditbeat] Start system module without host ID (elastic#12373)
a12056d 
Allows the system module to start without the host ID. It will log a warning, and documents will not contain any `entity_id` fields.

(cherry picked from commit 1328f86)
@cwurm cwurm mentioned this pull request May 31, 2019
Merged
@cwurm cwurm added the v6.8.1 label May 31, 2019
cwurm pushed a commit that referenced this pull request Jun 6, 2019
[Auditbeat] Cherry-pick #12373 to 7.2: Start system module without ho…
68a640d 
…st ID (#12374)

Allows the system module to start without the host ID. It will log a warning, and documents will not contain any `entity_id` fields.

(cherry picked from commit 1328f86)
cwurm pushed a commit that referenced this pull request Jun 6, 2019
[Auditbeat] Cherry-pick #12373 to 6.8: Start system module without ho…
970a12c 
…st ID (#12375)

Allows the system module to start without the host ID. It will log a warning, and documents will not contain any `entity_id` fields.

(cherry picked from commit 1328f86)
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
[Auditbeat] Cherry-pick elastic#12373 to 7.2: Start system module wit…
841b792 
…hout host ID (elastic#12374)

Allows the system module to start without the host ID. It will log a warning, and documents will not contain any `entity_id` fields.

(cherry picked from commit 00bb536)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees
No one assigned
Labels
Auditbeat review v6.8.1 v7.2.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cwurm @elasticmachine @andrewkroh