Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cherry-pick #20160 to 7.x: Remove f5/firepass rsa2elk fileset #20204

Merged
merged 1 commit into from
Jul 23, 2020

Conversation

adriansr
Copy link
Contributor

@adriansr adriansr commented Jul 23, 2020

Cherry-pick of PR #20160 to 7.x branch. Original message:

What does this PR do?

Remove f5/firepass, one of the new experimental filesets from rsa2elk.

Why is it important?

We've decided not to ship this fileset because the device it covers reached its End Of Life.

Checklist

  • [ ] My code follows the style guidelines of this project
  • [ ] I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • [ ] I have added tests that prove my fix is effective or that my feature works
  • I have added removed an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jul 23, 2020
@elasticmachine
Copy link
Collaborator

💔 Tests Failed

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #20204 opened]

  • Start Time: 2020-07-23T14:32:30.570+0000

  • Duration: 78 min 51 sec

Test stats 🧪

Test Results
Failed 10
Passed 3944
Skipped 679
Total 4633

Test errors

Expand to view the tests failures

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_056_o365 – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 3.831
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.ip': '213.97.47.133', 'network.type': 'ipv4', 'o365.audit.Site': 'd5180cfc-3479-44d6-b410-8c985ac894e3', 'o365.audit.SourceFileName': 'Screenshot 2020-01-27 at 11.30.48.png', 'o365.audit.ObjectId': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png', 'o365.audit.ItemType': 'File', 'o365.audit.UserKey': 'i:0h.f|membership|[email protected]', 'o365.audit.SiteUrl': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/', 'o365.audit.OrganizationId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.Operation': 'FileDeleted', 'o365.audit.SourceFileExtension': 'png', 'o365.audit.ClientIP': '213.97.47.133', 'o365.audit.Workload': 'OneDrive', 'o365.audit.SourceRelativeUrl': 'Documents', 'o365.audit.EventSource': 'SharePoint', 'o365.audit.ListId': '2b6ad2bd-0fd7-4556-9c89-a97847085b85', 'o365.audit.RecordType': 6, 'o365.audit.Version': 1, 'o365.audit.WebId': '8c5c94bb-8396-470c-87d7-8999f440cd30', 'o365.audit.UserId': '[email protected]', 'o365.audit.UserAgent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'o365.audit.CreationTime': '2020-02-07T16:44:07', 'o365.audit.CorrelationId': '652b339f-908c-a000-f25f-91423da7dd9b', 'o365.audit.Id': 'ec04aa09-0a43-4879-cdc8-08d7abecf327', 'o365.audit.UserType': 0, 'o365.audit.ListItemUniqueId': '4803608a-df7d-4f63-aa73-67aa33bb576e', 'file.extension': 'png', 'file.name': 'Screenshot 2020-01-27 at 11.30.48.png', 'file.directory': 'Documents', 'related.ip': '213.97.47.133', 'related.user': 'asr', 'host.name': 'testsiem.onmicrosoft.com', 'host.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'client.address': '213.97.47.133', 'client.ip': '213.97.47.133', 'event.code': 'SharePointFileOperation', 'event.provider': 'OneDrive', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'FileDeleted', 'event.id': 'ec04aa09-0a43-4879-cdc8-08d7abecf327', 'event.category': 'file', 'event.type': 'deletion', 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14', 'user_agent.os.full': 'Mac OS X 10.14', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '72.0.', 'fileset.name': 'audit', 'url.original': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png', 'tags': ['forwarded'], 'input.type': 'log', '@timestamp': '2020-02-07T16:44:07.000Z', 'service.type': 'o365', 'organization.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'user.domain': 'testsiem.onmicrosoft.com', 'user.name': 'asr', 'user.id': '[email protected]'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing o365/audit on /go/src/github.com/elastic/beats/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_060_o365 – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 3.353
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.ip': '213.97.47.133', 'fileset.name': 'audit', 'tags': ['forwarded'], 'network.type': 'ipv4', 'o365.audit.Site': 'd5180cfc-3479-44d6-b410-8c985ac894e3', 'o365.audit.ObjectId': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx', 'o365.audit.UserKey': 'i:0h.f|membership|[email protected]', 'o365.audit.ItemType': 'Page', 'o365.audit.OrganizationId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.Operation': 'PageViewed', 'o365.audit.ClientIP': '213.97.47.133', 'o365.audit.Workload': 'OneDrive', 'o365.audit.EventSource': 'SharePoint', 'o365.audit.RecordType': 4, 'o365.audit.Version': 1, 'o365.audit.UserId': '[email protected]', 'o365.audit.WebId': '8c5c94bb-8396-470c-87d7-8999f440cd30', 'o365.audit.UserAgent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'o365.audit.CreationTime': '2020-02-07T16:43:53', 'o365.audit.CustomUniqueId': True, 'o365.audit.CorrelationId': '622b339f-4000-a000-f25f-92b3478c7a25', 'o365.audit.Id': '99d005e6-a4c6-46fd-117c-08d7abeceab5', 'o365.audit.UserType': 0, 'o365.audit.ListItemUniqueId': '59a8433d-9bb8-cfef-6edc-4c0fc8b86875', 'input.type': 'log', '@timestamp': '2020-02-07T16:43:53.000Z', 'related.ip': '213.97.47.133', 'related.user': 'asr', 'service.type': 'o365', 'organization.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'host.name': 'testsiem.onmicrosoft.com', 'host.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'client.address': '213.97.47.133', 'client.ip': '213.97.47.133', 'event.code': 'SharePoint', 'event.provider': 'OneDrive', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'PageViewed', 'event.id': '99d005e6-a4c6-46fd-117c-08d7abeceab5', 'event.type': 'info', 'event.category': 'web', 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user.domain': 'testsiem.onmicrosoft.com', 'user.name': 'asr', 'user.id': '[email protected]', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14', 'user_agent.os.full': 'Mac OS X 10.14', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '72.0.'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing o365/audit on /go/src/github.com/elastic/beats/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_061_o365 – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 3.671
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 3965, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.ip': '79.159.10.151', 'fileset.name': 'audit', 'tags': ['forwarded'], 'network.type': 'ipv4', 'o365.audit.Site': 'd5180cfc-3479-44d6-b410-8c985ac894e3', 'o365.audit.ObjectId': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com//personal/asr_testsiem_onmicrosoft_com/Sharing Links', 'o365.audit.UserKey': 'i:0h.f|membership|[email protected]', 'o365.audit.ItemType': 'List', 'o365.audit.OrganizationId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.SiteUrl': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com', 'o365.audit.Operation': 'SharingInheritanceBroken', 'o365.audit.ClientIP': '79.159.10.151', 'o365.audit.EventData': 'FalseFalse', 'o365.audit.Workload': 'OneDrive', 'o365.audit.SourceRelativeUrl': 'Sharing Links', 'o365.audit.EventSource': 'SharePoint', 'o365.audit.ListId': 'b108938d-3546-4359-925d-a1b54b4db8c2', 'o365.audit.RecordType': 14, 'o365.audit.Version': 1, 'o365.audit.WebId': '8c5c94bb-8396-470c-87d7-8999f440cd30', 'o365.audit.UserId': '[email protected]', 'o365.audit.UserAgent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0', 'o365.audit.CreationTime': '2020-02-14T18:25:45', 'o365.audit.Id': 'dd162cd7-5df5-4fef-078a-08d7b17b4e95', 'o365.audit.CorrelationId': 'fe71359f-005f-9000-7cb1-ccf5124703db', 'o365.audit.UserType': 0, 'input.type': 'log', '@timestamp': '2020-02-14T18:25:45.000Z', 'related.ip': '79.159.10.151', 'related.user': 'asr', 'service.type': 'o365', 'organization.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'host.name': 'testsiem.onmicrosoft.com', 'host.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'client.address': '79.159.10.151', 'client.ip': '79.159.10.151', 'event.code': 'SharePointSharingOperation', 'event.provider': 'OneDrive', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'SharingInheritanceBroken', 'event.id': 'dd162cd7-5df5-4fef-078a-08d7b17b4e95', 'event.type': 'info', 'event.category': 'web', 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user.domain': 'testsiem.onmicrosoft.com', 'user.name': 'asr', 'user.id': '[email protected]', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14', 'user_agent.os.full': 'Mac OS X 10.14', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '73.0.'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing o365/audit on /go/src/github.com/elastic/beats/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_062_o365 – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 8.73
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.ip': '83.57.233.151', 'fileset.name': 'audit', 'tags': ['forwarded'], 'network.type': 'ipv4', 'o365.audit.AzureActiveDirectoryEventType': 1, 'o365.audit.UserKey': '[email protected]', 'o365.audit.ActorIpAddress': '83.57.233.151', 'o365.audit.Operation': 'UserLoggedIn', 'o365.audit.OrganizationId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.ExtendedProperties.ResultStatusDetail': 'Success', 'o365.audit.ExtendedProperties.UserAgent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'o365.audit.ExtendedProperties.KeepMeSignedIn': 'False', 'o365.audit.ExtendedProperties.UserAuthenticationMethod': '9', 'o365.audit.ExtendedProperties.RequestType': 'OAuth2:Authorize', 'o365.audit.IntraSystemId': 'c4206c29-46c2-4a6f-a46b-735107705400', 'o365.audit.Target': [{'Type': 0, 'ID': '00000002-0000-0000-c000-000000000000'}], 'o365.audit.RecordType': 15, 'o365.audit.Version': 1, 'o365.audit.SupportTicketId': '', 'o365.audit.Actor': [{'Type': 0, 'ID': '755e500a-6c03-46b0-b53b-282f23374e3b'}, {'Type': 5, 'ID': '[email protected]'}, {'Type': 3, 'ID': '1003200096971F55'}], 'o365.audit.ActorContextId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.ObjectId': '00000002-0000-0000-c000-000000000000', 'o365.audit.ResultStatus': 'Succeeded', 'o365.audit.ClientIP': '83.57.233.151', 'o365.audit.Workload': 'AzureActiveDirectory', 'o365.audit.UserId': '[email protected]', 'o365.audit.TargetContextId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.CreationTime': '2020-02-10T15:13:13', 'o365.audit.InterSystemsId': '03616b3a-fc75-46a1-b34a-2d82fc8f1e7e', 'o365.audit.Id': 'ca0efc24-1b89-4962-8fef-a3ac5437302f', 'o365.audit.ApplicationId': '4345a7b9-9a63-4910-a426-35363201d503', 'o365.audit.UserType': 0, 'input.type': 'log', '@timestamp': '2020-02-10T15:13:13.000Z', 'related.ip': '83.57.233.151', 'related.user': 'asr', 'service.type': 'o365', 'organization.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'host.name': 'testsiem.onmicrosoft.com', 'host.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'client.address': '83.57.233.151', 'client.ip': '83.57.233.151', 'event.code': 'AzureActiveDirectoryStsLogon', 'event.provider': 'AzureActiveDirectory', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'UserLoggedIn', 'event.id': 'ca0efc24-1b89-4962-8fef-a3ac5437302f', 'event.category': 'authentication', 'event.type': ['start', 'authentication_success'], 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user.domain': 'testsiem.onmicrosoft.com', 'user.name': 'asr', 'user.id': '[email protected]', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14', 'user_agent.os.full': 'Mac OS X 10.14', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '72.0.'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing o365/audit on /go/src/github.com/elastic/beats/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_095_cylance – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 9.378
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['@timestamp']": {'new_value': '2020-07-25T11:47:41.000Z', 'old_value': '2019-07-25T11:47:41.000Z'}, "root['rsa.time.event_time']": {'new_value': '2020-07-25T11:47:41.000Z', 'old_value': '2019-07-25T11:47:41.000Z'}}}, full object:
      {'rsa.internal.messageid': 'CylancePROTECT', 'rsa.investigations.event_cat': 1804020000, 'rsa.investigations.event_cat_name': 'Network.Devices.Removals', 'rsa.time.event_time': '2020-07-25T11:47:41.000Z', 'rsa.db.index': 'mpo', 'rsa.network.eth_host': '01:00:5e:ee:e8:77', 'rsa.network.alias_host': ['ntium4450.www5.localdomain'], 'rsa.misc.node': 'vol', 'rsa.misc.event_type': 'DeviceRemove', 'rsa.misc.OS': 'animid', 'log.offset': 10027, 'source.ip': ['10.22.94.10'], 'fileset.name': 'protect', 'tags': ['cylance.protect', 'forwarded'], 'input.type': 'log', 'observer.product': 'Protect', 'observer.vendor': 'Cylance', 'observer.type': 'Anti-Virus', '@timestamp': '2020-07-25T11:47:41.000Z', 'related.ip': ['10.22.94.10'], 'related.user': ['ssusci'], 'service.type': 'cylance', 'host.name': 'ntium4450.www5.localdomain', 'host.mac': '01:00:5e:ee:e8:77', 'event.original': '25-Jul-2017 9:47:41 very-high idolor3916.www5.home tas <tasun 25T09:47:41.duntutla ntium4450.www5.localdomain CylancePROTECT Event Name:DeviceRemove, Device Name:vol, Agent Version:oremquel, IP Address: (10.22.94.10), MAC Address: (01:00:5e:ee:e8:77), Logged On Users: (ssusci), OS:animid, Zone Names:mpo', 'event.code': 'CylancePROTECT', 'event.module': 'cylance', 'event.action': 'DeviceRemove', 'event.dataset': 'cylance.protect', 'user.name': 'ssusci'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing cylance/protect on /go/src/github.com/elastic/beats/x-pack/filebeat/module/cylance/protect/test/generated.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_106_okta – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 3.601
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-CA', 'source.geo.city_name': 'Dublin', 'source.geo.country_iso_code': 'US', 'source.geo.region_name': 'California', 'source.geo.location.lon': -121.919, 'source.geo.location.lat': 37.7201, 'source.as.number': 7018, 'source.as.organization.name': 'AT&T Services, Inc.', 'source.ip': '108.255.197.247', 'source.user.full_name': 'xxxxxx', 'source.user.id': '00u1abvz4pYqdM8ms4x6', 'fileset.name': 'system', 'tags': ['forwarded'], 'input.type': 'log', '@timestamp': '2020-02-14T22:18:51.843Z', 'related.ip': '108.255.197.247', 'related.user': 'xxxxxx', 'service.type': 'okta', 'client.geo.city_name': 'Dublin', 'client.geo.country_name': 'United States', 'client.geo.region_name': 'California', 'client.geo.location.lon': -121.919, 'client.geo.location.lat': 37.7201, 'client.ip': '108.255.197.247', 'client.user.full_name': 'xxxxxx', 'client.user.id': '00u1abvz4pYqdM8ms4x6', 'event.original': '{"actor":{"alternateId":"[email protected]","detailEntry":null,"displayName":"xxxxxx","id":"00u1abvz4pYqdM8ms4x6","type":"User"},"authenticationContext":{"authenticationProvider":null,"authenticationStep":0,"credentialProvider":null,"credentialType":null,"externalSessionId":"102nZHzd6OHSfGG51vsoc22gw","interface":null,"issuer":null},"client":{"device":"Computer","geographicalContext":{"city":"Dublin","country":"United States","geolocation":{"lat":37.7201,"lon":-121.919},"postalCode":"94568","state":"California"},"id":null,"ipAddress":"108.255.197.247","userAgent":{"browser":"FIREFOX","os":"Mac OS X","rawUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"},"zone":"null"},"debugContext":{"debugData":{"authnRequestId":"XkcAsWb8WjwDP76xh@1v8wAABp0","requestId":"XkccyyMli2Uay2I93ZgRzQAAB0c","requestUri":"/login/signout","threatSuspected":"false","url":"/login/signout?message=login_page_messages.session_has_expired"}},"displayMessage":"User logout from Okta","eventType":"user.session.end","legacyEventType":"core.user_auth.logout_success","outcome":{"reason":null,"result":"SUCCESS"},"published":"2020-02-14T22:18:51.843Z","request":{"ipChain":[{"geographicalContext":{"city":"Dublin","country":"United States","geolocation":{"lat":37.7201,"lon":-121.919},"postalCode":"94568","state":"California"},"ip":"108.255.197.247","source":null,"version":"V4"}]},"securityContext":{"asNumber":null,"asOrg":null,"domain":null,"isProxy":null,"isp":null},"severity":"INFO","target":null,"transaction":{"detail":{},"id":"XkccyyMli2Uay2I93ZgRzQAAB0c","type":"WEB"},"uuid":"faf7398a-4f77-11ea-97fb-5925e98228bd","version":"0"}', 'event.kind': 'event', 'event.module': 'okta', 'event.action': 'user.session.end', 'event.id': 'faf7398a-4f77-11ea-97fb-5925e98228bd', 'event.type': ['access'], 'event.category': ['authentication'], 'event.dataset': 'okta.system', 'event.outcome': 'success', 'okta.actor.id': '00u1abvz4pYqdM8ms4x6', 'okta.actor.display_name': 'xxxxxx', 'okta.actor.type': 'User', 'okta.actor.alternate_id': '[email protected]', 'okta.debug_context.debug_data.threat_suspected': 'false', 'okta.debug_context.debug_data.request_id': 'XkccyyMli2Uay2I93ZgRzQAAB0c', 'okta.debug_context.debug_data.request_uri': '/login/signout', 'okta.debug_context.debug_data.url': '/login/signout?message=login_page_messages.session_has_expired', 'okta.event_type': 'user.session.end', 'okta.authentication_context.authentication_step': 0, 'okta.authentication_context.external_session_id': '102nZHzd6OHSfGG51vsoc22gw', 'okta.client.zone': 'null', 'okta.client.ip': '108.255.197.247', 'okta.client.device': 'Computer', 'okta.client.user_agent.raw_user_agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0', 'okta.client.user_agent.os': 'Mac OS X', 'okta.client.user_agent.browser': 'FIREFOX', 'okta.display_message': 'User logout from Okta', 'okta.uuid': 'faf7398a-4f77-11ea-97fb-5925e98228bd', 'okta.outcome.result': 'SUCCESS', 'okta.transaction.id': 'XkccyyMli2Uay2I93ZgRzQAAB0c', 'okta.transaction.type': 'WEB', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.15', 'user_agent.os.full': 'Mac OS X 10.15', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '72.0.'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing okta/system on /go/src/github.com/elastic/beats/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_167_zscaler – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 9.906
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'U307AS', 'old_value': 'Generic Smartphone'}}}, full object:
      {'rsa.internal.data': 'amco', 'rsa.internal.messageid': 'ZSCALERNSS_1', 'rsa.web.fqdn': 'orsitame3262.domain', 'rsa.identity.user_dept': 'onev', 'rsa.investigations.ec_subject': 'User', 'rsa.investigations.ec_activity': 'Deny', 'rsa.investigations.ec_theme': 'Communication', 'rsa.investigations.event_vcat': 'uptassi', 'rsa.time.timezone': 'CT', 'rsa.time.event_time': '2016-02-26T10:15:08.000Z', 'rsa.threat.threat_category': 'tur', 'rsa.db.index': 'nsequat', 'rsa.misc.filter': 'tconsec', 'rsa.misc.result': 'success', 'rsa.misc.reference_id': 'laboreet', 'rsa.misc.action': ['giatq', 'Blocked'], 'rsa.misc.result_code': 'tia', 'rsa.misc.category': 'llu', 'rsa.network.alias_host': ['orsitame3262.domain'], 'log.offset': 1742, 'destination.bytes': 1837, 'destination.ip': ['10.204.86.149'], 'source.bytes': 2935, 'source.ip': ['10.254.146.57'], 'network.protocol': 'igmp', 'network.bytes': 6905, 'observer.product': 'Internet', 'observer.vendor': 'Zscaler', 'observer.type': 'Configuration', 'file.type': 'oluptas', 'related.ip': ['10.254.146.57', '10.204.86.149'], 'related.user': ['tenima'], 'host.name': 'orsitame3262.domain', 'event.original': 'amco ZSCALERNSS: time=exe Feb 26 8:15:08 2016^^timezone=CT^^action=Blocked^^reason=success^^hostname=orsitame3262.domain^^protocol=igmp^^serverip=10.204.86.149^^url=https://example.com/taspe/mvolu.gif?atcup=snos#iquaUte^^urlcategory=tconsec^^urlclass=nsequat^^dlpdictionaries=taev^^dlpengine=roidents^^filetype=oluptas^^threatcategory=llu^^threatclass=uptassi^^pagerisk=tamremap^^threatname=tur^^clientpublicIP=aperi^^ClientIP=10.254.146.57^^location=estqui^^refererURL=https://www5.example.net/emaper/ssitasp.html?enimad=rmagni#sit^^useragent=Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36^^department=onev^^user=tenima^^event_id=laboreet^^clienttranstime=aquaeabi^^requestmethod=giatq^^requestsize=2935^^requestversion=veleumi^^status=tia^^responsesize=1837^^responseversion=ude^^transactionsize=6905', 'event.code': 'laboreet', 'event.timezone': 'CT', 'event.module': 'zscaler', 'event.action': 'Blocked', 'event.dataset': 'zscaler.zia', 'user_agent.original': 'Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36', 'user_agent.os.name': 'Android', 'user_agent.os.version': '9', 'user_agent.os.full': 'Android 9', 'user_agent.name': 'Chrome Mobile', 'user_agent.device.name': 'U307AS', 'user_agent.version': '83.0.4103.83', 'fileset.name': 'zia', 'url.original': 'https://example.com/taspe/mvolu.gif?atcup=snos#iquaUte', 'tags': ['zscaler.zia', 'forwarded'], 'input.type': 'log', '@timestamp': '2016-02-26T10:15:08.000Z', 'service.type': 'zscaler', 'http.request.referrer': 'https://www5.example.net/emaper/ssitasp.html?enimad=rmagni#sit', 'user.name': 'tenima'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing zscaler/zia on /go/src/github.com/elastic/beats/x-pack/filebeat/module/zscaler/zia/test/generated.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_180_suricata – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 3.641
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 985, 'destination.address': '192.168.86.28', 'destination.port': 63963, 'destination.ip': '192.168.86.28', 'destination.domain': '192.168.86.28', 'source.address': '192.168.86.85', 'source.port': 56119, 'source.ip': '192.168.86.85', 'fileset.name': 'eve', 'url.path': '/dd.xml', 'url.original': '/dd.xml', 'url.domain': '192.168.86.28', 'tags': ['suricata'], 'network.community_id': '1:gjMiDGtS5SVvdwzjjQdAKGBrDA4=', 'network.protocol': 'http', 'network.transport': 'tcp', 'input.type': 'log', '@timestamp': '2018-07-05T19:43:47.690Z', 'related.ip': ['192.168.86.85', '192.168.86.28'], 'service.type': 'suricata', 'http.request.method': 'GET', 'http.response.status_code': 200, 'http.response.body.bytes': 1155, 'suricata.eve.in_iface': 'en0', 'suricata.eve.event_type': 'http', 'suricata.eve.flow_id': 2115002772430095, 'suricata.eve.http.protocol': 'HTTP/1.1', 'suricata.eve.http.http_content_type': 'text/xml', 'suricata.eve.tx_id': 0, 'event.original': '{"timestamp":"2018-07-05T15:43:47.690014-0400","flow_id":2115002772430095,"in_iface":"en0","event_type":"http","src_ip":"192.168.86.85","src_port":56119,"dest_ip":"192.168.86.28","dest_port":63963,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.86.28","url":"\/dd.xml","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/67.0.3396.99 Safari\/537.36","http_content_type":"text\/xml","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1155}}', 'event.kind': 'event', 'event.module': 'suricata', 'event.category': ['network', 'web'], 'event.type': ['access', 'protocol'], 'event.dataset': 'suricata.eve', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.13.5', 'user_agent.os.full': 'Mac OS X 10.13.5', 'user_agent.name': 'Chrome', 'user_agent.device.name': 'Mac', 'user_agent.version': '67.0.3396.99'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing suricata/eve on /go/src/github.com/elastic/beats/x-pack/filebeat/module/suricata/eve/test/eve-small.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_189_googlecloud – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 3.886
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 945, 'log.logger': 'projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access', 'source.ip': '192.168.1.1', 'fileset.name': 'audit', 'tags': ['forwarded'], 'cloud.project.id': 'elastic-beats', 'input.type': 'log', '@timestamp': '2019-12-19T00:45:51.228Z', 'service.name': 'compute.googleapis.com', 'service.type': 'googlecloud', 'event.kind': 'event', 'event.module': 'googlecloud', 'event.action': 'beta.compute.machineTypes.aggregatedList', 'event.id': '-h6onuze1h7dg', 'event.dataset': 'googlecloud.audit', 'event.outcome': 'failure', 'user.email': '[email protected]', 'googlecloud.audit.request.proto_name': 'type.googleapis.com/compute.machineTypes.aggregatedList', 'googlecloud.audit.authentication_info.principal_email': '[email protected]', 'googlecloud.audit.request_metadata.caller_ip': '192.168.1.1', 'googlecloud.audit.request_metadata.caller_supplied_user_agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)', 'googlecloud.audit.method_name': 'beta.compute.machineTypes.aggregatedList', 'googlecloud.audit.service_name': 'compute.googleapis.com', 'googlecloud.audit.num_response_items': 71, 'googlecloud.audit.type': 'type.googleapis.com/google.cloud.audit.AuditLog', 'googlecloud.audit.resource_name': 'projects/elastic-beats/global/machineTypes', 'googlecloud.audit.authorization_info': [{'permission': 'compute.machineTypes.list', 'resource_attributes': {'service': 'resourcemanager', 'name': 'projects/elastic-beats', 'type': 'resourcemanager.projects'}, 'granted': False}], 'googlecloud.audit.resource_location.current_locations': ['global'], 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.15', 'user_agent.os.full': 'Mac OS X 10.15', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '71.0.'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing googlecloud/audit on /go/src/github.com/elastic/beats/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_207_tomcat – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 9.414
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'G8142', 'old_value': 'Generic Smartphone'}}}, full object:
      {'rsa.internal.level': 1516, 'rsa.internal.messageid': 'asdf', 'rsa.web.web_ref_domain': 'mail.example.net', 'rsa.web.alias_host': 'https://example.com/illumqui/ventore.html?min=ite#utl', 'rsa.web.fqdn': 'https://example.com/illumqui/ventore.html?min=ite#utl', 'rsa.web.web_cookie': 'aliqu', 'rsa.time.timezone': 'OMST', 'rsa.time.event_time': '2016-01-29T08:09:59.000Z', 'rsa.misc.action': ['exercita'], 'rsa.misc.result_code': 'ntsunti', 'rsa.network.network_service': 'oremi', 'log.offset': 0, 'source.bytes': 5293, 'source.ip': ['10.251.224.219'], 'fileset.name': 'log', 'url.domain': 'example.com', 'url.query': 'amremap', 'tags': ['tomcat.log', 'forwarded'], 'observer.product': 'TomCat', 'observer.vendor': 'Apache', 'observer.type': 'Web', 'input.type': 'log', '@timestamp': '2016-01-29T08:09:59.000Z', 'file.name': 'vol', 'related.ip': ['10.251.224.219'], 'related.user': ['rci'], 'service.type': 'tomcat', 'http.request.referrer': 'https://mail.example.net/turadipi/aeca.htm?ntium=psaq#cer', 'event.original': '%APACHETOMCAT-1516-asdf: 10.251.224.219||eacommod||rci||[29/Jan/2016:6:09:59 OMST]||exercita||https://example.com/illumqui/ventore.html?min=ite#utl||vol||amremap||oremi||ntsunti||5293||https://mail.example.net/turadipi/aeca.htm?ntium=psaq#cer||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||aliqu', 'event.code': 'asdf', 'event.timezone': 'OMST', 'event.module': 'tomcat', 'event.dataset': 'tomcat.log', 'user.name': 'rci', 'user_agent.original': 'Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36', 'user_agent.os.name': 'Android', 'user_agent.os.version': '9', 'user_agent.os.full': 'Android 9', 'user_agent.name': 'Chrome Mobile', 'user_agent.device.name': 'G8142', 'user_agent.version': '83.0.4103.83'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing tomcat/log on /go/src/github.com/elastic/beats/x-pack/filebeat/module/tomcat/log/test/generated.log

--------------------- >> end captured stdout << ----------------------

Steps errors

Expand to view the steps failures

  • Name: Make testsuite

    • Description: make -C filebeat testsuite

    • Duration: 7 min 13 sec

    • Start Time: 2020-07-23T14:56:28.775+0000

    • log

  • Name: Mage update build test

    • Description: mage update build test

    • Duration: 31 min 7 sec

    • Start Time: 2020-07-23T14:57:10.154+0000

    • log

Log output

Expand to view the last 100 lines of log output

[2020-07-23T15:49:34.354Z] [INFO] system-tests='build/filebeat/build/system-tests'. If no empty then let's create a tarball
[2020-07-23T15:49:35.121Z] + tar --version
[2020-07-23T15:49:36.063Z] + tar --exclude=filebeat--system-tests-darwin.tgz -czf filebeat--system-tests-darwin.tgz build/filebeat/build/system-tests
[2020-07-23T15:49:37.263Z] Archiving artifacts
[2020-07-23T15:49:41.238Z] + .ci/scripts/report-codecov.sh auditbeat filebeat heartbeat journalbeat libbeat metricbeat packetbeat winlogbeat
[2020-07-23T15:49:41.239Z] + CODECOV_URL=https://codecov.io/bash
[2020-07-23T15:49:41.239Z] + '[' -e /usr/local/bin/bash_standard_lib.sh ']'
[2020-07-23T15:49:41.239Z] + curl -sSLo codecov https://codecov.io/bash
[2020-07-23T15:49:41.381Z] + for i in '"$@"'
[2020-07-23T15:49:41.381Z] + FILE=auditbeat/build/coverage/full.cov
[2020-07-23T15:49:41.381Z] + '[' -f auditbeat/build/coverage/full.cov ']'
[2020-07-23T15:49:41.381Z] + for i in '"$@"'
[2020-07-23T15:49:41.381Z] + FILE=filebeat/build/coverage/full.cov
[2020-07-23T15:49:41.381Z] + '[' -f filebeat/build/coverage/full.cov ']'
[2020-07-23T15:49:41.381Z] + for i in '"$@"'
[2020-07-23T15:49:41.381Z] + FILE=heartbeat/build/coverage/full.cov
[2020-07-23T15:49:41.381Z] + '[' -f heartbeat/build/coverage/full.cov ']'
[2020-07-23T15:49:41.381Z] + for i in '"$@"'
[2020-07-23T15:49:41.381Z] + FILE=journalbeat/build/coverage/full.cov
[2020-07-23T15:49:41.381Z] + '[' -f journalbeat/build/coverage/full.cov ']'
[2020-07-23T15:49:41.381Z] + for i in '"$@"'
[2020-07-23T15:49:41.381Z] + FILE=libbeat/build/coverage/full.cov
[2020-07-23T15:49:41.381Z] + '[' -f libbeat/build/coverage/full.cov ']'
[2020-07-23T15:49:41.381Z] + for i in '"$@"'
[2020-07-23T15:49:41.381Z] + FILE=metricbeat/build/coverage/full.cov
[2020-07-23T15:49:41.381Z] + '[' -f metricbeat/build/coverage/full.cov ']'
[2020-07-23T15:49:41.381Z] + for i in '"$@"'
[2020-07-23T15:49:41.381Z] + FILE=packetbeat/build/coverage/full.cov
[2020-07-23T15:49:41.381Z] + '[' -f packetbeat/build/coverage/full.cov ']'
[2020-07-23T15:49:41.381Z] + for i in '"$@"'
[2020-07-23T15:49:41.381Z] + FILE=winlogbeat/build/coverage/full.cov
[2020-07-23T15:49:41.381Z] + '[' -f winlogbeat/build/coverage/full.cov ']'
[2020-07-23T15:49:42.685Z] Post stage
[2020-07-23T15:49:42.705Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20204/src/github.com/elastic/beats
[2020-07-23T15:49:43.546Z] Starting "default"...
[2020-07-23T15:49:43.546Z] Machine "default" is already running.
[2020-07-23T15:49:45.028Z] Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.99.102:2376": dial tcp 192.168.99.102:2376: connect: connection refused
[2020-07-23T15:49:45.029Z] You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
[2020-07-23T15:49:45.029Z] Be advised that this will trigger a Docker daemon restart which might stop running containers.
[2020-07-23T15:49:45.029Z] 
[2020-07-23T15:49:45.029Z] Client:
[2020-07-23T15:49:45.029Z]  Version:           18.06.1-ce
[2020-07-23T15:49:45.029Z]  API version:       1.38
[2020-07-23T15:49:45.029Z]  Go version:        go1.10.3
[2020-07-23T15:49:45.029Z]  Git commit:        e68fc7a
[2020-07-23T15:49:45.029Z]  Built:             Tue Aug 21 17:21:31 2018
[2020-07-23T15:49:45.029Z]  OS/Arch:           darwin/amd64
[2020-07-23T15:49:45.029Z]  Experimental:      false
[2020-07-23T15:49:45.029Z] Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
[2020-07-23T15:49:45.029Z] It requires Docker daemon to be installed and running
[2020-07-23T15:49:57.477Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20204/src/github.com/elastic/beats
[2020-07-23T15:49:57.813Z] + find . -type f -name TEST*.xml -path */build/* -delete
[2020-07-23T15:49:57.836Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20204/src/github.com/elastic/beats/Lint
[2020-07-23T15:49:57.992Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20204/src/github.com/elastic/beats/Filebeat-oss
[2020-07-23T15:49:58.162Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20204/src/github.com/elastic/beats/Filebeat-x-pack-Windows
[2020-07-23T15:49:58.319Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20204/src/github.com/elastic/beats/Filebeat-Windows
[2020-07-23T15:49:58.469Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20204/src/github.com/elastic/beats/Filebeat-x-pack
[2020-07-23T15:49:58.622Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20204/src/github.com/elastic/beats/Filebeat-x-pack-Mac-OS-X
[2020-07-23T15:49:58.771Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20204/src/github.com/elastic/beats/Filebeat-Mac-OS-X
[2020-07-23T15:49:59.205Z] + cat
[2020-07-23T15:49:59.205Z] + /usr/local/bin/runbld ./runbld-script
[2020-07-23T15:49:59.205Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-07-23T15:50:05.796Z] runbld>>> runbld started
[2020-07-23T15:50:05.797Z] runbld>>> 1.6.12/f45d832f2ba0aa2722ab4ec1fda8ad140f027f8b
[2020-07-23T15:50:06.747Z] runbld>>> The following profiles matched the job 'Beats/beats/PR-20204' in order of occurrence in the config (last value wins).
[2020-07-23T15:50:08.128Z] runbld>>> Debug logging enabled.
[2020-07-23T15:50:08.128Z] runbld>>> Storing result
[2020-07-23T15:50:08.396Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-07-23T15:50:08.396Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200723155007-766EE845
[2020-07-23T15:50:08.396Z] runbld>>> Adding system facts.
[2020-07-23T15:50:09.342Z] runbld>>> Adding vcs info for the latest commit:  0bec7f99387629da4dd71166541d5df31767d107
[2020-07-23T15:50:09.342Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-07-23T15:50:09.342Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-07-23T15:50:09.342Z] + echo 'Processing JUnit reports with runbld...'
[2020-07-23T15:50:09.342Z] Processing JUnit reports with runbld...
[2020-07-23T15:50:09.602Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-07-23T15:50:09.602Z] runbld>>> DURATION: 32ms
[2020-07-23T15:50:09.602Z] runbld>>> STDOUT: 40 bytes
[2020-07-23T15:50:09.602Z] runbld>>> STDERR: 49 bytes
[2020-07-23T15:50:09.602Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-07-23T15:50:09.602Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats_PR-20204/src/github.com/elastic/beats
[2020-07-23T15:50:10.544Z] runbld>>> Storing build metadata: 
[2020-07-23T15:50:10.544Z] runbld>>> Adding test report.
[2020-07-23T15:50:10.544Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats_PR-20204/src/github.com/elastic/beats
[2020-07-23T15:50:11.485Z] runbld>>> Found 12 test output files
[2020-07-23T15:50:12.428Z] runbld>>> Test output logs contained: Errors: 0 Failures: 10 Tests: 4633 Skipped: 655
[2020-07-23T15:50:12.688Z] runbld>>> Storing result
[2020-07-23T15:50:12.688Z] runbld>>> FAILURES: 10
[2020-07-23T15:50:14.600Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-07-23T15:50:14.600Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200723155007-766EE845
[2020-07-23T15:50:14.859Z] runbld>>> Email notification disabled by environment variable.
[2020-07-23T15:50:14.859Z] runbld>>> Slack notification disabled by environment variable.
[2020-07-23T15:50:20.458Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats_PR-20204
[2020-07-23T15:50:20.629Z] [INFO] getVaultSecret: Getting secrets
[2020-07-23T15:50:20.726Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-07-23T15:50:21.750Z] + chmod 755 generate-build-data.sh
[2020-07-23T15:50:21.750Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20204/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20204/runs/1 FAILURE 4670911
[2020-07-23T15:50:21.750Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20204/runs/1/steps/?limit=10000 -o steps-info.json
[2020-07-23T15:50:22.301Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20204/runs/1/tests/?status=FAILED -o tests-errors.json
[2020-07-23T15:50:22.552Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20204/runs/1/log/ -o pipeline-log.txt

Won't be shipping this fileset as the product is EOL.

(cherry picked from commit 390a86d)
@adriansr adriansr force-pushed the backport_20160_7.x branch from 0bec7f9 to 039c98c Compare July 23, 2020 17:26
@adriansr adriansr merged commit cd7e7d7 into elastic:7.x Jul 23, 2020
@elasticmachine
Copy link
Collaborator

💔 Build Failed

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #20204 updated]

  • Start Time: 2020-07-23T17:27:22.913+0000

  • Duration: 3 min 21 sec

Steps errors

Expand to view the steps failures

  • Name: Git fetch

    • Description:

    • Duration: 0 min 1 sec

    • Start Time: 2020-07-23T17:30:40.335+0000

    • log

  • Name: Archive the artifacts

    • Description: fetch.log

    • Duration: 0 min 0 sec

    • Start Time: 2020-07-23T17:30:41.089+0000

    • log

Log output

Expand to view the last 100 lines of log output

[2020-07-23T17:30:41.805Z] Stage "Elastic Agent x-pack" skipped due to earlier failure(s)
[2020-07-23T17:30:41.806Z] Stage "Elastic Agent x-pack Windows" skipped due to earlier failure(s)
[2020-07-23T17:30:41.807Z] Stage "Elastic Agent Mac OS X" skipped due to earlier failure(s)
[2020-07-23T17:30:41.807Z] Stage "Filebeat oss" skipped due to earlier failure(s)
[2020-07-23T17:30:41.808Z] Stage "Filebeat x-pack" skipped due to earlier failure(s)
[2020-07-23T17:30:41.809Z] Stage "Filebeat Mac OS X" skipped due to earlier failure(s)
[2020-07-23T17:30:41.809Z] Stage "Filebeat x-pack Mac OS X" skipped due to earlier failure(s)
[2020-07-23T17:30:41.810Z] Stage "Filebeat Windows" skipped due to earlier failure(s)
[2020-07-23T17:30:41.811Z] Stage "Filebeat x-pack Windows" skipped due to earlier failure(s)
[2020-07-23T17:30:41.812Z] Stage "Heartbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:41.812Z] Stage "Auditbeat oss Linux" skipped due to earlier failure(s)
[2020-07-23T17:30:41.813Z] Stage "Auditbeat crosscompile" skipped due to earlier failure(s)
[2020-07-23T17:30:41.814Z] Stage "Auditbeat oss Mac OS X" skipped due to earlier failure(s)
[2020-07-23T17:30:41.815Z] Stage "Auditbeat oss Windows" skipped due to earlier failure(s)
[2020-07-23T17:30:41.815Z] Stage "Auditbeat x-pack" skipped due to earlier failure(s)
[2020-07-23T17:30:41.816Z] Stage "Auditbeat x-pack Mac OS X" skipped due to earlier failure(s)
[2020-07-23T17:30:41.817Z] Stage "Auditbeat x-pack Windows" skipped due to earlier failure(s)
[2020-07-23T17:30:41.818Z] Stage "Libbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:41.818Z] Stage "Libbeat x-pack" skipped due to earlier failure(s)
[2020-07-23T17:30:41.819Z] Stage "Metricbeat OSS Unit tests" skipped due to earlier failure(s)
[2020-07-23T17:30:41.820Z] Stage "Metricbeat OSS Integration tests" skipped due to earlier failure(s)
[2020-07-23T17:30:41.821Z] Stage "Metricbeat Python integration tests" skipped due to earlier failure(s)
[2020-07-23T17:30:41.822Z] Stage "Metricbeat x-pack" skipped due to earlier failure(s)
[2020-07-23T17:30:41.822Z] Stage "Metricbeat crosscompile" skipped due to earlier failure(s)
[2020-07-23T17:30:41.823Z] Stage "Metricbeat Mac OS X" skipped due to earlier failure(s)
[2020-07-23T17:30:41.824Z] Stage "Metricbeat x-pack Mac OS X" skipped due to earlier failure(s)
[2020-07-23T17:30:41.825Z] Stage "Metricbeat Windows" skipped due to earlier failure(s)
[2020-07-23T17:30:41.826Z] Stage "Metricbeat x-pack Windows" skipped due to earlier failure(s)
[2020-07-23T17:30:41.827Z] Stage "Packetbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:41.828Z] Stage "dockerlogbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:41.829Z] Stage "Winlogbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:41.829Z] Stage "Winlogbeat Windows x-pack" skipped due to earlier failure(s)
[2020-07-23T17:30:41.830Z] Stage "Functionbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:41.831Z] Stage "Journalbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:41.832Z] Stage "Generators" skipped due to earlier failure(s)
[2020-07-23T17:30:41.833Z] Stage "Kubernetes" skipped due to earlier failure(s)
[2020-07-23T17:30:41.919Z] Stage "Heartbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:41.920Z] Stage "Libbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:41.921Z] Stage "Metricbeat x-pack" skipped due to earlier failure(s)
[2020-07-23T17:30:41.922Z] Stage "Packetbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:41.923Z] Stage "dockerlogbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:41.924Z] Stage "Winlogbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:41.925Z] Stage "Functionbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:41.926Z] Stage "Journalbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:41.927Z] Stage "Generators" skipped due to earlier failure(s)
[2020-07-23T17:30:42.468Z] Failed in branch Elastic Agent x-pack
[2020-07-23T17:30:42.469Z] Failed in branch Elastic Agent x-pack Windows
[2020-07-23T17:30:42.470Z] Failed in branch Elastic Agent Mac OS X
[2020-07-23T17:30:42.470Z] Failed in branch Filebeat oss
[2020-07-23T17:30:42.471Z] Failed in branch Filebeat x-pack
[2020-07-23T17:30:42.472Z] Failed in branch Filebeat Mac OS X
[2020-07-23T17:30:42.472Z] Failed in branch Filebeat x-pack Mac OS X
[2020-07-23T17:30:42.473Z] Failed in branch Filebeat Windows
[2020-07-23T17:30:42.474Z] Failed in branch Filebeat x-pack Windows
[2020-07-23T17:30:42.474Z] Failed in branch Auditbeat oss Linux
[2020-07-23T17:30:42.475Z] Failed in branch Auditbeat crosscompile
[2020-07-23T17:30:42.475Z] Failed in branch Auditbeat oss Mac OS X
[2020-07-23T17:30:42.476Z] Failed in branch Auditbeat oss Windows
[2020-07-23T17:30:42.476Z] Failed in branch Auditbeat x-pack
[2020-07-23T17:30:42.477Z] Failed in branch Auditbeat x-pack Mac OS X
[2020-07-23T17:30:42.478Z] Failed in branch Auditbeat x-pack Windows
[2020-07-23T17:30:42.478Z] Failed in branch Libbeat x-pack
[2020-07-23T17:30:42.479Z] Failed in branch Metricbeat OSS Unit tests
[2020-07-23T17:30:42.479Z] Failed in branch Metricbeat OSS Integration tests
[2020-07-23T17:30:42.480Z] Failed in branch Metricbeat Python integration tests
[2020-07-23T17:30:42.481Z] Failed in branch Metricbeat crosscompile
[2020-07-23T17:30:42.481Z] Failed in branch Metricbeat Mac OS X
[2020-07-23T17:30:42.482Z] Failed in branch Metricbeat x-pack Mac OS X
[2020-07-23T17:30:42.482Z] Failed in branch Metricbeat Windows
[2020-07-23T17:30:42.483Z] Failed in branch Metricbeat x-pack Windows
[2020-07-23T17:30:42.483Z] Failed in branch Winlogbeat Windows x-pack
[2020-07-23T17:30:42.484Z] Failed in branch Kubernetes
[2020-07-23T17:30:42.747Z] Stage "Heartbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:42.749Z] Stage "Libbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:42.750Z] Stage "Metricbeat x-pack" skipped due to earlier failure(s)
[2020-07-23T17:30:42.751Z] Stage "Winlogbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:42.752Z] Stage "Functionbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:42.753Z] Stage "Generators" skipped due to earlier failure(s)
[2020-07-23T17:30:42.811Z] Failed in branch Packetbeat
[2020-07-23T17:30:42.812Z] Failed in branch dockerlogbeat
[2020-07-23T17:30:42.812Z] Failed in branch Journalbeat
[2020-07-23T17:30:43.004Z] Stage "Heartbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:43.006Z] Stage "Libbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:43.007Z] Stage "Functionbeat" skipped due to earlier failure(s)
[2020-07-23T17:30:43.008Z] Stage "Generators" skipped due to earlier failure(s)
[2020-07-23T17:30:43.046Z] Failed in branch Metricbeat x-pack
[2020-07-23T17:30:43.047Z] Failed in branch Winlogbeat
[2020-07-23T17:30:43.228Z] Failed in branch Heartbeat
[2020-07-23T17:30:43.229Z] Failed in branch Libbeat
[2020-07-23T17:30:43.230Z] Failed in branch Functionbeat
[2020-07-23T17:30:43.230Z] Stage "Generators" skipped due to earlier failure(s)
[2020-07-23T17:30:43.307Z] Failed in branch Generators
[2020-07-23T17:30:43.640Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats_PR-20204
[2020-07-23T17:30:43.741Z] [INFO] getVaultSecret: Getting secrets
[2020-07-23T17:30:43.818Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-07-23T17:30:44.616Z] + chmod 755 generate-build-data.sh
[2020-07-23T17:30:44.616Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20204/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20204/runs/2 FAILURE 201443
[2020-07-23T17:30:44.616Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20204/runs/2/steps/?limit=10000 -o steps-info.json
[2020-07-23T17:30:44.866Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20204/runs/2/tests/?status=FAILED -o tests-errors.json
[2020-07-23T17:30:44.867Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20204/runs/2/log/ -o pipeline-log.txt

@zube zube bot removed the [zube]: Done label Oct 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants