From 62d932b8f71a4ed7784bfba70185c1c30bad2a76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Wed, 5 Aug 2020 14:56:11 +0200 Subject: [PATCH 1/2] Check if Filebeat harvester tries to open named pipe Closes #18682 --- filebeat/input/log/harvester.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/filebeat/input/log/harvester.go b/filebeat/input/log/harvester.go index 9dc93202951..5afcf6e799a 100644 --- a/filebeat/input/log/harvester.go +++ b/filebeat/input/log/harvester.go @@ -505,6 +505,14 @@ func (h *Harvester) shouldExportLine(line string) bool { // is returned and the harvester is closed. The file will be picked up again the next time // the file system is scanned func (h *Harvester) openFile() error { + fi, err := os.Stat(h.state.Source) + if err != nil { + return fmt.Errorf("failed to stat source file %s: %v", h.state.Source, err) + } + if fi.Mode()&os.ModeNamedPipe != 0 { + return fmt.Errorf("failed to open file %s, named pipes are not supported", h.state.Source) + } + f, err := file_helper.ReadOpen(h.state.Source) if err != nil { return fmt.Errorf("Failed opening %s: %s", h.state.Source, err) From 91e6e379c96bbb587618473e69e1f9ee23b25fbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Wed, 5 Aug 2020 15:15:57 +0200 Subject: [PATCH 2/2] add changelog entry --- CHANGELOG.next.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 41709892e44..0a3c6832094 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -506,6 +506,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add support for additional fields and FirewallMatchEvent type events in CrowdStrike module {pull}20138[20138] - Add event.ingested for Suricata module {pull}20220[20220] - Add event.ingested to all Filebeat modules. {pull}20386[20386] +- Return error when log harvester tries to open a named pipe. {issue}18682[18682] {pull}20450[20450] *Heartbeat*