Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Osquerybeat: Fix osquery logger plugin severy levels mapping #27789

Merged
merged 1 commit into from
Sep 8, 2021
Merged

Osquerybeat: Fix osquery logger plugin severy levels mapping #27789

merged 1 commit into from
Sep 8, 2021

Conversation

aleksmaus
Copy link
Member

What does this PR do?

Fixes the osquery logger plugin log severity level mapping. For example 0 severity was mapped to error and was logged as "error" in osquerybeat logs instead of "info" level.

Why is it important?

Log level correctness

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas

Logs

Osquerybeat log before the change, showing "error" level log:

 {"log.level":"error","@timestamp":"2021-09-07T21:36:56.248-0400","log.logger":"osquerybeat","log.origin":{"file.name":"beater/logger_plugin.go","file.line":69},"message":"Calling configure for logger osq_logger","service.name":    "osquerybeat","ctx":"logger","osquery.log_type":"status","osquery.severity":0,"osquery.filename":"config.cpp","osquery.line":891,"osquery.cal_time":"Wed Sep  8 01:36:53 2021 UTC","osquery.time":1631065013,"ecs.version":"1.6.0"}

Osquerybeat log after the change, showing the correct "info" level log:

{"log.level":"info","@timestamp":"2021-09-07T22:05:24.843-0400","log.logger":"osquerybeat","log.origin":{"file.name":"beater/logger_plugin.go","file.line":69},"message":"Event publisher not enabled: openbsm: Publisher disabled via configuration","service.name":"osquerybeat","ctx":"logger","osquery.log_type":"status","osquery.severity":0,"osquery.filename":"eventfactory.cpp","osquery.line":156,"osquery.cal_time":"Wed Sep  8 02:05:24 2021 UTC","osquery.time":1631066724,"ecs.version":"1.6.0"}

@aleksmaus aleksmaus added bug Team:Asset Mgt backport-v7.15.0 Automated backport with mergify backport-v7.16.0 Automated backport with mergify labels Sep 8, 2021
@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Sep 8, 2021
@botelastic
Copy link

botelastic bot commented Sep 8, 2021

This pull request doesn't have a Team:<team> label.

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2021-09-08T02:16:38.938+0000

  • Duration: 54 min 26 sec

  • Commit: 9186aec

Test stats 🧪

Test Results
Failed 0
Passed 3888
Skipped 0
Total 3888

Trends 🧪

Image of Build Times

Image of Tests

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 3888
Skipped 0
Total 3888

@aleksmaus aleksmaus merged commit c6b31a4 into elastic:master Sep 8, 2021
mergify bot pushed a commit that referenced this pull request Sep 8, 2021
@aleksmaus
Osquerybeat: Fix osquery logger plugin severy levels mapping (#27789)
0092e77 
(cherry picked from commit c6b31a4)
@mergify mergify bot mentioned this pull request Sep 8, 2021
Merged
mergify bot pushed a commit that referenced this pull request Sep 8, 2021
@aleksmaus
Osquerybeat: Fix osquery logger plugin severy levels mapping (#27789)
5432c68 
(cherry picked from commit c6b31a4)
@mergify mergify bot mentioned this pull request Sep 8, 2021
Merged
aleksmaus added a commit that referenced this pull request Sep 8, 2021
@mergify @aleksmaus
Osquerybeat: Fix osquery logger plugin severy levels mapping (#27789) (
0a61f4c 
…#27808)

(cherry picked from commit c6b31a4)

Co-authored-by: Aleksandr Maus <[email protected]>
aleksmaus added a commit that referenced this pull request Sep 8, 2021
@mergify @aleksmaus
Osquerybeat: Fix osquery logger plugin severy levels mapping (#27789) (
a31eb12 
…#27807)

(cherry picked from commit c6b31a4)

Co-authored-by: Aleksandr Maus <[email protected]>
mdelapenya added a commit to mdelapenya/beats that referenced this pull request Sep 9, 2021
@mdelapenya
Merge branch 'master' into 27608-fix-elastic-agent-build
16ae989 
* master: (39 commits)
  [Heartbeat] Move JSON tests from python->go (elastic#27816)
  docs: simplify permissions for Dockerfile COPY (elastic#27754)
  Osquerybeat: Fix osquery logger plugin severy levels mapping (elastic#27789)
  [Filebeat] Update compatibility function to remove processor description on ES < 7.9.0 (elastic#27774)
  warn log entry and no validation failure when both queue_url and buck… (elastic#27612)
  libbeat/cmd/instance: ensure test config file has appropriate permissions (elastic#27178)
  [Heartbeat] Add httpcommon options to ZipURL (elastic#27699)
  Add a header round tripper option to httpcommon (elastic#27509)
  [Elastic Agent] Add validation to ensure certificate paths are absolute. (elastic#27779)
  Rename dashboards according to module.yml files for master (elastic#27749)
  Refactor vagrantfile, add scripts for provisioning with docker/kind (elastic#27726)
  Accept syslog dates with leading 0 (elastic#27775)
  [Filebeat] Add timezone config option to decode_cef and syslog input (elastic#27727)
  [Filebeat] Threatintel compatibility updates (elastic#27323)
  Add support for ephemeral containers in elastic agent dynamic provider (elastic#27707)
  [Filebeat] Integration tests in CI for AWS-S3 input (elastic#27491)
  Fix flakyness of TestFilestreamEmptyLine (elastic#27705)
  [Filebeat] kafka v2 using parsers (elastic#27335)
  Update Kafka version parsing / supported range (elastic#27720)
  Update Sarama to 1.29.1 (elastic#27717)
  ...
Icedroid pushed a commit to Icedroid/beats that referenced this pull request Nov 1, 2021
@aleksmaus
Osquerybeat: Fix osquery logger plugin severy levels mapping (elastic…
01281e2 
…#27789)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scunningham scunningham scunningham approved these changes

@blakerouse blakerouse Awaiting requested review from blakerouse

@patrykkopycinski patrykkopycinski Awaiting requested review from patrykkopycinski

@james-elastic james-elastic Awaiting requested review from james-elastic

Assignees
No one assigned
Labels
backport-v7.15.0 Automated backport with mergify backport-v7.16.0 Automated backport with mergify bug Team:Asset Mgt
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aleksmaus @elasticmachine @scunningham