packetbeat/beater: make sure Npcap installation runs before interfaces are needed in all cases #30438
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
efd6
added
bug
Team:Security-External Integrations
8.1-candidate
backport-v8.1.0
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
botelastic
bot
added
needs_team
…s are needed in all cases This is a second attempt to ensure that Npcap is correctly installed; running packetbeat managed by elastic-agent appears to have a different code path to that when running vanilla packetbeat and does not execute Create in time (at all?) to have the installer run. So move the installNpcap call to the earliest time we have all the needed information to ensure that the library is installed by the time that it is needed.
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
💚 Flaky test reportTests succeeded. 🤖 GitHub commentsTo re-run your PR in the CI, just comment with:
|
efd6
changed the title
andrewkroh
approved these changes
Feb 18, 2022
mergify bot
pushed a commit
that referenced
this pull request
Feb 18, 2022
…s are needed in all cases (#30438) This is a second attempt to ensure that Npcap is correctly installed; running packetbeat managed by elastic-agent appears to have a different code path to that when running vanilla packetbeat and does not execute Create in time (at all?) to have the installer run. So move the installNpcap call to the earliest time we have all the needed information to ensure that the library is installed by the time that it is needed. (cherry picked from commit 2a181e0)
efd6
added a commit
that referenced
this pull request
Feb 18, 2022
…s are needed in all cases (#30438) (#30478) This is a second attempt to ensure that Npcap is correctly installed; running packetbeat managed by elastic-agent appears to have a different code path to that when running vanilla packetbeat and does not execute Create in time (at all?) to have the installer run. So move the installNpcap call to the earliest time we have all the needed information to ensure that the library is installed by the time that it is needed. (cherry picked from commit 2a181e0) Co-authored-by: Dan Kortschak <[email protected]>
v1v
added a commit
to v1v/beats
that referenced
this pull request
Feb 21, 2022
…nd-k8s-env * upstream/main: fix typos and improve sentences (elastic#30432) Add drop and explicit tests to avoid duplicate ingest of elasticsearch logs (elastic#30440) {,x-pack/}auditbeat: replace uses of github.com/pkg/errors with stdlib equivalents (elastic#30321) Spelling fix (elastic#30439) packetbeat/beater: make sure Npcap installation runs before interfaces are needed in all cases (elastic#30438) Add BC about Homebrew no longer being available in 8.0 (elastic#30419) Install gawk as a replacement for mawk in Docker containers. (elastic#30452) Clean up python-related system tests (elastic#30415) Fix TestNewModuleRegistry flakiness (elastic#30453) [Filebeat] [auditd]: Support EXECVE events with truncated argument list (elastic#30382) Set `log.offset` to the start of the reported line in filestream (elastic#30445) clarify SelectedPackageTypes meaning and improve its usage (elastic#30142) [elasticsearch module] serialize shards properties (elastic#30408) Add docs about hints and templates autodiscovery priority (elastic#30343)
v1v
added a commit
to v1v/beats
that referenced
this pull request
Feb 22, 2022
…ckaging-docker * upstream/main: (26 commits) Update docker/distribution to 2.8.0 (elastic#30462) Add `parsers` examples to `filestream` reference configuration (elastic#30529) extend documentation about setting orchestrator.cluster fields (elastic#30518) Forward-port 8.0.1 changelog to main (elastic#30522) Switch skip to use `CI` (elastic#30512) packetbeat/beater: don't attempt to install npcap when already installed (elastic#30509) Fix Docker module: rename fields on dashboards (elastic#30500) fix typos and improve sentences (elastic#30432) Add drop and explicit tests to avoid duplicate ingest of elasticsearch logs (elastic#30440) {,x-pack/}auditbeat: replace uses of github.com/pkg/errors with stdlib equivalents (elastic#30321) Spelling fix (elastic#30439) packetbeat/beater: make sure Npcap installation runs before interfaces are needed in all cases (elastic#30438) Add BC about Homebrew no longer being available in 8.0 (elastic#30419) Install gawk as a replacement for mawk in Docker containers. (elastic#30452) Clean up python-related system tests (elastic#30415) Fix TestNewModuleRegistry flakiness (elastic#30453) [Filebeat] [auditd]: Support EXECVE events with truncated argument list (elastic#30382) Set `log.offset` to the start of the reported line in filestream (elastic#30445) clarify SelectedPackageTypes meaning and improve its usage (elastic#30142) [elasticsearch module] serialize shards properties (elastic#30408) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This is a second attempt to ensure that Npcap is correctly installed; running
packetbeat managed by elastic-agent appears to have a different code path to
that when running vanilla packetbeat and does not execute Create in time (at
all?) to have the installer run. So move the installNpcap call to the earliest
time we have all the needed information to ensure that the library is installed
by the time that it is needed.
Why is it important?
This fixes a required feature.
Checklist
- [ ] I have made corresponding changes to the documentation- [ ] I have made corresponding change to the default configuration files- [ ] I have added tests that prove my fix is effective or that my feature worksCHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Author's Checklist
How to test this PR locally
Local testing requires setting up a managed windows host under fleet.
Related issues
Use cases
Screenshots
Logs