New windows service metricset

metricbeat/Makefile

@@ -47,7 +47,7 @@ configs: python-env
 	@cat ${ES_BEATS}/metricbeat/_meta/common.reference.yml > _meta/beat.reference.yml
 	@${PYTHON_ENV}/bin/python ${ES_BEATS}/script/config_collector.py --beat ${BEAT_NAME} --full $(PWD) >> _meta/beat.reference.yml
 	@rm -rf modules.d && mkdir -p modules.d
-	@for MODULE in `find module -type d -maxdepth 1 -mindepth 1 -exec basename {} \;`; do cp -a $(PWD)/module/$$MODULE/_meta/config.yml modules.d/$$MODULE.yml.disabled; done
+	@for MODULE in `find module -maxdepth 1 -mindepth 1 -type d -exec basename {} \;`; do cp -a $(PWD)/module/$$MODULE/_meta/config.yml modules.d/$$MODULE.yml.disabled; done
 	@chmod go-w modules.d/*
 	@# Enable system by default:
 	@if [ -f modules.d/system.yml.disabled ]; then mv modules.d/system.yml.disabled modules.d/system.yml; fi

metricbeat/docs/fields.asciidoc

@@ -11304,6 +11304,56 @@ beta[] Module for Windows
 
 
 
+
+[float]
+== service fields
+
+`service` contains the status for windows services.
+
+
+
+[float]
+=== `windows.service.uptime.ms`
+
+type: long
+
+format: duration
+
+`uptime` contains the service uptime metric.
+
+
+[float]
+=== `windows.service.name`
+
+type: keyword
+
+The service name.
+
+
+[float]
+=== `windows.service.display_name`
+
+type: keyword
+
+The display name of the service.
+
+
+[float]
+=== `windows.service.start_type`
+
+type: keyword
+
+The start type of the service. The possible values are `ServiceAutoStart`, `ServiceBootStart`, `ServiceDemandStart`, `ServiceDisabled`, and `ServiceSystemStart`.
+
+
+[float]
+=== `windows.service.state`
+
+type: keyword
+
+The actual state of the service. The possible values are `ServiceContinuePending`, `ServicePausePending`, `ServicePaused`, `ServiceRunning`, `ServiceStartPending`, `ServiceStopPending`, and `ServiceStopped`.
+
+
 [[exported-fields-zookeeper]]
 == ZooKeeper fields
 

metricbeat/docs/modules/windows.asciidoc

@@ -30,5 +30,9 @@ The following metricsets are available:
 
 * <<metricbeat-metricset-windows-perfmon,perfmon>>
 
+* <<metricbeat-metricset-windows-service,service>>
+
 include::windows/perfmon.asciidoc[]
 
+include::windows/service.asciidoc[]
+

metricbeat/docs/modules/windows/service.asciidoc

@@ -0,0 +1,19 @@
+////
+This file is generated! See scripts/docs_collector.py
+////
+
+[[metricbeat-metricset-windows-service]]
+include::../../../module/windows/service/_meta/docs.asciidoc[]
+
+
+==== Fields
+
+For a description of each field in the metricset, see the
+<<exported-fields-windows,exported fields>> section.
+
+Here is an example document generated by this metricset:
+
+[source,json]
+----
+include::../../../module/windows/service/_meta/data.json[]
+----

metricbeat/helper/privileges_windows.go

@@ -0,0 +1,96 @@
+package helper
+
+import (
+	"sync"
+	"syscall"
+
+	"github.com/pkg/errors"
+
+	"github.com/elastic/gosigar/sys/windows"
+
+	"github.com/elastic/beats/libbeat/logp"
+)
+
+var once sync.Once
+
+// errMissingSeDebugPrivilege indicates that the SeDebugPrivilege is not
+// present in the process's token. This is distinct from disabled. The token
+// would be missing if the user does not have "Debug programs" rights. By
+// default, only administrators and LocalSystem accounts have the privileges to
+// debug programs.
+var errMissingSeDebugPrivilege = errors.New("Metricbeat is running without " +
+	"SeDebugPrivilege, a Windows privilege that allows it to collect metrics " +
+	"from other processes. The user running Metricbeat may not have the " +
+	"appropriate privileges or the security policy disallows it.")
+
+// enableSeDebugPrivilege enables the SeDebugPrivilege if it is present in
+// the process's token.
+func enableSeDebugPrivilege() error {
+	self, err := syscall.GetCurrentProcess()
+	if err != nil {
+		return err
+	}
+
+	var token syscall.Token
+	err = syscall.OpenProcessToken(self, syscall.TOKEN_QUERY|syscall.TOKEN_ADJUST_PRIVILEGES, &token)
+	if err != nil {
+		return err
+	}
+
+	if err = windows.EnableTokenPrivileges(token, windows.SeDebugPrivilege); err != nil {
+		return errors.Wrap(err, "EnableTokenPrivileges failed")
+	}
+
+	return nil
+}
+
+// CheckAndEnableSeDebugPrivilege checks if the process's token has the
+// SeDebugPrivilege and enables it if it is disabled.
+func CheckAndEnableSeDebugPrivilege() error {
+	var err error
+	once.Do(func() {
+		err = checkAndEnableSeDebugPrivilege()
+	})
+	return err
+}
+
+func checkAndEnableSeDebugPrivilege() error {
+	info, err := windows.GetDebugInfo()
+	if err != nil {
+		return errors.Wrap(err, "GetDebugInfo failed")
+	}
+	logp.Info("Metricbeat process and system info: %v", info)
+
+	seDebug, found := info.ProcessPrivs[windows.SeDebugPrivilege]
+	if !found {
+		return errMissingSeDebugPrivilege
+	}
+
+	if seDebug.Enabled {
+		logp.Info("SeDebugPrivilege is enabled. %v", seDebug)
+		return nil
+	}
+
+	if err = enableSeDebugPrivilege(); err != nil {
+		logp.Warn("Failure while attempting to enable SeDebugPrivilege. %v", err)
+	}
+
+	info, err = windows.GetDebugInfo()
+	if err != nil {
+		return errors.Wrap(err, "GetDebugInfo failed")
+	}
+
+	seDebug, found = info.ProcessPrivs[windows.SeDebugPrivilege]
+	if !found {
+		return errMissingSeDebugPrivilege
+	}
+
+	if !seDebug.Enabled {
+		return errors.Errorf("Metricbeat failed to enable the "+
+			"SeDebugPrivilege, a Windows privilege that allows it to collect "+
+			"metrics from other processes. %v", seDebug)
+	}
+
+	logp.Info("SeDebugPrivilege is now enabled. %v", seDebug)
+	return nil
+}

metricbeat/include/list.go

@@ -114,6 +114,7 @@ import (
 	_ "github.com/elastic/beats/metricbeat/module/vsphere/virtualmachine"
 	_ "github.com/elastic/beats/metricbeat/module/windows"
 	_ "github.com/elastic/beats/metricbeat/module/windows/perfmon"
+	_ "github.com/elastic/beats/metricbeat/module/windows/service"
 	_ "github.com/elastic/beats/metricbeat/module/zookeeper"
 	_ "github.com/elastic/beats/metricbeat/module/zookeeper/mntr"
 )

metricbeat/module/docker/helper.go

@@ -3,9 +3,9 @@ package docker
 import (
 	"strings"
 
-	"github.com/elastic/beats/libbeat/common"
-
 	"github.com/fsouza/go-dockerclient"
+
+	"github.com/elastic/beats/libbeat/common"
 )
 
 type Container struct {

metricbeat/module/system/system_windows.go

@@ -1,90 +1,12 @@
 package system
 
 import (
-	"syscall"
-
-	"github.com/pkg/errors"
-
 	"github.com/elastic/beats/libbeat/logp"
-	"github.com/elastic/gosigar/sys/windows"
+	"github.com/elastic/beats/metricbeat/helper"
 )
 
-// errMissingSeDebugPrivilege indicates that the SeDebugPrivilege is not
-// present in the process's token. This is distinct from disabled. The token
-// would be missing if the user does not have "Debug programs" rights. By
-// default, only administrators and LocalSystem accounts have the privileges to
-// debug programs.
-var errMissingSeDebugPrivilege = errors.New("Metricbeat is running without " +
-	"SeDebugPrivilege, a Windows privilege that allows it to collect metrics " +
-	"from other processes. The user running Metricbeat may not have the " +
-	"appropriate privileges or the security policy disallows it.")
-
 func initModule() {
-	if err := checkAndEnableSeDebugPrivilege(); err != nil {
+	if err := helper.CheckAndEnableSeDebugPrivilege(); err != nil {
 		logp.Warn("%v", err)
 	}
 }
-
-// checkAndEnableSeDebugPrivilege checks if the process's token has the
-// SeDebugPrivilege and enables it if it is disabled.
-func checkAndEnableSeDebugPrivilege() error {
-	info, err := windows.GetDebugInfo()
-	if err != nil {
-		return errors.Wrap(err, "GetDebugInfo failed")
-	}
-	logp.Info("Metricbeat process and system info: %v", info)
-
-	seDebug, found := info.ProcessPrivs[windows.SeDebugPrivilege]
-	if !found {
-		return errMissingSeDebugPrivilege
-	}
-
-	if seDebug.Enabled {
-		logp.Info("SeDebugPrivilege is enabled. %v", seDebug)
-		return nil
-	}
-
-	if err = enableSeDebugPrivilege(); err != nil {
-		logp.Warn("Failure while attempting to enable SeDebugPrivilege. %v", err)
-	}
-
-	info, err = windows.GetDebugInfo()
-	if err != nil {
-		return errors.Wrap(err, "GetDebugInfo failed")
-	}
-
-	seDebug, found = info.ProcessPrivs[windows.SeDebugPrivilege]
-	if !found {
-		return errMissingSeDebugPrivilege
-	}
-
-	if !seDebug.Enabled {
-		return errors.Errorf("Metricbeat failed to enable the "+
-			"SeDebugPrivilege, a Windows privilege that allows it to collect "+
-			"metrics from other processes. %v", seDebug)
-	}
-
-	logp.Info("SeDebugPrivilege is now enabled. %v", seDebug)
-	return nil
-}
-
-// enableSeDebugPrivilege enables the SeDebugPrivilege if it is present in
-// the process's token.
-func enableSeDebugPrivilege() error {
-	self, err := syscall.GetCurrentProcess()
-	if err != nil {
-		return err
-	}
-
-	var token syscall.Token
-	err = syscall.OpenProcessToken(self, syscall.TOKEN_QUERY|syscall.TOKEN_ADJUST_PRIVILEGES, &token)
-	if err != nil {
-		return err
-	}
-
-	if err = windows.EnableTokenPrivileges(token, windows.SeDebugPrivilege); err != nil {
-		return errors.Wrap(err, "EnableTokenPrivileges failed")
-	}
-
-	return nil
-}

metricbeat/module/windows/perfmon/doc.go

@@ -3,7 +3,7 @@
 package perfmon
 
 //go:generate go run mkpdh_defs.go
-//go:generate go run run.go -cmd "go tool cgo -godefs defs_pdh_windows.go" -goarch amd64 -output defs_pdh_windows_amd64.go
-//go:generate go run run.go -cmd "go tool cgo -godefs defs_pdh_windows.go" -goarch 386 -output defs_pdh_windows_386.go
+//go:generate go run ../run.go -cmd "go tool cgo -godefs defs_pdh_windows.go" -goarch amd64 -output defs_pdh_windows_amd64.go
+//go:generate go run ../run.go -cmd "go tool cgo -godefs defs_pdh_windows.go" -goarch 386 -output defs_pdh_windows_386.go
 //go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zpdh_windows.go pdh_windows.go
 //go:generate gofmt -w defs_pdh_windows_amd64.go defs_pdh_windows_386.go zpdh_windows.go

metricbeat/module/windows/service/_meta/data.json

@@ -0,0 +1,20 @@
+{
+    "@timestamp": "2017-10-12T08:05:34.853Z",
+    "beat": {
+        "hostname": "host.example.com",
+        "name": "host.example.com"
+    },
+    "metricset": {
+        "module": "windows",
+        "name": "service",
+        "rtt": 115
+    },
+    "windows": {
+        "service": {
+            "display_name": "AllJoyn-Routerdienst",
+            "name": "AJRouter",
+            "start_type": "ServiceDemandStart",
+            "state": "ServiceStopped"
+        }
+    }
+}

metricbeat/module/windows/service/_meta/docs.asciidoc

@@ -0,0 +1,14 @@
+=== windows service MetricSet
+
+The `service` metricset of the Windows module reads the status for Windows
+Services.
+
+[float]
+=== Configuration
+
+[source,yaml]
+----
+- module: windows
+  metricsets: ["service"]
+  period: 10s
+----

metricbeat/module/windows/service/_meta/fields.yml

@@ -0,0 +1,34 @@
+- name: service
+  type: group
+  description: >
+    `service` contains the status for windows services.
+  fields:
+    - name: uptime.ms
+      type: long
+      format: duration
+      input_format: milliseconds
+      description: >
+        `uptime` contains the service uptime metric.
+
+    - name: name
+      type: keyword
+      description: >
+        The service name.
+
+    - name: display_name
+      type: keyword
+      description: >
+        The display name of the service.
+
+    - name: start_type
+      type: keyword
+      description: >
+        The start type of the service.
+        The possible values are `ServiceAutoStart`, `ServiceBootStart`, `ServiceDemandStart`, `ServiceDisabled`, and `ServiceSystemStart`.
+
+    - name: state
+      type: keyword
+      description: >
+        The actual state of the service.
+        The possible values are `ServiceContinuePending`, `ServicePausePending`, `ServicePaused`, `ServiceRunning`, `ServiceStartPending`,
+        `ServiceStopPending`, and `ServiceStopped`.