Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[MongoDB Atlas] mongod audit datastream #9020

Merged
merged 17 commits into from
Apr 16, 2024

Conversation

milan-elastic
Copy link
Contributor

@milan-elastic milan-elastic commented Jan 31, 2024

Create the package for Mongodb Atlas Integration and Provide the support of Mongod Audit logs.

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.

All changes

  • Change follows the contributing guidelines
  • Supported versions of the monitoring target are documented
  • Supported operating systems are documented (if applicable)
  • Integration or System tests exist
  • Documentation exists, useful guidelines to follow
  • Fields follow ECS and naming conventions
  • At least a manual test with ES / Kibana / Agent has been performed.
  • Required Kibana version set to: 8.12.0
  • TSDB enablement for the data stream

Data dataset changes

This entry is currently only recommended. It will be mandatory once we provide better support for it.

  • Sample event (sample_event.json) exists

Related Issues

Screenshots

mongod-audit-dashboard

Known Issues:

Currently Following challenges are still open to solve for this PR:

@botelastic
Copy link

botelastic bot commented Mar 27, 2024

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Mar 27, 2024
@ishleenk17
Copy link
Contributor

Still valid!

@botelastic botelastic bot removed the Stalled label Mar 27, 2024
@milan-elastic milan-elastic marked this pull request as ready for review March 28, 2024 05:30
@milan-elastic
Copy link
Contributor Author

/test

Copy link
Contributor

@harnish-elastic harnish-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ishleenk17
Copy link
Contributor

Are the system Tests failing?
Can we mention the known issues towards end of the description.

@ishleenk17
Copy link
Contributor

Please address the build failure @milan-elastic

packages/mongodb_atlas/_dev/build/build.yml Outdated Show resolved Hide resolved
packages/mongodb_atlas/manifest.yml Outdated Show resolved Hide resolved
packages/mongodb_atlas/manifest.yml Outdated Show resolved Hide resolved
- name: http_client_timeout
type: text
title: HTTP Client Timeout
description: Duration before declaring that the HTTP client connection has timed out. Valid time units are m/s. If the data collection period is extensive, ensure that this parameter's value is appropriately long.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please have a better description for this.

Copy link
Contributor Author

@milan-elastic milan-elastic Apr 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For this field, I've taken the reference the from here.
Let me know if we still wants to change this

@@ -0,0 +1,108 @@
config_version: 2
interval: {{interval}}
{{#if enable_request_tracer}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you share more details about this ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The request tracer logs requests and responses to the agent's local file-system for debugging configurations. See documentation for details.

@milan-elastic
Copy link
Contributor Author

Please address the build failure @milan-elastic

@ishleenk17 I don't have an access to buildkite, hence not able to check exactly why it is failing can you provide the screenshot or reason of it so i can go through it and accordingly apply the fix

Co-authored-by: Ishleen Kaur <[email protected]>
@ishleenk17
Copy link
Contributor

ishleenk17 commented Apr 3, 2024

Please address the build failure @milan-elastic

@ishleenk17 I don't have an access to buildkite, hence not able to check exactly why it is failing can you provide the screenshot or reason of it so i can go through it and accordingly apply the fix

Screenshot 2024-04-03 at 1 52 00 PM

@ishleenk17
Copy link
Contributor

@SubhrataK : Could you please review the dashboard of the datastream?

@ishleenk17
Copy link
Contributor

@efd6 : CEL Input is being used in this datastream and there are some significant changes in the program script of it.
Can you please assess it and point out any inaccuracies or areas for improvement in the script?

Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks OK

@milan-elastic milan-elastic requested review from efd6 and ishleenk17 April 9, 2024 11:56
@ishleenk17
Copy link
Contributor

@milan-elastic : Can we get the CI green ?
Before reviewing it.

@muthu-mps
Copy link
Contributor

@milan-elastic - Can we add more logs for pipeline testing? As of now we have the logout action. Please include the authentication and authorization failure logs to the pipeline.

@elasticmachine
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@milan-elastic
Copy link
Contributor Author

@milan-elastic - Can we add more logs for pipeline testing? As of now we have the logout action. Please include the authentication and authorization failure logs to the pipeline.

Done, added more events for pipeline that we are managed to generate!

@milan-elastic milan-elastic requested a review from ruflin April 15, 2024 10:56
@SubhrataK
Copy link

@SubhrataK : Could you please review the dashboard of the datastream?

LGTM

Copy link
Contributor

@ishleenk17 ishleenk17 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@milan-elastic milan-elastic requested a review from a team as a code owner April 16, 2024 17:14
@elasticmachine
Copy link

💚 Build Succeeded

History

cc @milan-elastic

Copy link

@milan-elastic milan-elastic merged commit 4b43599 into elastic:main Apr 16, 2024
5 checks passed
@elasticmachine
Copy link

Package mongodb_atlas - 0.0.2 containing this change is available at https://epr.elastic.co/search?package=mongodb_atlas

Comment on lines +117 to +125
source: |
Map m = new HashMap();
m.put(0, "Success");
m.put(13, "Unauthorized to perform the operation");
m.put(18, "Authentication Failed");
m.put(26, "Namespace Not Found");
m.put(276, "Index build aborted");
m.put(334, "Unauthorized to perform the operation");
ctx.mongodb_atlas.mongod_audit.result = m.get(ctx.json.result);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants