-
Notifications
You must be signed in to change notification settings - Fork 458
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[MongoDB Atlas] mongod audit datastream #9020
[MongoDB Atlas] mongod audit datastream #9020
Conversation
Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as |
Still valid! |
/test |
...ngodb_atlas/data_stream/mongod_audit/_dev/test/pipeline/test-mongod-audit.json-expected.json
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Are the system Tests failing? |
Please address the build failure @milan-elastic |
- name: http_client_timeout | ||
type: text | ||
title: HTTP Client Timeout | ||
description: Duration before declaring that the HTTP client connection has timed out. Valid time units are m/s. If the data collection period is extensive, ensure that this parameter's value is appropriately long. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please have a better description for this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For this field, I've taken the reference the from here.
Let me know if we still wants to change this
packages/mongodb_atlas/data_stream/mongod_audit/elasticsearch/ingest_pipeline/default.yml
Show resolved
Hide resolved
@@ -0,0 +1,108 @@ | |||
config_version: 2 | |||
interval: {{interval}} | |||
{{#if enable_request_tracer}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you share more details about this ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The request tracer logs requests and responses to the agent's local file-system for debugging configurations. See documentation for details.
@ishleenk17 I don't have an access to buildkite, hence not able to check exactly why it is failing can you provide the screenshot or reason of it so i can go through it and accordingly apply the fix |
Co-authored-by: Ishleen Kaur <[email protected]>
![]() |
@SubhrataK : Could you please review the dashboard of the datastream? |
@efd6 : CEL Input is being used in this datastream and there are some significant changes in the program script of it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks OK
packages/mongodb_atlas/data_stream/mongod_audit/agent/stream/input.yml.hbs
Outdated
Show resolved
Hide resolved
packages/mongodb_atlas/data_stream/mongod_audit/agent/stream/input.yml.hbs
Outdated
Show resolved
Hide resolved
packages/mongodb_atlas/data_stream/mongod_audit/agent/stream/input.yml.hbs
Show resolved
Hide resolved
packages/mongodb_atlas/data_stream/mongod_audit/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/mongodb_atlas/data_stream/mongod_audit/agent/stream/input.yml.hbs
Show resolved
Hide resolved
@milan-elastic : Can we get the CI green ? |
packages/mongodb_atlas/_dev/deploy/docker/mongodb_atlas/main.go
Outdated
Show resolved
Hide resolved
packages/mongodb_atlas/data_stream/mongod_audit/fields/fields.yml
Outdated
Show resolved
Hide resolved
packages/mongodb_atlas/data_stream/mongod_audit/fields/fields.yml
Outdated
Show resolved
Hide resolved
packages/mongodb_atlas/data_stream/mongod_audit/fields/fields.yml
Outdated
Show resolved
Hide resolved
@milan-elastic - Can we add more logs for pipeline testing? As of now we have the logout action. Please include the authentication and authorization failure logs to the pipeline. |
🚀 Benchmarks reportTo see the full report comment with |
Done, added more events for pipeline that we are managed to generate! |
LGTM |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good!
💚 Build Succeeded
History
|
|
Package mongodb_atlas - 0.0.2 containing this change is available at https://epr.elastic.co/search?package=mongodb_atlas |
source: | | ||
Map m = new HashMap(); | ||
m.put(0, "Success"); | ||
m.put(13, "Unauthorized to perform the operation"); | ||
m.put(18, "Authentication Failed"); | ||
m.put(26, "Namespace Not Found"); | ||
m.put(276, "Index build aborted"); | ||
m.put(334, "Unauthorized to perform the operation"); | ||
ctx.mongodb_atlas.mongod_audit.result = m.get(ctx.json.result); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use params next when enhancing. See: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-scripting-using.html#prefer-params
Example: #9539 (comment)
Create the package for Mongodb Atlas Integration and Provide the support of Mongod Audit logs.
Integration release checklist
This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.
All changes
Data dataset changes
This entry is currently only recommended. It will be mandatory once we provide better support for it.
sample_event.json
) existsRelated Issues
Screenshots
Known Issues:
Currently Following challenges are still open to solve for this PR: