Skip to content

Commit

Permalink
[Filebeat] Add ECS categorization fields to activemq module (elastic#…
Browse files Browse the repository at this point in the history
…16201)

- event.kind (audit, log)
- event.type (audit, log)
- user.name (audit)

Closes elastic#16151

(cherry picked from commit 820ef85)
  • Loading branch information
leehinman committed Feb 14, 2020
1 parent 733db53 commit 7fe7288
Show file tree
Hide file tree
Showing 5 changed files with 79 additions and 4 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -194,6 +194,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- move create-[module,fileset,fields] to mage and enable in x-pack/filebeat {pull}15836[15836]
- Add ECS tls and categorization fields to apache module. {issue}16032[16032] {pull}16121[16121]
- Add MQTT input. {issue}15602[15602] {pull}16204[16204]
- Add ECS categorization fields to activemq module. {issue}16151[16151] {pull}16201[16201]

*Heartbeat*

Expand Down
17 changes: 17 additions & 0 deletions x-pack/filebeat/module/activemq/audit/ingest/pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,23 @@ processors:
patterns:
- "%{LOGLEVEL:log.level}%{SPACE}\\|%{SPACE}%{WORD:activemq.user}%{SPACE}%{NOPIPEGREEDYDATA:message}%{SPACE}\\|%{SPACE}%{THREAD_NAME:activemq.thread}"
ignore_missing: true
- set:
field: event.kind
value: event
- set:
if: "ctx?.activemq?.user != null"
field: user.name
value: "{{activemq.user}}"
- script:
if: "ctx?.log?.level != null"
lang: painless
source: >-
def err_levels = ["FATAL", "ERROR", "WARN"];
if (err_levels.contains(ctx.log.level)) {
ctx.event.type = "error";
} else {
ctx.event.type = "info";
}
on_failure:
- set:
field: error.message
Expand Down
20 changes: 16 additions & 4 deletions x-pack/filebeat/module/activemq/audit/test/audit.log-expected.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,48 +3,60 @@
"activemq.thread": "qtp443290224-47",
"activemq.user": "anonymous",
"event.dataset": "activemq.audit",
"event.kind": "event",
"event.module": "activemq",
"event.type": "info",
"fileset.name": "audit",
"input.type": "log",
"log.level": "INFO",
"log.offset": 0,
"message": "called org.apache.activemq.broker.jmx.QueueView.retryMessages[] at 27-11-2019 08:45:57,213",
"service.type": "activemq"
"service.type": "activemq",
"user.name": "anonymous"
},
{
"activemq.thread": "qtp443290224-45",
"activemq.user": "admin",
"event.dataset": "activemq.audit",
"event.kind": "event",
"event.module": "activemq",
"event.type": "info",
"fileset.name": "audit",
"input.type": "log",
"log.level": "INFO",
"log.offset": 127,
"message": "called org.apache.activemq.broker.jmx.QueueView.retryMessages[] at 27-11-2019 08:45:57,229",
"service.type": "activemq"
"service.type": "activemq",
"user.name": "admin"
},
{
"activemq.thread": "qtp12205619-39",
"activemq.user": "admin",
"event.dataset": "activemq.audit",
"event.kind": "event",
"event.module": "activemq",
"event.type": "error",
"fileset.name": "audit",
"input.type": "log",
"log.level": "WARN",
"log.offset": 250,
"message": "requested /admin/createDestination.action [JMSDestination='test' JMSDestinationType='queue' secret='4eb0bc3e-9d7a-4256-844c-24f40fda98f1' ] from 127.0.0.1",
"service.type": "activemq"
"service.type": "activemq",
"user.name": "admin"
},
{
"activemq.thread": "qtp12205619-36",
"activemq.user": "guest",
"event.dataset": "activemq.audit",
"event.kind": "event",
"event.module": "activemq",
"event.type": "info",
"fileset.name": "audit",
"input.type": "log",
"log.level": "INFO",
"log.offset": 436,
"message": "requested /admin/purgeDestination.action [JMSDestination='test' JMSDestinationType='queue' secret='eff6a932-1b58-45da-a64a-1b30b246cfc9' ] from 127.0.0.1",
"service.type": "activemq"
"service.type": "activemq",
"user.name": "guest"
}
]
13 changes: 13 additions & 0 deletions x-pack/filebeat/module/activemq/log/ingest/pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,19 @@ processors:
- remove:
field:
- timestamp
- set:
field: event.kind
value: event
- script:
if: "ctx?.log?.level != null"
lang: painless
source: >-
def err_levels = ["FATAL", "ERROR", "WARN"];
if (err_levels.contains(ctx.log.level)) {
ctx.event.type = "error";
} else {
ctx.event.type = "info";
}
on_failure:
- set:
field: error.message
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,10 @@
"activemq.log.stack_trace": "",
"activemq.thread": "main",
"event.dataset": "activemq.log",
"event.kind": "event",
"event.module": "activemq",
"event.timezone": "-02:00",
"event.type": "info",
"fileset.name": "log",
"input.type": "log",
"log.level": "INFO",
Expand All @@ -20,8 +22,10 @@
"activemq.log.stack_trace": "",
"activemq.thread": "main",
"event.dataset": "activemq.log",
"event.kind": "event",
"event.module": "activemq",
"event.timezone": "-02:00",
"event.type": "info",
"fileset.name": "log",
"input.type": "log",
"log.level": "INFO",
Expand All @@ -35,8 +39,10 @@
"activemq.log.stack_trace": "",
"activemq.thread": "KahaDB Index Free Page Recovery",
"event.dataset": "activemq.log",
"event.kind": "event",
"event.module": "activemq",
"event.timezone": "-02:00",
"event.type": "info",
"fileset.name": "log",
"input.type": "log",
"log.level": "INFO",
Expand All @@ -50,8 +56,10 @@
"activemq.log.stack_trace": "",
"activemq.thread": "main",
"event.dataset": "activemq.log",
"event.kind": "event",
"event.module": "activemq",
"event.timezone": "-02:00",
"event.type": "info",
"fileset.name": "log",
"input.type": "log",
"log.level": "INFO",
Expand All @@ -65,8 +73,10 @@
"activemq.log.stack_trace": "at org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:28)[activemq-client-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.registerConnectorMBean(BrokerService.java:2264)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startTransportConnector(BrokerService.java:2744)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startAllConnectors(BrokerService.java:2640)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.doStartBroker(BrokerService.java:771)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.startBroker(BrokerService.java:733)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.broker.BrokerService.start(BrokerService.java:636)[activemq-broker-5.15.9.jar:5.15.9]\n\tat org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:73)[activemq-spring-5.15.9.jar:5.15.9]\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.8.0_212]\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)[:1.8.0_212]\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.8.0_212]\n\tat java.lang.reflect.Method.invoke(Method.java:498)[:1.8.0_212]\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1763)[spring-beans-4.3.18.RELEASE.jar:4.3.18.RELEASE]\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1700)[spring-beans-4.3.18.RELEASE.jar:4.3.18.RELEASE]",
"activemq.thread": "main",
"event.dataset": "activemq.log",
"event.kind": "event",
"event.module": "activemq",
"event.timezone": "-02:00",
"event.type": "error",
"fileset.name": "log",
"input.type": "log",
"log.flags": [
Expand All @@ -83,8 +93,10 @@
"activemq.log.stack_trace": "",
"activemq.thread": "main",
"event.dataset": "activemq.log",
"event.kind": "event",
"event.module": "activemq",
"event.timezone": "-02:00",
"event.type": "info",
"fileset.name": "log",
"input.type": "log",
"log.level": "INFO",
Expand All @@ -98,8 +110,10 @@
"activemq.log.stack_trace": "",
"activemq.thread": "main",
"event.dataset": "activemq.log",
"event.kind": "event",
"event.module": "activemq",
"event.timezone": "-02:00",
"event.type": "info",
"fileset.name": "log",
"input.type": "log",
"log.level": "INFO",
Expand All @@ -113,8 +127,10 @@
"activemq.log.stack_trace": "",
"activemq.thread": "main",
"event.dataset": "activemq.log",
"event.kind": "event",
"event.module": "activemq",
"event.timezone": "-02:00",
"event.type": "info",
"fileset.name": "log",
"input.type": "log",
"log.level": "INFO",
Expand All @@ -128,8 +144,10 @@
"activemq.log.stack_trace": "",
"activemq.thread": "main",
"event.dataset": "activemq.log",
"event.kind": "event",
"event.module": "activemq",
"event.timezone": "-02:00",
"event.type": "info",
"fileset.name": "log",
"input.type": "log",
"log.level": "INFO",
Expand All @@ -143,8 +161,10 @@
"activemq.log.stack_trace": "",
"activemq.thread": "main",
"event.dataset": "activemq.log",
"event.kind": "event",
"event.module": "activemq",
"event.timezone": "-02:00",
"event.type": "info",
"fileset.name": "log",
"input.type": "log",
"log.level": "INFO",
Expand All @@ -158,8 +178,10 @@
"activemq.log.stack_trace": "",
"activemq.thread": "main",
"event.dataset": "activemq.log",
"event.kind": "event",
"event.module": "activemq",
"event.timezone": "-02:00",
"event.type": "info",
"fileset.name": "log",
"input.type": "log",
"log.level": "INFO",
Expand All @@ -173,8 +195,10 @@
"activemq.log.stack_trace": "",
"activemq.thread": "main",
"event.dataset": "activemq.log",
"event.kind": "event",
"event.module": "activemq",
"event.timezone": "-02:00",
"event.type": "info",
"fileset.name": "log",
"input.type": "log",
"log.level": "INFO",
Expand All @@ -188,8 +212,10 @@
"activemq.log.stack_trace": "",
"activemq.thread": "main",
"event.dataset": "activemq.log",
"event.kind": "event",
"event.module": "activemq",
"event.timezone": "-02:00",
"event.type": "info",
"fileset.name": "log",
"input.type": "log",
"log.level": "INFO",
Expand All @@ -203,8 +229,10 @@
"activemq.log.stack_trace": "",
"activemq.thread": "main",
"event.dataset": "activemq.log",
"event.kind": "event",
"event.module": "activemq",
"event.timezone": "-02:00",
"event.type": "info",
"fileset.name": "log",
"input.type": "log",
"log.level": "INFO",
Expand All @@ -218,8 +246,10 @@
"activemq.log.stack_trace": "",
"activemq.thread": "main",
"event.dataset": "activemq.log",
"event.kind": "event",
"event.module": "activemq",
"event.timezone": "-02:00",
"event.type": "info",
"fileset.name": "log",
"input.type": "log",
"log.level": "INFO",
Expand All @@ -233,8 +263,10 @@
"activemq.log.stack_trace": "",
"activemq.thread": "main",
"event.dataset": "activemq.log",
"event.kind": "event",
"event.module": "activemq",
"event.timezone": "-02:00",
"event.type": "info",
"fileset.name": "log",
"input.type": "log",
"log.level": "INFO",
Expand Down

0 comments on commit 7fe7288

Please sign in to comment.