Initialize Journalbeat (elastic#8277)

This is the first PR to initialize Journalbeat with minimal functionality. The architecture is mimicing Filebeat so it can be merged into FB in the future. It means it has multiple inputs which can share configuration (`backoff`, `backoff_factor`, etc.). Inputs can have multiple readers, each reader reads from a journal specified in the list of `paths`. The readers are not going to implement the interface `Harverster` until it's merged into Filebeat, because it would overcomplicate event publishing unnecessarily and would need to duplicate too much Filebeat code. Checkpointing is copied from Winlogbeat. Once the new registry file is merged, it will be migrated. Example configuration to read from the beginning of the local journal ```yml journalbeat.inputs: - paths: [] seek: head ``` Features * read from local journal, journal file and directory * position tracking by using check-pointing as it's done in Winlogbeat * seek to "tail", "head", "cursor" * minimal E2E tests * fields.yml and documentation Vendored: * github.com/coreos/go-systemd/sdjournal
leweafan · Oct 24, 2018 · e201baf · e201baf
1 parent 9daff72
commit e201baf
Show file tree

Hide file tree

Showing 51 changed files with 6,903 additions and 2 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -109,6 +109,12 @@ jobs:
       go: $GO_VERSION
       stage: test
 
+    # Journalbeat
+    - os: linux
+      env: TARGETS="-C journalbeat testsuite"
+      go: $GO_VERSION
+      stage: test
+
     # Generators
     - os: linux
       env: TARGETS="-C generator/metricbeat test"
@@ -156,10 +162,12 @@ addons:
   apt:
     update: true
     packages:
-      - python-virtualenv
+      - libc6-dev-i386
       - libpcap-dev
-      - xsltproc
+      - libsystemd-journal-dev
       - libxml2-utils
+      - python-virtualenv
+      - xsltproc
 
 before_install:
   - python --version

diff --git a/NOTICE.txt b/NOTICE.txt
@@ -231,6 +231,36 @@ COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
 IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
+--------------------------------------------------------------------
+Dependency: github.com/coreos/go-systemd
+Revision: eee3db372b31153ca0b90702e165948699803fd0
+License type (autodetected): Apache-2.0
+./vendor/github.com/coreos/go-systemd/LICENSE:
+--------------------------------------------------------------------
+Apache License 2.0
+
+-------NOTICE-----
+CoreOS Project
+Copyright 2018 CoreOS, Inc
+
+This product includes software developed at CoreOS, Inc.
+(http://www.coreos.com/).
+
+--------------------------------------------------------------------
+Dependency: github.com/coreos/pkg
+Revision: 97fdf19511ea361ae1c100dd393cc47f8dcfa1e1
+License type (autodetected): Apache-2.0
+./vendor/github.com/coreos/pkg/LICENSE:
+--------------------------------------------------------------------
+Apache License 2.0
+
+-------NOTICE-----
+CoreOS Project
+Copyright 2014 CoreOS, Inc
+
+This product includes software developed at CoreOS, Inc.
+(http://www.coreos.com/).
+
 --------------------------------------------------------------------
 Dependency: github.com/davecgh/go-spew
 Version: v1.1.0

diff --git a/journalbeat/.gitignore b/journalbeat/.gitignore
@@ -0,0 +1,9 @@
+/.idea
+/build
+.DS_Store
+.journalbeat_position
+/journalbeat
+/journalbeat.test
+*.pyc
+data/meta.json
+/*.journal
diff --git a/journalbeat/Makefile b/journalbeat/Makefile
@@ -0,0 +1,17 @@
+BEAT_NAME=journalbeat
+BEAT_TITLE=Journalbeat
+SYSTEM_TESTS=false
+TEST_ENVIRONMENT=false
+ES_BEATS?=..
+GOX_FLAGS=-cgo
+GOX_OS=linux
+
+# Path to the libbeat Makefile
+-include $(ES_BEATS)/libbeat/scripts/Makefile
+
+.PHONY: before-build
+before-build:
+
+# Collects all dependencies and then calls update
+.PHONY: collect
+collect:
diff --git a/journalbeat/README.md b/journalbeat/README.md
@@ -0,0 +1,5 @@
+# Journalbeat
+
+Journalbeat is an open source data collector to read and forward journal entries from Linuxes with systemd.
+
+## Getting started
diff --git a/journalbeat/_meta/beat.yml b/journalbeat/_meta/beat.yml
@@ -0,0 +1,45 @@
+###################### Journalbeat Configuration Example #########################
+
+# This file is an example configuration file highlighting only the most common
+# options. The journalbeat.reference.yml file from the same directory contains all the
+# supported options with more comments. You can use it as a reference.
+#
+# You can find the full configuration reference here:
+# https://www.elastic.co/guide/en/beats/journalbeat/index.html
+
+# For more available modules and options, please see the journalbeat.reference.yml sample
+# configuration file.
+
+#=========================== Journalbeat inputs =============================
+
+journalbeat.inputs:
+  # Paths that should be crawled and fetched. Possible values files and directories.
+  # When setting a directory, all journals under it are merged.
+  # When empty starts to read from local journal.
+- paths: []
+
+  # The number of seconds to wait before trying to read again from journals.
+  #backoff: 1s
+  # Multiplier of backoff value.
+  #backoff_factor: 2
+  # The maximum number of seconds to wait before attempting to read again from journals.
+  #max_backoff: 60s
+
+  # Position to start reading from journal. Valid values: head, tail, cursor
+  seek: tail
+
+#========================= Journalbeat global options ============================
+#journalbeat:
+  # Name of the registry file. If a relative path is used, it is considered relative to the
+  # data path.
+  #registry_file: registry
+
+  # The number of seconds to wait before trying to read again from journals.
+  #backoff: 1s
+  # Multiplier of backoff value.
+  #backoff_factor: 2
+  # The maximum number of seconds to wait before attempting to read again from journals.
+  #max_backoff: 60s
+
+  # Position to start reading from all journal. Possible values: head, tail, cursor
+  #seek: head