Skip to content

Commit

Permalink
Specify an ECS version in Auditbeat/Packetbeat/Winlogbeat
Browse files Browse the repository at this point in the history 
When we update the Beat (include all of its modules) we will then bump the ECS
version that it includes in events.

I went for a less granular approach than what is being used in Filebeat because
I think it's desirable to move a whole beat to a new ECS version "at once" and
more realistic to do so with these Beats that have fewer updates. By "at once" I
mean we won't release a version that is partially updated. This implies that if
we will be making multiple commits that we should use a feature branch to
ensure the update is atomic.

Closes #17688
  • Loading branch information
@andrewkroh
andrewkroh committed Jul 13, 2020
1 parent de04ed7 commit ae6beb1
Show file tree
Hide file tree
Showing 4 changed files with 57 additions and 18 deletions.
22 changes: 20 additions & 2 deletions auditbeat/cmd/root.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,22 @@ import (
"github.com/elastic/beats/v7/auditbeat/core"
"github.com/elastic/beats/v7/libbeat/cmd"
"github.com/elastic/beats/v7/libbeat/cmd/instance"
"github.com/elastic/beats/v7/libbeat/common"
"github.com/elastic/beats/v7/libbeat/publisher/processing"
"github.com/elastic/beats/v7/metricbeat/beater"
"github.com/elastic/beats/v7/metricbeat/mb/module"

// Register includes.
_ "github.com/elastic/beats/v7/auditbeat/include"
)

// Name of the beat (auditbeat).
const Name = "auditbeat"
const (
// Name of the beat (auditbeat).
Name = "auditbeat"

// ecsVersion specifies the version of ECS that Auditbeat is implementing.
ecsVersion = "1.5.0"
)

// RootCmd for running auditbeat.
var RootCmd *cmd.BeatsRootCmd
Expand All @@ -40,6 +50,13 @@ var ShowCmd = &cobra.Command{
Short: "Show modules information",
}

// withECSVersion is a modifier that adds ecs.version to events.
var withECSVersion = processing.WithFields(common.MapStr{
"ecs": common.MapStr{
"version": ecsVersion,
},
})

func init() {
create := beater.Creator(
beater.WithModuleOptions(
Expand All @@ -51,6 +68,7 @@ func init() {
RunFlags: runFlags,
Name: Name,
HasDashboards: true,
Processing: processing.MakeDefaultSupport(true, withECSVersion, processing.WithHost, processing.WithAgentMeta()),
}
RootCmd = cmd.GenRootCmdWithSettings(create, settings)
RootCmd.AddCommand(ShowCmd)
Expand Down
7 changes: 0 additions & 7 deletions auditbeat/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,6 @@ import (
"os"

"github.com/elastic/beats/v7/auditbeat/cmd"

// Register modules.
_ "github.com/elastic/beats/v7/auditbeat/module/auditd"
_ "github.com/elastic/beats/v7/auditbeat/module/file_integrity"

// Register includes.
_ "github.com/elastic/beats/v7/auditbeat/include"
)

func main() {
Expand Down
25 changes: 20 additions & 5 deletions packetbeat/cmd/root.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,16 +22,30 @@ import (

"github.com/spf13/pflag"

// import protocol modules
_ "github.com/elastic/beats/v7/packetbeat/include"

cmd "github.com/elastic/beats/v7/libbeat/cmd"
"github.com/elastic/beats/v7/libbeat/cmd/instance"
"github.com/elastic/beats/v7/libbeat/common"
"github.com/elastic/beats/v7/libbeat/publisher/processing"
"github.com/elastic/beats/v7/packetbeat/beater"

// Register fields and protocol modules.
_ "github.com/elastic/beats/v7/packetbeat/include"
)

const (
// Name of this beat.
Name = "packetbeat"

// ecsVersion specifies the version of ECS that Packetbeat is implementing.
ecsVersion = "1.5.0"
)

// Name of this beat
var Name = "packetbeat"
// withECSVersion is a modifier that adds ecs.version to events.
var withECSVersion = processing.WithFields(common.MapStr{
"ecs": common.MapStr{
"version": ecsVersion,
},
})

// RootCmd to handle beats cli
var RootCmd *cmd.BeatsRootCmd
Expand All @@ -48,6 +62,7 @@ func init() {
RunFlags: runFlags,
Name: Name,
HasDashboards: true,
Processing: processing.MakeDefaultSupport(true, withECSVersion, processing.WithHost, processing.WithAgentMeta()),
}
RootCmd = cmd.GenRootCmdWithSettings(beater.New, settings)
RootCmd.AddCommand(genDevicesCommand())
Expand Down
21 changes: 17 additions & 4 deletions winlogbeat/cmd/root.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ package cmd
import (
"github.com/elastic/beats/v7/libbeat/cmd"
"github.com/elastic/beats/v7/libbeat/cmd/instance"
"github.com/elastic/beats/v7/libbeat/common"
"github.com/elastic/beats/v7/libbeat/publisher/processing"
"github.com/elastic/beats/v7/winlogbeat/beater"

Expand All @@ -32,12 +33,24 @@ import (
_ "github.com/elastic/beats/v7/winlogbeat/processors/script/javascript/module/winlogbeat"
)

// Name of this beat
var Name = "winlogbeat"
const (
// Name of this beat.
Name = "winlogbeat"

// RootCmd to handle beats cli
// ecsVersion specifies the version of ECS that Winlogbeat is implementing.
ecsVersion = "1.5.0"
)

// withECSVersion is a modifier that adds ecs.version to events.
var withECSVersion = processing.WithFields(common.MapStr{
"ecs": common.MapStr{
"version": ecsVersion,
},
})

// RootCmd to handle beats CLI.
var RootCmd = cmd.GenRootCmdWithSettings(beater.New, instance.Settings{
Name: Name,
HasDashboards: true,
Processing: processing.MakeDefaultSupport(true, processing.WithECS, processing.WithAgentMeta()),
Processing: processing.MakeDefaultSupport(true, withECSVersion, processing.WithAgentMeta()),
})

0 comments on commit ae6beb1

Please sign in to comment.