Tags: elastic/beats
Tags
[8.19](backport #45730) Fix panic in winlog input (#45738) * Fix panic in winlog input (#45730) Fixes a panic in the winlog input that happened because of a conflict in the internal id of its metrics registry #45693. When checking whether a registry input id already exists, the check didn't include the ids of input registries with "nested" type (which are unreported containers for cursor-based inputs that can have several sub-inputs inside). This is usually not a problem because the default (and what most inputs use even when overriding their id, e.g. I think this is why it probably didn't hit the GCP input) is to use a scoped id like "input_id::source_id", so they don't conflict with the container which has bare id "input_id". This hit winlog in particular because: - winlog always uses a source id that is the same as its input id - winlog still used the global input metrics helpers in the `inputmon` package instead of the metrics registry provided by the Filebeat inputs API - winlog is the only input that did not add a scope prefix on the id provided to `inputmon.NewInputRegistry`, so the globally-created registry conflicted with the input manager's container (and this conflict was missed because of the missed "nested" type check above). Fixing the missed "nested" collision check would prevent the input panic, but the collision itself would still exist and prevent winlog input metrics from being reported. This PR both fixes the missed "nested" conflict check and removes the deprecated global metrics call from the winlog input, replacing it with the API-provided registry. (cherry picked from commit 4081f24) # Conflicts: # winlogbeat/eventlog/metrics.go # winlogbeat/eventlog/wineventlog.go * fix merge * fix merge for raw event logs that only exist in 8.x * remove nil access of unused field --------- Co-authored-by: Fae Charlton <fae.charlton@elastic.co>
[9.1](backport #45730) Fix panic in winlog input (#45741) * Fix panic in winlog input (#45730) Fixes a panic in the winlog input that happened because of a conflict in the internal id of its metrics registry #45693. When checking whether a registry input id already exists, the check didn't include the ids of input registries with "nested" type (which are unreported containers for cursor-based inputs that can have several sub-inputs inside). This is usually not a problem because the default (and what most inputs use even when overriding their id, e.g. I think this is why it probably didn't hit the GCP input) is to use a scoped id like "input_id::source_id", so they don't conflict with the container which has bare id "input_id". This hit winlog in particular because: - winlog always uses a source id that is the same as its input id - winlog still used the global input metrics helpers in the `inputmon` package instead of the metrics registry provided by the Filebeat inputs API - winlog is the only input that did not add a scope prefix on the id provided to `inputmon.NewInputRegistry`, so the globally-created registry conflicted with the input manager's container (and this conflict was missed because of the missed "nested" type check above). Fixing the missed "nested" collision check would prevent the input panic, but the collision itself would still exist and prevent winlog input metrics from being reported. This PR both fixes the missed "nested" conflict check and removes the deprecated global metrics call from the winlog input, replacing it with the API-provided registry. (cherry picked from commit 4081f24) * fix changelog merge --------- Co-authored-by: Fae Charlton <fae.charlton@elastic.co>
[updatecli] update elastic stack version for testing 9.1.0-f0edf796 (#… …45487) * chore: Update snapshot.yml Made with ❤️️ by updatecli * chore: Update snapshot.yml Made with ❤️️ by updatecli * chore: Update snapshot.yml Made with ❤️️ by updatecli --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
[updatecli] update elastic stack version for testing 9.0.4-dc60d9cc (#… …45369) * chore: Update snapshot.yml Made with ❤️️ by updatecli * chore: Update snapshot.yml Made with ❤️️ by updatecli * chore: Update snapshot.yml Made with ❤️️ by updatecli --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
[8.18](backport #42398) Handle leak of process info in `hostfs` provi… …der for `add_session_metadata` (#45322) * Handle leak of process info in `hostfs` provider for `add_session_metadata` (#42398) * handle leak in hostfs provider for sessionmd * add metrics, clean up * fix tests * add process reaper for dropped exit events * remove test code * linter * more testing, fix mock provider * fix error checks * clean up, add session maps to reaper, expand metrics * fix tests * fix tests * format * docs (cherry picked from commit d6ff82b) * Handle overflows We now check for G115, most overflows are impossible, like converting s63 seconds to u64 seconds for date (will overflow in 292 billion years). Pids are actually 32bit in the kernel so casting * -> u32 is safe. This is a backport, and I'd hate to introduce a bug by adding unecessarily overflow handling. --------- Co-authored-by: Alex K. <8418476+fearful-symmetry@users.noreply.github.com> Co-authored-by: Christiano Haesbaert <haesbaert@elastic.co>
[updatecli] update elastic stack version for testing 9.0.3-1626454d (#… …44879) * chore: Update snapshot.yml Made with ❤️️ by updatecli * chore: Update snapshot.yml Made with ❤️️ by updatecli --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
PreviousNext