diff --git a/auditbeat/cmd/root.go b/auditbeat/cmd/root.go index a16be519cd5..89d0bfd20ca 100644 --- a/auditbeat/cmd/root.go +++ b/auditbeat/cmd/root.go @@ -24,12 +24,19 @@ import ( "github.com/elastic/beats/v7/auditbeat/core" "github.com/elastic/beats/v7/libbeat/cmd" "github.com/elastic/beats/v7/libbeat/cmd/instance" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/publisher/processing" "github.com/elastic/beats/v7/metricbeat/beater" "github.com/elastic/beats/v7/metricbeat/mb/module" ) -// Name of the beat (auditbeat). -const Name = "auditbeat" +const ( + // Name of the beat (auditbeat). + Name = "auditbeat" + + // ecsVersion specifies the version of ECS that Auditbeat is implementing. + ecsVersion = "1.5.0" +) // RootCmd for running auditbeat. var RootCmd *cmd.BeatsRootCmd @@ -40,6 +47,13 @@ var ShowCmd = &cobra.Command{ Short: "Show modules information", } +// withECSVersion is a modifier that adds ecs.version to events. +var withECSVersion = processing.WithFields(common.MapStr{ + "ecs": common.MapStr{ + "version": ecsVersion, + }, +}) + func init() { create := beater.Creator( beater.WithModuleOptions( @@ -51,6 +65,7 @@ func init() { RunFlags: runFlags, Name: Name, HasDashboards: true, + Processing: processing.MakeDefaultSupport(true, withECSVersion, processing.WithHost, processing.WithAgentMeta()), } RootCmd = cmd.GenRootCmdWithSettings(create, settings) RootCmd.AddCommand(ShowCmd) diff --git a/auditbeat/main.go b/auditbeat/main.go index 9937e2d42fe..85353ea693e 100644 --- a/auditbeat/main.go +++ b/auditbeat/main.go @@ -22,10 +22,6 @@ import ( "github.com/elastic/beats/v7/auditbeat/cmd" - // Register modules. - _ "github.com/elastic/beats/v7/auditbeat/module/auditd" - _ "github.com/elastic/beats/v7/auditbeat/module/file_integrity" - // Register includes. _ "github.com/elastic/beats/v7/auditbeat/include" ) diff --git a/packetbeat/cmd/root.go b/packetbeat/cmd/root.go index addc5fe5ad6..82ab41da374 100644 --- a/packetbeat/cmd/root.go +++ b/packetbeat/cmd/root.go @@ -22,16 +22,30 @@ import ( "github.com/spf13/pflag" - // import protocol modules - _ "github.com/elastic/beats/v7/packetbeat/include" - cmd "github.com/elastic/beats/v7/libbeat/cmd" "github.com/elastic/beats/v7/libbeat/cmd/instance" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/publisher/processing" "github.com/elastic/beats/v7/packetbeat/beater" + + // Register fields and protocol modules. + _ "github.com/elastic/beats/v7/packetbeat/include" +) + +const ( + // Name of this beat. + Name = "packetbeat" + + // ecsVersion specifies the version of ECS that Packetbeat is implementing. + ecsVersion = "1.5.0" ) -// Name of this beat -var Name = "packetbeat" +// withECSVersion is a modifier that adds ecs.version to events. +var withECSVersion = processing.WithFields(common.MapStr{ + "ecs": common.MapStr{ + "version": ecsVersion, + }, +}) // RootCmd to handle beats cli var RootCmd *cmd.BeatsRootCmd @@ -48,6 +62,7 @@ func init() { RunFlags: runFlags, Name: Name, HasDashboards: true, + Processing: processing.MakeDefaultSupport(true, withECSVersion, processing.WithHost, processing.WithAgentMeta()), } RootCmd = cmd.GenRootCmdWithSettings(beater.New, settings) RootCmd.AddCommand(genDevicesCommand()) diff --git a/winlogbeat/cmd/root.go b/winlogbeat/cmd/root.go index ecc3aa8e38f..7e25e717813 100644 --- a/winlogbeat/cmd/root.go +++ b/winlogbeat/cmd/root.go @@ -20,6 +20,7 @@ package cmd import ( "github.com/elastic/beats/v7/libbeat/cmd" "github.com/elastic/beats/v7/libbeat/cmd/instance" + "github.com/elastic/beats/v7/libbeat/common" "github.com/elastic/beats/v7/libbeat/publisher/processing" "github.com/elastic/beats/v7/winlogbeat/beater" @@ -32,12 +33,24 @@ import ( _ "github.com/elastic/beats/v7/winlogbeat/processors/script/javascript/module/winlogbeat" ) -// Name of this beat -var Name = "winlogbeat" +const ( + // Name of this beat. + Name = "winlogbeat" -// RootCmd to handle beats cli + // ecsVersion specifies the version of ECS that Winlogbeat is implementing. + ecsVersion = "1.5.0" +) + +// withECSVersion is a modifier that adds ecs.version to events. +var withECSVersion = processing.WithFields(common.MapStr{ + "ecs": common.MapStr{ + "version": ecsVersion, + }, +}) + +// RootCmd to handle beats CLI. var RootCmd = cmd.GenRootCmdWithSettings(beater.New, instance.Settings{ Name: Name, HasDashboards: true, - Processing: processing.MakeDefaultSupport(true, processing.WithECS, processing.WithAgentMeta()), + Processing: processing.MakeDefaultSupport(true, withECSVersion, processing.WithAgentMeta()), })