Skip to content

[8.x](backport #41410) [add_session_metadata] Always use correct code for backend in use. #41413

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mjwolf merged 1 commit into from
Oct 24, 2024
Merged

[8.x](backport #41410) [add_session_metadata] Always use correct code for backend in use. #41413

mjwolf merged 1 commit into from
Oct 24, 2024

Conversation

@mergify
Copy link
Contributor

@mergify mergify bot commented Oct 24, 2024
edited by zube bot
Loading

Proposed commit message

With the add_session_metadata processor, the config backend option and actual backend in use doesn't always match; the 'auto' option doesn't match a real backend (kernel_tracing, procfs). This fixes some logic so that when the 'auto' option is used, the processor will always follow the code path intended for whatever the actual backend is use is.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

None

How to test this PR locally

In the auditbeat config, set each of the available backend options for add_session_metadata processor ("auto", "kernel_tracking", "procfs"), and ensure the processor is enriching data correctly for each.

e.g., use this config

- module: auditd
  # Load audit rules from separate files. Same format as audit.rules(7).
  processors:
    - add_session_metadata:
        backend: "auto"
This is an automatic backport of pull request #41410 done by [Mergify](https://mergify.com).

@mjwolf @mergify
[add_session_metadata] Always use correct code for backend in use. (#…
1e02d03 
…41410)

With the add_session_metadata processor, the config backend option and actual backend in use doesn't always match; the 'auto' option doesn't match a real backend (kernel_tracing, procfs). This fixes some logic so that when the 'auto' option is used, the processor will always follow the code path intended for whatever the actual backend is use is.

(cherry picked from commit 0024b2c)
@mergify mergify bot requested a review from a team as a code owner October 24, 2024 06:31
@mergify mergify bot added the backport label Oct 24, 2024
@mergify mergify bot assigned mjwolf Oct 24, 2024
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Oct 24, 2024
@botelastic
Copy link

botelastic bot commented Oct 24, 2024

This pull request doesn't have a Team:<team> label.

@mjwolf mjwolf merged commit 9d23ff5 into 8.x Oct 24, 2024
@mjwolf mjwolf deleted the mergify/bp/8.x/pr-41410 branch October 24, 2024 06:58
@khushijain21 khushijain21 mentioned this pull request Jun 23, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mjwolf mjwolf mjwolf approved these changes

Assignees

@mjwolf mjwolf

Labels

backport needs_team Indicates that the issue/PR needs a Team:* label

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mjwolf