From 249dd2ed5a606db1f1c54f785afabefbc785fe94 Mon Sep 17 00:00:00 2001 From: radoondas Date: Mon, 26 Aug 2019 16:13:30 +0200 Subject: [PATCH] Upgrade to 7.3.1 --- glide.yaml | 2 +- .../beats/CHANGELOG-developer.asciidoc | 33 ++ .../beats/CHANGELOG-developer.next.asciidoc | 1 - .../elastic/beats/CHANGELOG.asciidoc | 457 +++++++++++++++++- .../elastic/beats/CHANGELOG.next.asciidoc | 123 +---- .../beats/auditbeat/docker-compose.yml | 1 - .../windows/install-service.ps1.tmpl | 2 +- .../docs/devguide/newdashboards.asciidoc | 22 +- .../module/postgresql/log/config/log.yml | 2 +- .../postgresql-9.6-debian-with-slowlog.log | 3 + ...-9.6-debian-with-slowlog.log-expected.json | 21 + .../system/config/certificates/beats1.crt | 32 +- .../system/config/certificates/beats1.key | 52 +- .../system/config/certificates/beats2.crt | 32 +- .../system/config/certificates/beats2.key | 52 +- .../system/config/certificates/cacert.crt | 43 +- .../system/config/certificates/cacert.key | 50 +- .../system/config/certificates/cacert.srl | 2 +- .../system/config/certificates/client1.crt | 87 ++-- .../system/config/certificates/client1.csr | 24 +- .../system/config/certificates/client1.key | 50 +- .../system/config/certificates/client2.crt | 87 ++-- .../system/config/certificates/client2.csr | 24 +- .../system/config/certificates/client2.key | 50 +- .../libbeat/docs/highlights-7.3.0.asciidoc | 118 +++++ .../beats/libbeat/docs/highlights.asciidoc | 4 + .../docs/monitoring/monitoring-beats.asciidoc | 82 +--- .../monitoring-internal-collection.asciidoc | 78 +++ .../monitoring/monitoring-metricbeat.asciidoc | 252 ++++++++++ .../monitoring/shared-monitor-config.asciidoc | 35 +- .../beats/libbeat/docs/outputconfig.asciidoc | 8 +- .../libbeat/docs/processors-using.asciidoc | 11 +- .../beats/libbeat/docs/release.asciidoc | 5 + .../libbeat/docs/security/basic-auth.asciidoc | 4 +- .../libbeat/docs/security/users.asciidoc | 341 ++++++++----- .../docs/shared-template-load.asciidoc | 12 +- .../beats/libbeat/docs/upgrading.asciidoc | 15 +- .../beats/libbeat/docs/version.asciidoc | 2 +- .../processors/actions/decode_base64_field.go | 72 ++- .../actions/decode_base64_field_test.go | 18 +- .../elastic/beats/libbeat/version/version.go | 2 +- .../metricbeat/docs/modules/beat.asciidoc | 55 +++ .../docs/modules/beat/state.asciidoc | 21 + .../docs/modules/beat/stats.asciidoc | 21 + .../metricbeat/docs/modules_list.asciidoc | 4 + .../module/beat/_meta/docs.asciidoc | 8 + .../beats/metricbeat/module/beat/beat.go | 11 + .../module/beat/state/_meta/docs.asciidoc | 1 + .../module/beat/state/data_xpack.go | 39 +- .../module/beat/stats/_meta/docs.asciidoc | 1 + .../module/beat/stats/data_xpack.go | 15 +- .../metricbeat/module/logstash/logstash.go | 5 +- .../module/logstash/node_stats/data_xpack.go | 19 +- .../metricbeat/tests/system/test_beat.py | 9 +- .../beats/testing/environments/latest.yml | 6 +- .../testing/environments/snapshot-oss.yml | 6 +- .../beats/testing/environments/snapshot.yml | 6 +- .../beats/x-pack/auditbeat/docker-compose.yml | 1 - ...urity-windows2012r2-logon.evtx.golden.json | 36 +- .../testdata/sysmon-9.01.evtx.golden.json | 136 +++--- .../winlogbeat/module/testing_windows.go | 53 +- 61 files changed, 1953 insertions(+), 811 deletions(-) create mode 100644 vendor/github.com/elastic/beats/libbeat/docs/highlights-7.3.0.asciidoc create mode 100644 vendor/github.com/elastic/beats/libbeat/docs/monitoring/monitoring-internal-collection.asciidoc create mode 100644 vendor/github.com/elastic/beats/libbeat/docs/monitoring/monitoring-metricbeat.asciidoc create mode 100644 vendor/github.com/elastic/beats/metricbeat/docs/modules/beat.asciidoc create mode 100644 vendor/github.com/elastic/beats/metricbeat/docs/modules/beat/state.asciidoc create mode 100644 vendor/github.com/elastic/beats/metricbeat/docs/modules/beat/stats.asciidoc create mode 100644 vendor/github.com/elastic/beats/metricbeat/module/beat/_meta/docs.asciidoc create mode 100644 vendor/github.com/elastic/beats/metricbeat/module/beat/state/_meta/docs.asciidoc create mode 100644 vendor/github.com/elastic/beats/metricbeat/module/beat/stats/_meta/docs.asciidoc diff --git a/glide.yaml b/glide.yaml index c3730e9a..e4cd50de 100644 --- a/glide.yaml +++ b/glide.yaml @@ -1,6 +1,6 @@ package: github.com/radoondas/safecastbeat import: - package: github.com/elastic/beats - version: v7.3.0 + version: v7.3.1 - package: github.com/magefile/mage version: v1.8.0 diff --git a/vendor/github.com/elastic/beats/CHANGELOG-developer.asciidoc b/vendor/github.com/elastic/beats/CHANGELOG-developer.asciidoc index 607a20c0..e8f90315 100644 --- a/vendor/github.com/elastic/beats/CHANGELOG-developer.asciidoc +++ b/vendor/github.com/elastic/beats/CHANGELOG-developer.asciidoc @@ -12,6 +12,39 @@ other Beats should be migrated. Note: This changelog was only started after the 6.3 release. +=== Beats version 7.3.0 +https://github.com/elastic/beats/compare/v7.2.1..v7.3.0[Check the HEAD diff] + +==== Added + +- Add new option `IgnoreAllErrors` to `libbeat.common.schema` for skipping fields that failed while converting. {pull}12089[12089] + +=== Beats version 7.2.1 +https://github.com/elastic/beats/compare/v7.2.0..v7.2.1[Check the HEAD diff] + +=== Beats version 7.2.0 +https://github.com/elastic/beats/compare/v7.1.1..v7.2.0[Check the HEAD diff] + +==== Breaking changes + +- Move Fields from package libbeat/common to libbeat/mapping. {pull}11198[11198] + +==== Added + +- Metricset generator generates beta modules by default now. {pull}10657[10657] +- The `beat.Event` accessor methods now support `@metadata` keys. {pull}10761[10761] +- Assertion for documented fields in tests fails if any of the fields in the tested event is documented as an alias. {pull}10921[10921] +- Support for Logger in the Metricset base instance. {pull}11106[11106] +- Filebeat modules can now use ingest pipelines in YAML format. {pull}11209[11209] +- Prometheus helper for metricbeat contains now `Namespace` field for `prometheus.MetricsMappings` {pull}11424[11424] +- Update Jinja2 version to 2.10.1. {pull}11817[11817] +- Reduce idxmgmt.Supporter interface and rework export commands to reuse logic. {pull}11777[11777],{pull}12065[12065],{pull}12067[12067],{pull}12160[12160] +- Update urllib3 version to 1.24.2 {pull}11930[11930] +- Add libbeat/common/cleanup package. {pull}12134[12134] +- Only Load minimal template if no fields are provided. {pull}12103[12103] +- Add new option `IgnoreAllErrors` to `libbeat.common.schema` for skipping fields that failed while converting. {pull}12089[12089] +- Deprecate setup cmds for `template` and `ilm-policy`. Add new setup cmd for `index-management`. {pull}12132[12132] + === Beats version 7.1.1 https://github.com/elastic/beats/compare/v7.1.0..v7.1.1[Check the HEAD diff] diff --git a/vendor/github.com/elastic/beats/CHANGELOG-developer.next.asciidoc b/vendor/github.com/elastic/beats/CHANGELOG-developer.next.asciidoc index ad2b9647..33000546 100644 --- a/vendor/github.com/elastic/beats/CHANGELOG-developer.next.asciidoc +++ b/vendor/github.com/elastic/beats/CHANGELOG-developer.next.asciidoc @@ -38,7 +38,6 @@ The list below covers the major changes between 7.0.0-rc2 and master only. - Add libbeat/common/cleanup package. {pull}12134[12134] - New helper to check for leaked goroutines on tests. {pull}12106[12106] - Only Load minimal template if no fields are provided. {pull}12103[12103] -- Add new option `IgnoreAllErrors` to `libbeat.common.schema` for skipping fields that failed while converting. {pull}12089[12089] - Deprecate setup cmds for `template` and `ilm-policy`. Add new setup cmd for `index-management`. {pull}12132[12132] - Use the go-lookslike library for testing in heartbeat. Eventually the mapval package will be replaced with it. {pull}12540[12540] - New ReporterV2 interfaces that can receive a context on `Fetch(ctx, reporter)`, or `Run(ctx, reporter)`. {pull}11981[11981] diff --git a/vendor/github.com/elastic/beats/CHANGELOG.asciidoc b/vendor/github.com/elastic/beats/CHANGELOG.asciidoc index 4248d435..dbc23b6b 100644 --- a/vendor/github.com/elastic/beats/CHANGELOG.asciidoc +++ b/vendor/github.com/elastic/beats/CHANGELOG.asciidoc @@ -3,6 +3,389 @@ :issue: https://github.com/elastic/beats/issues/ :pull: https://github.com/elastic/beats/pull/ +[[release-notes-7.3.0]] +=== Beats version 7.3.0 +https://github.com/elastic/beats/compare/v7.2.0...v7.3.0[View commits] + +==== Breaking changes + +*Affecting all Beats* + +- Update to ECS 1.0.1. {pull}12284[12284] {pull}12317[12317] +- Default of output.kafka.metadata.full is set to false by now. This reduced the amount of metadata to be queried from a kafka cluster. {pull}12738[12738] + +*Filebeat* + +- `convert_timezone` option is removed and locale is always added to the event so timezone is used when parsing the timestamp, this behaviour can be overriden with processors. {pull}12410[12410] + +==== Bugfixes + +*Affecting all Beats* + +- Fix typo in TLS renegotiation configuration and setting the option correctly {issue}10871[10871], {pull}12354[12354] +- Add configurable bulk_flush_frequency in kafka output. {pull}12254[12254] +- Fixed setting bulk max size in kafka output. {pull}12254[12254] +- Add additional nil pointer checks to Docker client code to deal with vSphere Integrated Containers {pull}12628[12628] +- Fix seccomp policy preventing some features to function properly on 32bit Linux systems. {issue}12990[12990] {pull}13008[13008] + +*Auditbeat* + +- Package dataset: Close librpm handle. {pull}12215[12215] +- Package dataset: Improve dpkg parsing. {pull}12325[12325] +- Host dataset: Fix reboot detection logic. {pull}12591[12591] +- Add syscalls used by librpm for the system/package dataset to the default Auditbeat seccomp policy. {issue}12578[12578] {pull}12617[12617] +- Host dataset: Export Host fields to gob encoder. {pull}12940[12940] + +*Filebeat* + +- Parse timezone in PostgreSQL logs as part of the timestamp {pull}12338[12338] +- When TLS is configured for the TCP input and a `certificate_authorities` is configured we now default to `required` for the `client_authentication`. {pull}12584[12584] +- Syslog input will now omit the `process` object from events if it is empty. {pull}12700[12700] +- Apply `max_message_size` to incoming message buffer. {pull}11966[11966] + +*Heartbeat* + + +*Journalbeat* + +- Iterate over journal correctly, so no duplicate entries are sent. {pull}12716[12716] +- Preserve host name when reading from remote journal. {pull}12714[12714] + +*Metricbeat* + +- Refactored Windows perfmon metricset: replaced method to retrieve counter paths with PdhExpandWildCardPathW, separated code by responsibility, removed unused functions {pull}12212[12212] +- Validate that kibana/status metricset cannot be used when xpack is enabled. {pull}12264[12264] +- In the kibana/stats metricset, only log error (don't also index it) if xpack is enabled. {pull}12265[12265] +- Fix an issue listing all processes when run under Windows as a non-privileged user. {issue}12301[12301] {pull}12475[12475] +- When TLS is configured for the http metricset and a `certificate_authorities` is configured we now default to `required` for the `client_authentication`. {pull}12584[12584] +- Reuse connections in PostgreSQL metricsets. {issue}12504[12504] {pull}12603[12603] +- PdhExpandWildCardPathW will not expand counter paths in 32 bit windows systems, workaround will use a different function.{issue}12590[12590]{pull}12622[12622] +- Print errors that were being omitted in vSphere metricsets {pull}12816[12816] +- In the elasticsearch/node_stats metricset, if xpack is enabled, make parsing of ES node load average optional as ES on Windows doesn't report load average. {pull}12866[12866] +- Fix incoherent behaviour in redis key metricset when keyspace is specified both in host URL and key pattern {pull}12913[12913] +- Fix connections leak in redis module {pull}12914[12914] {pull}12950[12950] + +*Packetbeat* + + +==== Added + +*Affecting all Beats* + +- Add `proxy_disable` output flag to explicitly ignore proxy environment variables. {issue}11713[11713] {pull}12243[12243] +- Processor `add_cloud_metadata` adds fields `cloud.account.id` and `cloud.image.id` for AWS EC2. {pull}12307[12307] +- Add `decode_base64_field` processor for decoding base64 field. {pull}11914[11914] +- Add aws overview dashboard. {issue}11007[11007] {pull}12175[12175] +- Add `decompress_gzip_field` processor. {pull}12733[12733] +- Add `timestamp` processor for parsing time fields. {pull}12699[12699] +- Add Oracle Tablespaces Dashboard {pull}12736[12736] +- Add `proxy_disable` output flag to explicitly ignore proxy environment variables. {issue}11713[11713] {pull}12243[12243] + +*Auditbeat* + + +*Filebeat* + +- Add timeouts on communication with docker daemon. {pull}12310[12310] +- Add specific date processor to convert timezones so same pipeline can be used when convert_timezone is enabled or disabled. {pull}12253[12253] +- Add MSSQL module {pull}12079[12079] +- Add ISO8601 date parsing support for system module. {pull}12568[12568] {pull}12578[12579] +- Update Kubernetes deployment manifest to use `container` input. {pull}12632[12632] +- Add `google-pubsub` input type for consuming messages from a Google Cloud Pub/Sub topic subscription. {pull}12746[12746] +- Add module for ingesting Cisco IOS logs over syslog. {pull}12748[12748] +- Add module for ingesting Google Cloud VPC flow logs. {pull}12747[12747] +- Report host metadata for Filebeat logs in Kubernetes. {pull}12790[12790] + +*Metricbeat* + +- Add overview dashboard to Consul module {pull}10665[10665] +- New fields were added in the mysql/status metricset. {pull}12227[12227] +- Add Kubernetes metricset `proxy`. {pull}12312[12312] +- Always report Pod UID in the `pod` metricset. {pull}12345[12345] +- Add Vsphere Virtual Machine operating system to `os` field in Vsphere virtualmachine module. {pull}12391[12391] +- Add CockroachDB module. {pull}12467[12467] +- Add support for metricbeat modules based on existing modules (a.k.a. light modules) {issue}12270[12270] {pull}12465[12465] +- Add a system/entropy metricset {pull}12450[12450] +- Add kubernetes metricset `controllermanager` {pull}12409[12409] +- Allow redis URL format in redis hosts config. {pull}12408[12408] +- Add tags into ec2 metricset. {issue}[12263]12263 {pull}12372[12372] +- Add kubernetes metricset `scheduler` {pull}12521[12521] +- Add Kubernetes scheduler dashboard to Kubernetes module {pull}12749[12749] +- Add `beat` module. {pull}12181[12181] {pull}12615[12615] +- Collect tags for cloudwatch metricset in aws module. {issue}[12263]12263 {pull}12480[12480] +- Add AWS RDS metricset. {pull}11620[11620] {issue}10054[10054] +- Add Oracle Module {pull}11890[11890] +- Add Kubernetes proxy dashboard to Kubernetes module {pull}12734[12734] +- Add Kubernetes controller manager dashboard to Kubernetes module {pull}12744[12744] + +*Functionbeat* + +- Export automation templates used to create functions. {pull}11923[11923] +- Configurable Amazon endpoint. {pull}12369[12369] + +==== Deprecated + +*Filebeat* + +- `postgresql.log.timestamp` field is deprecated in favour of `@timestamp`. {pull}12338[12338] + +[[release-notes-7.2.1]] +=== Beats version 7.2.1 +https://github.com/elastic/beats/compare/v7.2.0...v7.2.1[View commits] + +==== Bugfixes + +*Affecting all Beats* + +- Fix Central Management enroll under Windows {issue}12797[12797] {pull}12799[12799] +- Fixed a crash under Windows when fetching processes information. {pull}12833[12833] + +*Filebeat* + +- Add support for client addresses with port in Apache error logs {pull}12695[12695] +- Load correct pipelines when system module is configured in modules.d. {pull}12340[12340] + +*Metricbeat* + +- Fix wrong uptime reporting by system/uptime metricset under Windows. {pull}12915[12915] + +*Packetbeat* + +- Limit memory usage of Redis replication sessions. {issue}12657[12657] + +[[release-notes-7.2.0]] +=== Beats version 7.2.0 +https://github.com/elastic/beats/compare/v7.1.1...v7.2.0[View commits] + +==== Breaking changes + +*Affecting all Beats* + +- Update to Golang 1.12.4. {pull}11782[11782] + +*Auditbeat* + +- Auditd module: Normalized value of `event.category` field from `user-login` to `authentication`. {pull}11432[11432] +- Auditd module: Unset `auditd.session` and `user.audit.id` fields are removed from audit events. {issue}11431[11431] {pull}11815[11815] +- Socket dataset: Exclude localhost by default {pull}11993[11993] + +*Filebeat* + +- Add read_buffer configuration option. {pull}11739[11739] + +*Heartbeat* + +- Removed the `add_host_metadata` and `add_cloud_metadata` processors from the default config. These don't fit well with ECS for Heartbeat and were rarely used. + +*Journalbeat* + +*Metricbeat* + +- Add new option `OpMultiplyBuckets` to scale histogram buckets to avoid decimal points in final events {pull}10994[10994] +- system/raid metricset now uses /sys/block instead of /proc/mdstat for data. {pull}11613[11613] + +*Packetbeat* + +- Add support for mongodb opcode 2013 (OP_MSG). {issue}6191[6191] {pull}8594[8594] +- NFSv4: Always use opname `ILLEGAL` when failed to match request to a valid nfs operation. {pull}11503[11503] + +*Winlogbeat* + +*Functionbeat* + +==== Bugfixes + +*Affecting all Beats* + +- Ensure all beat commands respect configured settings. {pull}10721[10721] +- Add missing fields and test cases for libbeat add_kubernetes_metadata processor. {issue}11133[11133], {pull}11134[11134] +- decode_json_field: process objects and arrays only {pull}11312[11312] +- decode_json_field: do not process arrays when flag not set. {pull}11318[11318] +- Report faulting file when config reload fails. {pull}11304[11304] +- Fix a typo in libbeat/outputs/transport/client.go by updating `c.conn.LocalAddr()` to `c.conn.RemoteAddr()`. {pull}11242[11242] +- Management configuration backup file will now have a timestamps in their name. {pull}11034[11034] +- [CM] Parse enrollment_token response correctly {pull}11648[11648] +- Not hiding error in case of http failure using elastic fetcher {pull}11604[11604] +- Escape BOM on JsonReader before trying to decode line {pull}11661[11661] +- Fix matching of string arrays in contains condition. {pull}11691[11691] +- Replace wmi queries with win32 api calls as they were consuming CPU resources {issue}3249[3249] and {issue}11840[11840] +- Fix queue.spool.write.flush.events config type. {pull}12080[12080] +- Fixed a memory leak when using the add_process_metadata processor under Windows. {pull}12100[12100] +- Fix of docker json parser for missing "log" jsonkey in docker container's log {issue}11464[11464] +- Fixed Beat ID being reported by GET / API. {pull}12180[12180] +- Add host.os.codename to fields.yml. {pull}12261[12261] +- Fix `@timestamp` being duplicated in events if `@timestamp` is set in a + processor (or by any code utilizing `PutValue()` on a `beat.Event`). +- Fix leak in script processor when using Javascript functions in a processor chain. {pull}12600[12600] + +*Auditbeat* + +- Process dataset: Fixed a memory leak under Windows. {pull}12100[12100] +- Login dataset: Fix re-read of utmp files. {pull}12028[12028] +- Package dataset: Fixed a crash inside librpm after Auditbeat has been running for a while. {issue}12147[12147] {pull}12168[12168] +- Fix formatting of config files on macOS and Windows. {pull}12148[12148] +- Fix direction of incoming IPv6 sockets. {pull}12248[12248] +- Package dataset: Auto-detect package directories. {pull}12289[12289] +- System module: Start system module without host ID. {pull}12373[12373] + +*Filebeat* + +- Add support for Cisco syslog format used by their switch. {pull}10760[10760] +- Cover empty request data, url and version in Apache2 module{pull}10730[10730] +- Fix registry entries not being cleaned due to race conditions. {pull}10747[10747] +- Improve detection of file deletion on Windows. {pull}10747[10747] +- Add missing Kubernetes metadata fields to Filebeat CoreDNS module, and fix a documentation error. {pull}11591[11591] +- Reduce memory usage if long lines are truncated to fit `max_bytes` limit. The line buffer is copied into a smaller buffer now. This allows the runtime to release unused memory earlier. {pull}11524[11524] +- Fix memory leak in Filebeat pipeline acker. {pull}12063[12063] +- Fix goroutine leak caused on initialization failures of log input. {pull}12125[12125] +- Fix goroutine leak on non-explicit finalization of log input. {pull}12164[12164] +- Require client_auth by default when ssl is enabled for tcp input {pull}12333[12333] +- Fix timezone offset parsing in system/syslog. {pull}12529[12529] + +*Heartbeat* + +- Fix NPEs / resource leaks when executing config checks. {pull}11165[11165] +- Fix duplicated IPs on `mode: all` monitors. {pull}12458[12458] + +*Journalbeat* + +- Use backoff when no new events are found. {pull}11861[11861] + +*Metricbeat* + +- Change diskio metrics retrieval method (only for Windows) from wmi query to DeviceIOControl function using the IOCTL_DISK_PERFORMANCE control code {pull}11635[11635] +- Call GetMetricData api per region instead of per instance. {issue}11820[11820] {pull}11882[11882] +- Update documentation with cloudwatch:ListMetrics permission. {pull}11987[11987] +- Check permissions in system socket metricset based on capabilities. {pull}12039[12039] +- Get process information from sockets owned by current user when system socket metricset is run without privileges. {pull}12039[12039] +- Avoid generating hints-based configuration with empty hosts when no exposed port is suitable for the hosts hint. {issue}8264[8264] {pull}12086[12086] +- Fixed a socket leak in the postgresql module under Windows when SSL is disabled on the server. {pull}11393[11393] +- Change some field type from scaled_float to long in aws module. {pull}11982[11982] +- Fixed RabbitMQ `queue` metricset gathering when `consumer_utilisation` is set empty at the metrics source {pull}12089[12089] +- Fix direction of incoming IPv6 sockets. {pull}12248[12248] +- Ignore prometheus metrics when their values are NaN or Inf. {pull}12084[12084] {issue}10849[10849] +- Require client_auth by default when ssl is enabled for module http metricset server{pull}12333[12333] +- The `elasticsearch/index_summary` metricset gracefully handles an empty Elasticsearch cluster when `xpack.enabled: true` is set. {pull}12489[12489] {issue}12487[12487] + +*Packetbeat* + +- Prevent duplicate packet loss error messages in HTTP events. {pull}10709[10709] +- Fixed a memory leak when using process monitoring under Windows. {pull}12100[12100] +- Improved debug logging efficiency in PGQSL module. {issue}12150[12150] + +*Winlogbeat* + +*Functionbeat* + +- Fix function name reference for Kinesis streams in CloudFormation templates {pull}11646[11646] + +==== Added + +*Affecting all Beats* + +- Add an option to append to existing logs rather than always rotate on start. {pull}11953[11953] +- Add `network` condition to processors for matching IP addresses against CIDRs. {pull}10743[10743] +- Add if/then/else support to processors. {pull}10744[10744] +- Add `community_id` processor for computing network flow hashes. {pull}10745[10745] +- Add output test to kafka output {pull}10834[10834] +- Gracefully shut down on SIGHUP {pull}10704[10704] +- New processor: `copy_fields`. {pull}11303[11303] +- Add `error.message` to events when `fail_on_error` is set in `rename` and `copy_fields` processors. {pull}11303[11303] +- New processor: `truncate_fields`. {pull}11297[11297] +- Allow a beat to ship monitoring data directly to an Elasticsearch monitoring clsuter. {pull}9260[9260] +- Updated go-seccomp-bpf library to v1.1.0 which updates syscall lists for Linux v5.0. {pull}NNNN[NNNN] +- Add `add_observer_metadata` processor. {pull}11394[11394] +- Add `decode_csv_fields` processor. {pull}11753[11753] +- Add `convert` processor for converting data types of fields. {issue}8124[8124] {pull}11686[11686] +- New `extract_array` processor. {pull}11761[11761] +- Add number of goroutines to reported metrics. {pull}12135[12135] + +*Auditbeat* + +- Auditd module: Add `event.outcome` and `event.type` for ECS. {pull}11432[11432] +- Process: Add file hash of process executable. {pull}11722[11722] +- Socket: Add network.transport and network.community_id. {pull}12231[12231] +- Host: Fill top-level host fields. {pull}12259[12259] + +*Filebeat* + +- Add more info to message logged when a duplicated symlink file is found {pull}10845[10845] +- Add option to configure docker input with paths {pull}10687[10687] +- Add Netflow module to enrich flow events with geoip data. {pull}10877[10877] +- Set `event.category: network_traffic` for Suricata. {pull}10882[10882] +- Allow custom default settings with autodiscover (for example, use of CRI paths for logs). {pull}12193[12193] +- Allow to disable hints based autodiscover default behavior (fetching all logs). {pull}12193[12193] +- Change Suricata module pipeline to handle `destination.domain` being set if a reverse DNS processor is used. {issue}10510[10510] +- Add the `network.community_id` flow identifier to field to the IPTables, Suricata, and Zeek modules. {pull}11005[11005] +- New Filebeat coredns module to ingest coredns logs. It supports both native coredns deployment and coredns deployment in kubernetes. {pull}11200[11200] +- New module for Cisco ASA logs. {issue}9200[9200] {pull}11171[11171] +- Added support for Cisco ASA fields to the netflow input. {pull}11201[11201] +- Configurable line terminator. {pull}11015[11015] +- Add Filebeat envoyproxy module. {pull}11700[11700] +- Add apache2(httpd) log path (`/var/log/httpd`) to make apache2 module work out of the box on Redhat-family OSes. {issue}11887[11887] {pull}11888[11888] +- Add support to new MongoDB additional diagnostic information {pull}11952[11952] +- New module `panw` for Palo Alto Networks PAN-OS logs. {pull}11999[11999] +- Add RabbitMQ module. {pull}12032[12032] +- Add new `container` input. {pull}12162[12162] + +*Heartbeat* + +- Enable `add_observer_metadata` processor in default config. {pull}11394[11394] + +*Journalbeat* + +*Metricbeat* + +- Add AWS SQS metricset. {pull}10684[10684] {issue}10053[10053] +- Add AWS s3_request metricset. {pull}10949[10949] {issue}10055[10055] +- Add s3_daily_storage metricset. {pull}10940[10940] {issue}10055[10055] +- Add `coredns` metricbeat module. {pull}10585[10585] +- Add SSL support for Metricbeat HTTP server. {pull}11482[11482] {issue}11457[11457] +- The `elasticsearch.index` metricset (with `xpack.enabled: true`) now collects `refresh.external_total_time_in_millis` fields from Elasticsearch. {pull}11616[11616] +- Allow module configurations to have variants {pull}9118[9118] +- Add `timeseries.instance` field calculation. {pull}10293[10293] +- Added new disk states and raid level to the system/raid metricset. {pull}11613[11613] +- Added `path_name` and `start_name` to service metricset on windows module {issue}8364[8364] {pull}11877[11877] +- Add check on object name in the counter path if the instance name is missing {issue}6528[6528] {pull}11878[11878] +- Add AWS cloudwatch metricset. {pull}11798[11798] {issue}11734[11734] +- Add `regions` in aws module config to specify target regions for querying cloudwatch metrics. {issue}11932[11932] {pull}11956[11956] +- Keep `etcd` followers members from reporting `leader` metricset events {pull}12004[12004] +- Add validation for elasticsearch and kibana modules' metricsets when xpack.enabled is set to true. {pull}12386[12386] + +*Packetbeat* + +*Functionbeat* + +- New options to configure roles and VPC. {pull}11779[11779] + +*Winlogbeat* + +- Add support for reading from .evtx files. {issue}4450[4450] + +==== Deprecated + +*Affecting all Beats* + +*Filebeat* + +- `docker` input is deprecated in favour `container`. {pull}12162[12162] + +*Heartbeat* + +*Journalbeat* + +*Metricbeat* + +*Packetbeat* + +*Winlogbeat* + +*Functionbeat* + +==== Known Issue + +*Journalbeat* + [[release-notes-7.1.1]] === Beats version 7.1.1 https://github.com/elastic/beats/compare/v7.1.0...v7.1.1[View commits] @@ -813,12 +1196,84 @@ https://github.com/elastic/beats/compare/v6.5.0...v7.0.0-alpha1[View commits] - Added support to calculate certificates' fingerprints (MD5, SHA-1, SHA-256). {issue}8180[8180] - Support new TLS version negotiation introduced in TLS 1.3. {issue}8647[8647]. +[[release-notes-6.8.2]] +=== Beats version 6.8.2 +https://github.com/elastic/beats/compare/v6.8.1...v6.8.2[View commits] + +==== Bugfixes + +*Auditbeat* + +- Process dataset: Do not show non-root warning on Windows. {pull}12740[12740] + +*Filebeat* + +- Skipping unparsable log entries from docker json reader {pull}12268[12268] + +*Packetbeat* + +- Limit memory usage of Redis replication sessions. {issue}12657[12657 + +[[release-notes-6.8.1]] +=== Beats version 6.8.1 +https://github.com/elastic/beats/compare/v6.8.0...v6.8.1[View commits] + +==== Bugfixes + +*Affecting all Beats* + +- Fixed a memory leak when using the add_process_metadata processor under Windows. {pull}12100[12100] + +*Auditbeat* + +- Package dataset: Log error when Homebrew is not installed. {pull}11667[11667] +- Process dataset: Fixed a memory leak under Windows. {pull}12100[12100] +- Login dataset: Fix re-read of utmp files. {pull}12028[12028] +- Package dataset: Fixed a crash inside librpm after Auditbeat has been running for a while. {issue}12147[12147] {pull}12168[12168] +- Fix direction of incoming IPv6 sockets. {pull}12248[12248] +- Package dataset: Auto-detect package directories. {pull}12289[12289] +- System module: Start system module without host ID. {pull}12373[12373] +- Host dataset: Fix reboot detection logic. {pull}12591[12591] + +*Filebeat* + +- Fix goroutine leak happening when harvesters are dynamically stopped. {pull}11263[11263] +- Fix initialization of the TCP input logger. {pull}11605[11605] +- Fix goroutine leak caused on initialization failures of log input. {pull}12125[12125] +- Fix memory leak in Filebeat pipeline acker. {pull}12063[12063] +- Fix goroutine leak on non-explicit finalization of log input. {pull}12164[12164] +- When TLS is configured for the TCP input and a `certificate_authorities` is configured we now default to `required` for the `client_authentication`. {pull}12584[12584] + +*Metricbeat* + +- Avoid generating hints-based configuration with empty hosts when no exposed port is suitable for the hosts hint. {issue}8264[8264] {pull}12086[12086] +- Fix direction of incoming IPv6 sockets. {pull}12248[12248] +- Validate that kibana/status metricset cannot be used when xpack is enabled. {pull}12264[12264] +- In the kibana/stats metricset, only log error (don't also index it) if xpack is enabled. {pull}12353[12353] +- The `elasticsearch/index_summary` metricset gracefully handles an empty Elasticsearch cluster when `xpack.enabled: true` is set. {pull}12489[12489] {issue}12487[12487] +- When TLS is configured for the http metricset and a `certificate_authorities` is configured we now default to `required` for the `client_authentication`. {pull}12584[12584] + +*Packetbeat* + +- Fixed a memory leak when using process monitoring under Windows. {pull}12100[12100] +- Improved debug logging efficiency in PGQSL module. {issue}12150[12150] + +==== Added + +*Auditbeat* + +- Add support to the system package dataset for the SUSE OS family. {pull}11634[11634] + +*Metricbeat* + +- Add validation for elasticsearch and kibana modules' metricsets when xpack.enabled is set to true. {pull}12386[12386] + [[release-notes-6.8.0]] === Beats version 6.8.0 * Updates to support changes to licensing of security features. + -Some Elastic Stack security features, such as encrypted communications, file and native authentication, and +Some Elastic Stack security features, such as encrypted communications, file and native authentication, and role-based access control, are now available in more subscription levels. For details, see https://www.elastic.co/subscriptions. [[release-notes-6.7.2]] diff --git a/vendor/github.com/elastic/beats/CHANGELOG.next.asciidoc b/vendor/github.com/elastic/beats/CHANGELOG.next.asciidoc index d9ab99fb..c32f21c1 100644 --- a/vendor/github.com/elastic/beats/CHANGELOG.next.asciidoc +++ b/vendor/github.com/elastic/beats/CHANGELOG.next.asciidoc @@ -12,8 +12,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Update to Golang 1.12.1. {pull}11330[11330] - Update to Golang 1.12.4. {pull}11782[11782] -- Update to ECS 1.0.1. {pull}12284[12284] {pull}12317[12317] -- Default of output.kafka.metadata.full is set to false by now. This reduced the amount of metadata to be queried from a kafka cluster. {pull}12738[12738] *Auditbeat* @@ -24,7 +22,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Filebeat* - Add read_buffer configuration option. {pull}11739[11739] -- `convert_timezone` option is removed and locale is always added to the event so timezone is used when parsing the timestamp, this behaviour can be overriden with processors. {pull}12410[12410] *Heartbeat* @@ -51,7 +48,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Affecting all Beats* -- Fix typo in TLS renegotiation configuration and setting the option correctly {issue}10871[10871], {pull}12354[12354] - Ensure all beat commands respect configured settings. {pull}10721[10721] - Add missing fields and test cases for libbeat add_kubernetes_metadata processor. {issue}11133[11133], {pull}11134[11134] - decode_json_field: process objects and arrays only {pull}11312[11312] @@ -61,40 +57,16 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Management configuration backup file will now have a timestamps in their name. {pull}11034[11034] - [CM] Parse enrollment_token response correctly {pull}11648[11648] - Not hiding error in case of http failure using elastic fetcher {pull}11604[11604] -- Escape BOM on JsonReader before trying to decode line {pull}11661[11661] - Fix matching of string arrays in contains condition. {pull}11691[11691] - Replace wmi queries with win32 api calls as they were consuming CPU resources {issue}3249[3249] and {issue}11840[11840] - Fix a race condition with the Kafka pipeline client, it is possible that `Close()` get called before `Connect()` . {issue}11945[11945] -- Fix queue.spool.write.flush.events config type. {pull}12080[12080] -- Fixed a memory leak when using the add_process_metadata processor under Windows. {pull}12100[12100] - Fix of docker json parser for missing "log" jsonkey in docker container's log {issue}11464[11464] -- Fixed Beat ID being reported by GET / API. {pull}12180[12180] -- Fixed setting bulk max size in kafka output. {pull}12254[12254] -- Add host.os.codename to fields.yml. {pull}12261[12261] - Fix `@timestamp` being duplicated in events if `@timestamp` is set in a processor (or by any code utilizing `PutValue()` on a `beat.Event`). -- Fix leak in script processor when using Javascript functions in a processor chain. {pull}12600[12600] -- Add additional nil pointer checks to Docker client code to deal with vSphere Integrated Containers {pull}12628[12628] -- Fix Central Management enroll under Windows {issue}12797[12797] {pull}12799[12799] -- Fixed a crash under Windows when fetching processes information. {pull}12833[12833] -- Fix seccomp policy preventing some features to function properly on 32bit Linux systems. {issue}12990[12990] {pull}13008[13008] +- Fix install-service.ps1's ability to set Windows service's delay start configuration. {pull}13173[13173] *Auditbeat* -- Process dataset: Fixed a memory leak under Windows. {pull}12100[12100] -- Login dataset: Fix re-read of utmp files. {pull}12028[12028] -- Package dataset: Fixed a crash inside librpm after Auditbeat has been running for a while. {issue}12147[12147] {pull}12168[12168] -- Fix formatting of config files on macOS and Windows. {pull}12148[12148] -- Fix direction of incoming IPv6 sockets. {pull}12248[12248] -- Package dataset: Close librpm handle. {pull}12215[12215] -- Package dataset: Auto-detect package directories. {pull}12289[12289] -- Package dataset: Improve dpkg parsing. {pull}12325[12325] -- System module: Start system module without host ID. {pull}12373[12373] -- Host dataset: Fix reboot detection logic. {pull}12591[12591] -- Add syscalls used by librpm for the system/package dataset to the default Auditbeat seccomp policy. {issue}12578[12578] {pull}12617[12617] -- Process dataset: Do not show non-root warning on Windows. {pull}12740[12740] -- Host dataset: Export Host fields to gob encoder. {pull}12940[12940] - *Filebeat* - Add support for Cisco syslog format used by their switch. {pull}10760[10760] @@ -103,59 +75,26 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Improve detection of file deletion on Windows. {pull}10747[10747] - Add missing Kubernetes metadata fields to Filebeat CoreDNS module, and fix a documentation error. {pull}11591[11591] - Reduce memory usage if long lines are truncated to fit `max_bytes` limit. The line buffer is copied into a smaller buffer now. This allows the runtime to release unused memory earlier. {pull}11524[11524] -- Fix memory leak in Filebeat pipeline acker. {pull}12063[12063] -- Fix goroutine leak caused on initialization failures of log input. {pull}12125[12125] -- Fix goroutine leak on non-explicit finalization of log input. {pull}12164[12164] -- Skipping unparsable log entries from docker json reader {pull}12268[12268] -- Parse timezone in PostgreSQL logs as part of the timestamp {pull}12338[12338] -- Load correct pipelines when system module is configured in modules.d. {pull}12340[12340] -- Fix timezone offset parsing in system/syslog. {pull}12529[12529] -- When TLS is configured for the TCP input and a `certificate_authorities` is configured we now default to `required` for the `client_authentication`. {pull}12584[12584] -- Apply `max_message_size` to incoming message buffer. {pull}11966[11966] -- Syslog input will now omit the `process` object from events if it is empty. {pull}12700[12700] +- Fix multiline pattern in Postgres which was too permissive {issue}12078[12078] {pull}13069[13069] *Heartbeat* - Fix NPEs / resource leaks when executing config checks. {pull}11165[11165] -- Fix duplicated IPs on `mode: all` monitors. {pull}12458[12458] *Journalbeat* - Use backoff when no new events are found. {pull}11861[11861] -- Iterate over journal correctly, so no duplicate entries are sent. {pull}12716[12716] -- Preserve host name when reading from remote journal. {pull}12714[12714] *Metricbeat* - Change diskio metrics retrieval method (only for Windows) from wmi query to DeviceIOControl function using the IOCTL_DISK_PERFORMANCE control code {pull}11635[11635] - Call GetMetricData api per region instead of per instance. {issue}11820[11820] {pull}11882[11882] - Update documentation with cloudwatch:ListMetrics permission. {pull}11987[11987] -- Check permissions in system socket metricset based on capabilities. {pull}12039[12039] -- Get process information from sockets owned by current user when system socket metricset is run without privileges. {pull}12039[12039] -- Avoid generating hints-based configuration with empty hosts when no exposed port is suitable for the hosts hint. {issue}8264[8264] {pull}12086[12086] -- Fixed a socket leak in the postgresql module under Windows when SSL is disabled on the server. {pull}11393[11393] -- Change some field type from scaled_float to long in aws module. {pull}11982[11982] -- Fixed RabbitMQ `queue` metricset gathering when `consumer_utilisation` is set empty at the metrics source {pull}12089[12089] -- Fix direction of incoming IPv6 sockets. {pull}12248[12248] -- Refactored Windows perfmon metricset: replaced method to retrieve counter paths with PdhExpandWildCardPathW, separated code by responsibility, removed unused functions {pull}12212[12212] -- Validate that kibana/status metricset cannot be used when xpack is enabled. {pull}12264[12264] -- Ignore prometheus metrics when their values are NaN or Inf. {pull}12084[12084] {issue}10849[10849] -- In the kibana/stats metricset, only log error (don't also index it) if xpack is enabled. {pull}12265[12265] -- Fix an issue listing all processes when run under Windows as a non-privileged user. {issue}12301[12301] {pull}12475[12475] -- The `elasticsearch/index_summary` metricset gracefully handles an empty Elasticsearch cluster when `xpack.enabled: true` is set. {pull}12489[12489] {issue}12487[12487] -- When TLS is configured for the http metricset and a `certificate_authorities` is configured we now default to `required` for the `client_authentication`. {pull}12584[12584] -- Reuse connections in PostgreSQL metricsets. {issue}12504[12504] {pull}12603[12603] -- PdhExpandWildCardPathW will not expand counter paths in 32 bit windows systems, workaround will use a different function.{issue}12590[12590]{pull}12622[12622] -- In the elasticsearch/node_stats metricset, if xpack is enabled, make parsing of ES node load average optional as ES on Windows doesn't report load average. {pull}12866[12866] -- Fix incoherent behaviour in redis key metricset when keyspace is specified both in host URL and key pattern {pull}12913[12913] -- Fix connections leak in redis module {pull}12914[12914] {pull}12950[12950] -- Fix wrong uptime reporting by system/uptime metricset under Windows. {pull}12915[12915] -- Print errors that were being omitted in vSphere metricsets {pull}12816[12816] + *Packetbeat* - Prevent duplicate packet loss error messages in HTTP events. {pull}10709[10709] -- Fixed a memory leak when using process monitoring under Windows. {pull}12100[12100] - Improved debug logging efficiency in PGQSL module. {issue}12150[12150] - Limit memory usage of Redis replication sessions. {issue}12657[12657] @@ -183,25 +122,11 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Updated go-seccomp-bpf library to v1.1.0 which updates syscall lists for Linux v5.0. {pull}NNNN[NNNN] - Add `add_observer_metadata` processor. {pull}11394[11394] - Add `decode_csv_fields` processor. {pull}11753[11753] -- Add `convert` processor for converting data types of fields. {issue}8124[8124] {pull}11686[11686] -- New `extract_array` processor. {pull}11761[11761] -- Add number of goroutines to reported metrics. {pull}12135[12135] -- Add `proxy_disable` output flag to explicitly ignore proxy environment variables. {issue}11713[11713] {pull}12243[12243] -- Processor `add_cloud_metadata` adds fields `cloud.account.id` and `cloud.image.id` for AWS EC2. {pull}12307[12307] -- Add configurable bulk_flush_frequency in kafka output. {pull}12254[12254] -- Add `decode_base64_field` processor for decoding base64 field. {pull}11914[11914] - Add support for reading the `network.iana_number` field by default to the community_id processor. {pull}12701[12701] -- Add aws overview dashboard. {issue}11007[11007] {pull}12175[12175] -- Add `decompress_gzip_field` processor. {pull}12733[12733] -- Add `timestamp` processor for parsing time fields. {pull}12699[12699] -- Add Oracle Tablespaces Dashboard {pull}12736[12736] *Auditbeat* - Auditd module: Add `event.outcome` and `event.type` for ECS. {pull}11432[11432] -- Process: Add file hash of process executable. {pull}11722[11722] -- Socket: Add network.transport and network.community_id. {pull}12231[12231] -- Host: Fill top-level host fields. {pull}12259[12259] *Filebeat* @@ -209,8 +134,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add option to configure docker input with paths {pull}10687[10687] - Add Netflow module to enrich flow events with geoip data. {pull}10877[10877] - Set `event.category: network_traffic` for Suricata. {pull}10882[10882] -- Allow custom default settings with autodiscover (for example, use of CRI paths for logs). {pull}12193[12193] -- Allow to disable hints based autodiscover default behavior (fetching all logs). {pull}12193[12193] - Change Suricata module pipeline to handle `destination.domain` being set if a reverse DNS processor is used. {issue}10510[10510] - Add the `network.community_id` flow identifier to field to the IPTables, Suricata, and Zeek modules. {pull}11005[11005] - New Filebeat coredns module to ingest coredns logs. It supports both native coredns deployment and coredns deployment in kubernetes. {pull}11200[11200] @@ -220,21 +143,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add Filebeat envoyproxy module. {pull}11700[11700] - Add apache2(httpd) log path (`/var/log/httpd`) to make apache2 module work out of the box on Redhat-family OSes. {issue}11887[11887] {pull}11888[11888] - Add support to new MongoDB additional diagnostic information {pull}11952[11952] -- New module `panw` for Palo Alto Networks PAN-OS logs. {pull}11999[11999] -- Add RabbitMQ module. {pull}12032[12032] -- Add new `container` input. {pull}12162[12162] -- Add timeouts on communication with docker daemon. {pull}12310[12310] - `container` and `docker` inputs now support reading of labels and env vars written by docker JSON file logging driver. {issue}8358[8358] -- Add specific date processor to convert timezones so same pipeline can be used when convert_timezone is enabled or disabled. {pull}12253[12253] -- Add MSSQL module {pull}12079[12079] -- Add ISO8601 date parsing support for system module. {pull}12568[12568] {pull}12578[12579] -- Update Kubernetes deployment manifest to use `container` input. {pull}12632[12632] - Use correct OS path separator in `add_kubernetes_metadata` to support Windows nodes. {pull}9205[9205] -- Add support for client addresses with port in Apache error logs {pull}12695[12695] -- Add `google-pubsub` input type for consuming messages from a Google Cloud Pub/Sub topic subscription. {pull}12746[12746] -- Add module for ingesting Cisco IOS logs over syslog. {pull}12748[12748] -- Add module for ingesting Google Cloud VPC flow logs. {pull}12747[12747] -- Report host metadata for Filebeat logs in Kubernetes. {pull}12790[12790] *Heartbeat* @@ -257,36 +167,12 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add check on object name in the counter path if the instance name is missing {issue}6528[6528] {pull}11878[11878] - Add AWS cloudwatch metricset. {pull}11798[11798] {issue}11734[11734] - Add `regions` in aws module config to specify target regions for querying cloudwatch metrics. {issue}11932[11932] {pull}11956[11956] -- Keep `etcd` followers members from reporting `leader` metricset events {pull}12004[12004] -- Add overview dashboard to Consul module {pull}10665[10665] -- New fields were added in the mysql/status metricset. {pull}12227[12227] -- Add Kubernetes metricset `proxy`. {pull}12312[12312] -- Add Kubernetes proxy dashboard to Kubernetes module {pull}12734[12734] -- Always report Pod UID in the `pod` metricset. {pull}12345[12345] -- Add Vsphere Virtual Machine operating system to `os` field in Vsphere virtualmachine module. {pull}12391[12391] -- Add validation for elasticsearch and kibana modules' metricsets when xpack.enabled is set to true. {pull}12386[12386] -- Add CockroachDB module. {pull}12467[12467] -- Add support for metricbeat modules based on existing modules (a.k.a. light modules) {issue}12270[12270] {pull}12465[12465] -- Add a system/entropy metricset {pull}12450[12450] -- Add kubernetes metricset `controllermanager` {pull}12409[12409] -- Add Kubernetes controller manager dashboard to Kubernetes module {pull}12744[12744] -- Allow redis URL format in redis hosts config. {pull}12408[12408] -- Add tags into ec2 metricset. {issue}[12263]12263 {pull}12372[12372] -- Add kubernetes metricset `scheduler` {pull}12521[12521] -- Add Kubernetes scheduler dashboard to Kubernetes module {pull}12749[12749] -- Add `beat` module. {pull}12181[12181] {pull}12615[12615] -- Collect tags for cloudwatch metricset in aws module. {issue}[12263]12263 {pull}12480[12480] -- Add AWS RDS metricset. {pull}11620[11620] {issue}10054[10054] -- Add Oracle Module {pull}11890[11890] - *Packetbeat* *Functionbeat* - New options to configure roles and VPC. {pull}11779[11779] -- Export automation templates used to create functions. {pull}11923[11923] -- Configurable Amazon endpoint. {pull}12369[12369] *Winlogbeat* @@ -298,9 +184,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Filebeat* -- `docker` input is deprecated in favour `container`. {pull}12162[12162] -- `postgresql.log.timestamp` field is deprecated in favour of `@timestamp`. {pull}12338[12338] - *Heartbeat* *Journalbeat* diff --git a/vendor/github.com/elastic/beats/auditbeat/docker-compose.yml b/vendor/github.com/elastic/beats/auditbeat/docker-compose.yml index f74458ce..6a0e2521 100644 --- a/vendor/github.com/elastic/beats/auditbeat/docker-compose.yml +++ b/vendor/github.com/elastic/beats/auditbeat/docker-compose.yml @@ -19,7 +19,6 @@ services: pid: host cap_add: - AUDIT_CONTROL - - AUDIT_READ # This is a proxy used to block beats until all services are healthy. # See: https://github.com/docker/compose/issues/4369 diff --git a/vendor/github.com/elastic/beats/dev-tools/packaging/templates/windows/install-service.ps1.tmpl b/vendor/github.com/elastic/beats/dev-tools/packaging/templates/windows/install-service.ps1.tmpl index 4198ba07..cab1373e 100644 --- a/vendor/github.com/elastic/beats/dev-tools/packaging/templates/windows/install-service.ps1.tmpl +++ b/vendor/github.com/elastic/beats/dev-tools/packaging/templates/windows/install-service.ps1.tmpl @@ -15,6 +15,6 @@ New-Service -name {{.BeatName}} ` # Attempt to set the service to delayed start using sc config. Try { - Start-Process -FilePath sc.exe -ArgumentList 'config {{.BeatName}} start=delayed-auto' + Start-Process -FilePath sc.exe -ArgumentList 'config {{.BeatName}} start= delayed-auto' } Catch { Write-Host -f red "An error occured setting the service to delayed start." } diff --git a/vendor/github.com/elastic/beats/docs/devguide/newdashboards.asciidoc b/vendor/github.com/elastic/beats/docs/devguide/newdashboards.asciidoc index 0a642e48..0576e846 100644 --- a/vendor/github.com/elastic/beats/docs/devguide/newdashboards.asciidoc +++ b/vendor/github.com/elastic/beats/docs/devguide/newdashboards.asciidoc @@ -46,13 +46,17 @@ To import the dashboards, run the `setup` command. ./metricbeat setup ------------------------- -The `setup` phase loads: +The `setup` phase loads several dependencies, such as: - Index mapping template in Elasticsearch - Kibana dashboards -- Machine Learning jobs (if available) +- Machine Learning (ML) jobs +- Ingest pipelines +- ILM policy -For more details about the `setup` command, run the following: +The dependencies vary depending on the Beat you're setting up. + +For more details about the `setup` command, see the command-line help. For example: [source,shell] ---- @@ -63,16 +67,18 @@ This command does initial setup of the environment: * Index mapping template in Elasticsearch to ensure fields are mapped. * Kibana dashboards (where available). * ML jobs (where available). + * Ingest pipelines (where available). + * ILM policy (for Elasticsearch 6.5 and newer). Usage: - filebeat setup [flags] + metricbeat setup [flags] Flags: - --dashboards Setup dashboards only + --dashboards Setup dashboards -h, --help help for setup - --machine-learning Setup machine learning job configurations only - --modules string List of enabled modules (comma separated) - --template Setup index template only + --index-management Setup all components related to Elasticsearch index management, including template, ilm policy and rollover alias + --machine-learning Setup machine learning job configurations + --pipelines Setup Ingest pipelines ---- The flags are useful when you don't want to load everything. For example, to diff --git a/vendor/github.com/elastic/beats/filebeat/module/postgresql/log/config/log.yml b/vendor/github.com/elastic/beats/filebeat/module/postgresql/log/config/log.yml index 5f236667..3007531f 100644 --- a/vendor/github.com/elastic/beats/filebeat/module/postgresql/log/config/log.yml +++ b/vendor/github.com/elastic/beats/filebeat/module/postgresql/log/config/log.yml @@ -5,6 +5,6 @@ paths: {{ end }} exclude_files: [".gz$"] multiline: - pattern: '^[-0-9]* ' + pattern: '^\d{4}-\d{2}-\d{2} ' negate: true match: after diff --git a/vendor/github.com/elastic/beats/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log b/vendor/github.com/elastic/beats/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log index 39a4d0ff..59416a18 100644 --- a/vendor/github.com/elastic/beats/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log +++ b/vendor/github.com/elastic/beats/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log @@ -59,3 +59,6 @@ 2017-07-31 13:46:02.670 CEST [5502] postgres@c$lients LOG: duration: 10.540 ms statement: insert into cats(name, toy, born) values('kate', 'ball', now()); 2017-07-31 13:46:23.016 CEST [5502] postgres@_clients$db LOG: duration: 5.156 ms statement: insert into cats(name, toy, born) values('frida', 'horse', now()); 2017-07-31 13:46:55.637 CEST [5502] postgres@clients_db LOG: duration: 25.871 ms statement: create table dogs(name varchar(50) primary key, owner varchar (50) not null, born timestamp not null); +2019-05-06 19:00:04.511 UTC [913763] elastic@opbeans LOG: duration: 0.753 ms statement: SELECT p.id, p.sku, p.name, p.stock, t.name AS type_name FROM products p LEFT JOIN product_types t ON p.type_id=t.id + FROM orders JOIN customers ON orders.customer_id=customers.id + FROM products JOIN product_types ON type_id=product_types.id diff --git a/vendor/github.com/elastic/beats/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json b/vendor/github.com/elastic/beats/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json index fabd1679..23f76405 100644 --- a/vendor/github.com/elastic/beats/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json +++ b/vendor/github.com/elastic/beats/filebeat/module/postgresql/log/test/postgresql-9.6-debian-with-slowlog.log-expected.json @@ -315,5 +315,26 @@ "process.pid": 5502, "service.type": "postgresql", "user.name": "postgres" + }, + { + "@timestamp": "2019-05-06T19:00:04.511Z", + "event.dataset": "postgresql.log", + "event.duration": 753000, + "event.module": "postgresql", + "event.timezone": "UTC", + "fileset.name": "log", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "LOG", + "log.offset": 4266, + "message": "2019-05-06 19:00:04.511 UTC [913763] elastic@opbeans LOG: duration: 0.753 ms statement: SELECT p.id, p.sku, p.name, p.stock, t.name AS type_name FROM products p LEFT JOIN product_types t ON p.type_id=t.id\n FROM orders JOIN customers ON orders.customer_id=customers.id\n FROM products JOIN product_types ON type_id=product_types.id", + "postgresql.log.database": "opbeans", + "postgresql.log.query": "SELECT p.id, p.sku, p.name, p.stock, t.name AS type_name FROM products p LEFT JOIN product_types t ON p.type_id=t.id\n FROM orders JOIN customers ON orders.customer_id=customers.id\n FROM products JOIN product_types ON type_id=product_types.id", + "postgresql.log.timestamp": "2019-05-06 19:00:04.511 UTC", + "process.pid": 913763, + "service.type": "postgresql", + "user.name": "elastic" } ] \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/beats1.crt b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/beats1.crt index a25176b7..d4c9d24f 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/beats1.crt +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/beats1.crt @@ -1,17 +1,19 @@ -----BEGIN CERTIFICATE----- -MIICpjCCAY4CCQCPlBnZq20PBzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls -b2NhbGhvc3QwIBcNMTkwNTA2MTIyODA0WhgPMjExOTA0MTIxMjI4MDRaMBQxEjAQ -BgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AJ8Brx+eCEQ71APIN1EYsvVB4jqwNj3bpQ8US8MsmgXfpfc68Y6nVCYJlHz5hqB5 -Z9AN/O/JocpnFuP9C0NHW+i6Sgh5Q1cCAmI7JlO6/l50fR7rggrCklIidz4iTb7M -KfuuA4AozbuzIgjVY3MG4H3myxLnX9deKBX3M1npZhs9mDD5BGRWfRFottA3hVFy -KKFONrQoLEMz1QIokqzgo4Tngl9JXIn8eH/ELCMJedfSQmwgsiFwMZb4KcvQkC33 -5Ms371OZjTeanCPnmMAig1esclkXIdyrB/YdsM3cEWFZkRXhQZKE61pQm2sODPV9 -Od3lAi+/seW95xCbmHNOxv0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAgBjFkZok -sWKD+MZivEVjXke2LEto207Kv9BCIXwrXrbs6xvGrt9dmQTJs8boo9H+iwccLygE -WEns4I2DvByYuy8VAh7UWF0pK4PQI8NRxGv0gOqyNNBllaGlGCsXzuA5viuvSthh -3WcIsiI9wweugR+JYFzKXyUpzJlo0u2rzrrkdHKr8/ZI+cTJfyVhaNbPtDoWJRq6 -KSz/Dsx5Gbqj0d9naloQ554Fl93CZyVtIxJBPcuooengPm65tn4D33QDiKTaoSTG -8zVNbUsUV9Ir6W9xitTBqguSF8MJ9mEeZb/LeJWKi45i9Zi88SOxn0YobryEAGrc -zPf17VoieF01lA== +MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF +ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2 +MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n +fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl +94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t +/D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP +PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41 +CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O +BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux +8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D +874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw +3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA +H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu +8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0 +yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk +sxSmbIUfc2SGJGCJD4I= -----END CERTIFICATE----- diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/beats1.key b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/beats1.key index ab58fe1a..00ac7d62 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/beats1.key +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/beats1.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCfAa8fnghEO9QD -yDdRGLL1QeI6sDY926UPFEvDLJoF36X3OvGOp1QmCZR8+YageWfQDfzvyaHKZxbj -/QtDR1voukoIeUNXAgJiOyZTuv5edH0e64IKwpJSInc+Ik2+zCn7rgOAKM27syII -1WNzBuB95ssS51/XXigV9zNZ6WYbPZgw+QRkVn0RaLbQN4VRciihTja0KCxDM9UC -KJKs4KOE54JfSVyJ/Hh/xCwjCXnX0kJsILIhcDGW+CnL0JAt9+TLN+9TmY03mpwj -55jAIoNXrHJZFyHcqwf2HbDN3BFhWZEV4UGShOtaUJtrDgz1fTnd5QIvv7HlvecQ -m5hzTsb9AgMBAAECggEAFHDZ+32MYIE0czwE6Hb9YowSsiq+/lrDMFoSl0efkUu8 -ATlhnk4igjVPEnXdebnBv7xcnNLV6rgv+CUqkn6U8SkppUc5gfDvL4OdHLx4QNpG -z3fFIu76cnadz64HQpTqfMFVD9+u+wc/Q9Vy0HG84FKQHqEB8CTZkGFUB6X6i1u+ -2OIjG6G81d3M2YnK5UPUr55G/yRm7h521JwHGSrE3BdakmOCZ/btO3QET0zePC/W -SfW9OYOW2tUnwf2ucj+DN9cqV1BuZihwa8m0s+Hlm34fWd3qAndXSK5kuRfq3tmS -eUHLFT38WOx9f83etAVxjKbIs4g0PgUg6kahxho03QKBgQDMozjIQMy4d75AgN1E -oP/EFnPE61o/8MU2JYp4P0BriDnbqDi6+L3oE1G8GjJDL2r0uz/j+eHUN1xz+ahF -ILML+xmj6wMasNuLPKkD5cmx6LvJDN3mkGKcSBZyjFgJl0hunAG1VvlpVhYsf0xA -yTyDz3itPwaCCNNVvn87Ph+3XwKBgQDG6n0c8I44cVrj9j3zS4OAXLLNgZkznx0g -oxoGdXgrYZU7N9Zbg4fB6RTypzx5FFTgELbGs8rCqrDuk7tRCjtKqFyzjmzETpFo -thOSGa7bDcZO7ksKm8Lpx68FY64lbClXoD4JgxIo3hGU/D7KBM6/SmzG4JdnpPb/ -VdTlMSxrIwKBgHrALf9xX1wH+AeZRSE1sjZdgXRN+QUB2Epymm0nA+18+bfZYK5H -JyNe81hyHlROzUmgSOLnsZ8q1jp7N4S/6Kb3KJo7DtGj5Q3QhVHhNOuTP5GKNlFn -qr80PsLXjLe0F67BxgSQ92tISGTIt2TlUXd/rFO/ypeV069LZeaTjVLhAoGAZ+pG -NCEjWy80uVSBpqEzcJJ8wklK/KHJ+KvcQ7WIcrlG2ang7Ov4tv+J9v4Q5HwPnwJ8 -Sa/RZAMB7ZD10W9T7DuqOg9UmPUml5pO/Qs3wq4ehEuOnlsi5zhvIZSifGBV9LX8 -0sFLclgYvUlNkAIU8+/whbD8x6NxeZCgaJ9YwhsCgYA9KRuz3j+LOYBXeKTCBC4d -Fk+14jnjZ891e+2uACk65/MHnPAkjInZXFf7Lec55gLqh7g0fny7RkfYhCgGkipA -szaVpQlUFhEJNfUkwzgy7BdoEyagA2bJgGRovmxANPHcEr9CEiJ7hYFQyxf8LkN9 -qVQOXCQ1IlNBKxjHNq6kvQ== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDXHufGPycpCOfI +sjl6cRn8NP4DLxdIVEAHFK0jMRDup32UQOPW+DleEsFpgN9/ebi9ngdjQfMvKnUP +Zrl1HTwVhOJfazGeoJn7vdDeQebhJfeDXHwX2DiotXyUPYu1ioU45UZDAoAZFj5F +KJLwWRUbfEbRe8yO+wUhKKxxkApPbfw+wUtBicn1RIX7W1nBRABt1UXKDIRe5FM2 +MKfqhEqK4hUWC3g1r+vGTrxu3qFpzz7L2UrRFRIpo7yuTUhEhEGvcVsiTppTil4Z +HcprXFHf5158elEwhYJ5IM0nU1leNQiOgemifbLwkyNkLqCKth8V/4sezr1tYblZ +nMh1cclBAgMBAAECggEBAKdP5jyOicqknoG9/G564RcDsDyRt64NuO7I6hBg7SZx +Jn7UKWDdFuFP/RYtoabn6QOxkVVlydp5Typ3Xu7zmfOyss479Q/HIXxmmbkD0Kp0 +eRm2KN3y0b6FySsS40KDRjKGQCuGGlNotW3crMw6vOvvsLTlcKgUHF054UVCHoK/ +Piz7igkDU7NjvJeha53vXL4hIjb10UtJNaGPxIyFLYRZdRPyyBJX7Yt3w8dgz8WM +epOPu0dq3bUrY3WQXcxKZo6sQjE1h7kdl4TNji5jaFlvD01Y8LnyG0oThOzf0tve +Gaw+kuy17gTGZGMIfGVcdeb+SlioXMAAfOps+mNIwTECgYEA/gTO8W0hgYpOQJzn +BpWkic3LAoBXWNpvsQkkC3uba8Fcps7iiEzotXGfwYcb5Ewf5O3Lrz1EwLj7GTW8 +VNhB3gb7bGOvuwI/6vYk2/dwo84bwW9qRWP5hqPhNZ2AWl8kxmZgHns6WTTxpkRU +zrfZ5eUrBDWjRU2R8uppgRImsxMCgYEA2MxuL/C/Ko0d7XsSX1kM4JHJiGpQDvb5 +GUrlKjP/qVyUysNF92B9xAZZHxxfPWpdfGGBynhw7X6s+YeIoxTzFPZVV9hlkpAA +5igma0n8ZpZEqzttjVdpOQZK8o/Oni/Q2S10WGftQOOGw5Is8+LY30XnLvHBJhO7 +TKMurJ4KCNsCgYAe5TDSVmaj3dGEtFC5EUxQ4nHVnQyCpxa8npL+vor5wSvmsfUF +hO0s3GQE4sz2qHecnXuPldEd66HGwC1m2GKygYDk/v7prO1fQ47aHi9aDQB9N3Li +e7Vmtdn3bm+lDjtn0h3Qt0YygWj+wwLZnazn9EaWHXv9OuEMfYxVgYKpdwKBgEze +Zy8+WDm5IWRjn8cI5wT1DBT/RPWZYgcyxABrwXmGZwdhp3wnzU/kxFLAl5BKF22T +kRZ+D+RVZvVutebE9c937BiilJkb0AXLNJwT9pdVLnHcN2LHHHronUhV7vetkop+ +kGMMLlY0lkLfoGq1AxpfSbIea9KZam6o6VKxEnPDAoGAFDCJm+ZtsJK9nE5GEMav +NHy+PwkYsHhbrPl4dgStTNXLenJLIJ+Ke0Pcld4ZPfYdSyu/Tv4rNswZBNpNsW9K +0NwJlyMBfayoPNcJKXrH/csJY7hbKviAHr1eYy9/8OL0dHf85FV+9uY5YndLcsDc +nygO9KTJuUiBrLr0AHEnqko= -----END PRIVATE KEY----- diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/beats2.crt b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/beats2.crt index 2f04f6ff..cae7e391 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/beats2.crt +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/beats2.crt @@ -1,17 +1,19 @@ -----BEGIN CERTIFICATE----- -MIICpjCCAY4CCQDTyEOxreUKSDANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls -b2NhbGhvc3QwIBcNMTkwNTA2MTIyODA1WhgPMjExOTA0MTIxMjI4MDVaMBQxEjAQ -BgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AKeZZ48o3qDrOdmi+vKtBBsA/BnfUiKW+hiKai6X8PfbDxzLJHSh83UFE5KwuNOp -JrsL5791gCGHlvhWRXkPlnuPgqTG7qnSixM2bq/i64TUEKUPUMj4znWqN9XPaRI7 -2a/DJxetOJvtQqKNh2mEcTEFQKQieb3N9+N2Q6S0gL0jp5TtFuFEiptwOuyRvVml -2Sc439UZCxhz2+yZudYVuvdpkvEkGm/pnOlVWr8QFJLImfMkrGYH/BeqYORQpGTl -2Rny9Zx55vgYGds/cZRA9h96YVE7E0u9mywFsjqxsh+Pe2CjD55NS4LPD4JkaPXi -fThe1YH+ZvkLzpY8pX+wZkcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAi5SgxDV6 -tYg3aPxaceVXYRoUdymFgw+98dU9Iv+T2N4Dk4xaUfTOyHY5MhIaA5jAMzJhYf2T -Ro0Sh6+AekDUxn0KfjdFflrpH4Mj8KtnRbrWOejHZXNxg6ZrxEoheLUysG1h/LG5 -vTUmopWSx/lK4kvIvIIFjoigSZ21lZtCIt5glV+0W5mDhc6qmZbn9n5QZF89prmG -aUUeIyJI3LL4sSoCzszAIKtjJ6wJyvIWyH4ksNuhNN7fd1M8VrYuu3WXrkv6Je3D -aAd7Q2/v23NrbKKuYbaST1W8HF795vR4PF9tnaz6Fj8IUwPcsnNK/ebgd10/QRgq -UKpgWpRQbyZpdQ== +MIIDCzCCAfOgAwIBAgIUFf+/CCBq2gaUyaYYqGUhvPaQnD8wDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTE5MDcyMjE5MjkwNFoYDzIxMTkw +NjI4MTkyOTA0WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDsjDC/sh/p0QeM4Of55W5mbotwLRfUWliKVw/Yc24B +x8n4AMr4AmvbHYhWy8Hz+YhNNMtyKDSkfRBrYZYfQJ4VbbB5OE7zYoi85TItFZ80 +T6fJ3NaO70wUvYxs5kY5UxaXNkhSYIW9C7aFqojNHRoGqL+dpWisjN/Z2+h0IQr0 +kqpaC59c9yo4+jcHVhwJpxrZXtynC1f+NLDGa0eSXrSf07VW34WpOTGfb/GzbYfl +vMY+QzPkxAal5RsoAAWR8MxV0CBEWCj93iXA+R0vNI/LdHGH//wAcZXBtnEZeF5v +E5zuBHB5qCF1oKYz+bQUa4/fSdkR4VZugnnad9ePKeRpAgMBAAGjUzBRMB0GA1Ud +DgQWBBTrHOZVmvM/mTrSdrYdLG4NXa3x6zAfBgNVHSMEGDAWgBTrHOZVmvM/mTrS +drYdLG4NXa3x6zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCw +ELt9RQl6prJ/C9m12zyEySftSBJ6SYPkjJGDxV/0qPAGawdykOfyYqM58iauAFOf +qmmwqd4Ru6eKU1J6J/CkILt+iw7seb7Fh+zcDhA2o2fbs9QbNAJI4psaFEZ8xhsh +5BnpZlpWkU6v6u+pefApu88jxhZrXh4hwYSCG0oLI+tgKW9n8kq/7LBkmNNHC1Qn +RDfAIOqh7Kku5xx58u9dbBdUTLi5GPibN+TYR/1JftJI0l9B+xWjKebUGTxKJYY8 +2EHBB8PLicVVejGJcAEwpN7OafQDe5Iwla33mDmzqxaHWd6IOQSCB3Qm7JeXmv/S +pM+AYFVIoYvbpy37FTpf -----END CERTIFICATE----- diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/beats2.key b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/beats2.key index 9b2f1c8d..5efafba4 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/beats2.key +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/beats2.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCnmWePKN6g6znZ -ovryrQQbAPwZ31IilvoYimoul/D32w8cyyR0ofN1BROSsLjTqSa7C+e/dYAhh5b4 -VkV5D5Z7j4Kkxu6p0osTNm6v4uuE1BClD1DI+M51qjfVz2kSO9mvwycXrTib7UKi -jYdphHExBUCkInm9zffjdkOktIC9I6eU7RbhRIqbcDrskb1ZpdknON/VGQsYc9vs -mbnWFbr3aZLxJBpv6ZzpVVq/EBSSyJnzJKxmB/wXqmDkUKRk5dkZ8vWceeb4GBnb -P3GUQPYfemFROxNLvZssBbI6sbIfj3tgow+eTUuCzw+CZGj14n04XtWB/mb5C86W -PKV/sGZHAgMBAAECggEAG8mxg+jw0JlvpAgDt4y8K4YERn3ibl295ae9ZzBGAbJO -VSXRS402gmZvElk+q8lV5JlauUHQFr8WZuJW7nWJK79ll9Br7bg82tihjYQALKvE -frmFWWz3PkcUrtyOvTkzJJMkviY4RpIWBEGW/AW7hrcqOoyExtWJjisjmAFdfv5P -jxv4EPWm3vkFraU/VlU4jJHL3ePFwsNx3qoY9LN9o3YQxPkUeNQXIeM+5FkhymSA -s8zC9u3CLFMO6FkerRA6045mqKcgqkwUtBZ1ozyWzNW0olzbJY0H36X8U7M5Om1T -L4rZv2aKvPmC4RjlyaczQ15bZqRIPdnnguxXWgiCUQKBgQDcXft5F77LQR0XJQkF -tXm17S932haeSYegCWVt20IYDBFQ6MkIFYqqHkHlpOItUG8Iz2x0UK9mwAr4tVhG -ZpK0bHAETqY8VfL/mnhxtAQTlQYBn0esKM4IFyJVPW0zHL2s4PaLw6pKpehbttB3 -tB40k0Y/SjWCx11iprGlLpgUhQKBgQDCsx1c1a+X8j2LMN8QbJr9KLxbB7FvVxHS -Ae1L9gKPM3HKj3Nl/gDmHl/R18mVMDO0SJRj6WnlueKF7gn3OLtHpTyWkwDSss7B -kfvfv2PmIq+Fb6ptKH3ji636O/6Aet3s6t6quMBC4331j0UvWO0dYDdigRwtgkCN -15wZYCEfWwKBgFvv4dCddX47BjX3v5HgKo0aDWnFVRZouuqrwONaTHLX5gmJdQWo -ZxeeVAPJDIu3OPvF/gtw9hy6Flm43sFQXfhkHT/OyE/308+L1KAraF/7Fmxq1W4g -AAUkEbDaVcqzPPb5TCL3WP6XxR8uYD7wqIFqyC3zeeu73VwhC5BMpio5AoGAOLIH -vtzKwShdG4cjrZiymT2fe7KFzLJCEjFVdGUy4ZhNbnrPU8ffYyM9K9H2dWcP51Or -QlzZ5Xd3qyBh7oeqoXZQalhsSO6gnmVwPvtwj7dR/T1DF35PCk/GXbPSrH8a2L6c -EIK0GcY9C6CouNzgT0mRVzHZjrb7LVK3tfv0KTkCgYEAn1WhGp9Et9w7w6RPwMum -tWE40BsPS6s3h9y0MtdhZeRjsmk2FqzC7CckpIzB//HLL5Iwu1etH5ug2YjftHD0 -khCOBeUWB6qmiSUIjxUr03K1vucpv1BgM+lswbRDFYDpHPVdQqbFMVKWDoJIgdoX -/tArYRefViuNa9YSlCZCa0k= +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDsjDC/sh/p0QeM +4Of55W5mbotwLRfUWliKVw/Yc24Bx8n4AMr4AmvbHYhWy8Hz+YhNNMtyKDSkfRBr +YZYfQJ4VbbB5OE7zYoi85TItFZ80T6fJ3NaO70wUvYxs5kY5UxaXNkhSYIW9C7aF +qojNHRoGqL+dpWisjN/Z2+h0IQr0kqpaC59c9yo4+jcHVhwJpxrZXtynC1f+NLDG +a0eSXrSf07VW34WpOTGfb/GzbYflvMY+QzPkxAal5RsoAAWR8MxV0CBEWCj93iXA ++R0vNI/LdHGH//wAcZXBtnEZeF5vE5zuBHB5qCF1oKYz+bQUa4/fSdkR4VZugnna +d9ePKeRpAgMBAAECggEBAMd0PfalXztsQY2MZo3T4w8Dzxc7Loij1VxwpK/CRNPD +fo1bPcl5YTBU6o0lKdlqYn+XMKSFOj4oJhwlIMwhVCqFXvQXgpq+TsXYDELvpFob +gEM5rsC/Dcu/OBTq5fOYF8hQwRKUyK/qnHCApvEsxLEwwMFQo7462tV8E7k302D8 +WuJmIT99hULi2mLIEMVMVT4XFxwAjdSs/u/Lk13ppIudL6HWPkrX3v4w/095f1pq +o7ZMcw/x6P7k4mns+VQB7uhMcw/STD6Aak+MEymy81zx6l3qhi/xX7Siicy20Z5K +4vs6vawWq5GsWMhsnwzFPBqWWk3hGgmVnjNL6yG9NnECgYEA/reNvUFVNuxai2Cj +FQNNCCx8zIK6SVysyQsEXUutK9HrlavMGCSglm/tcYnqlNEIre7u4B89BDHf3UWE +yzsZbXa4+PPO/9Gxy1vA0ZgQ2mBGphbyFGQOkm777ZXlXWUODWg/5QV85OYuBAOw +yXvoWF55UzVBtAqQb7pdn4fFC6MCgYEA7b01SDQ1unIS0EwODT6pQsm7z3SvcYXj +gPBxhL19Bp8ELrg5Un7N9zxoN6Gav4w3bgvqFcjzdvhDuIaN0Ujo4xOqKN6yNK0k +n0FVaa0DqhQUSAFGEgjUa/l+UKtkwmtOEJ2EF1i5OC9/L5eH3gHNUQoFqhtHOa4f +/xOyFZKmUIMCgYEAj12S2p3mL6ayg9ZdlBsqhVo82AMQhPAzlGiuCTDqBEsAFVr/ +4erjtCjFdW1R6ncJMpTUQLN0bWMBBJL3XkgiVLlI/V6E+Pn232YCTjYP7knYGe26 +TX3Psd3j0GLZGUsisKsno2kGVfO0nK/TFmS2bt6l3Q6Rr5tulmRIA92wK48CgYEA +h25f6hAEA4B0g0CwSI9HsQpm+RmJ0GvrXEqdAHdJv/naUhsUXJBsGMnKvNZM542j +DgevhFWDjGSFf5r3MyALu0A6kSm77xIraKW5WIf9LGhf3V0MY72v9QqeEKpyreaf +BAwXcY1ThlRYae4ysh/orJ++9lavzoYJKDA6JNvz7q0CgYA57T3TNnDzODx6rT5z +dLOdgvJ85EVSkL3dzQiadfg9wPbY7ATXdO0gURl9DRV0Ox1LutWr0cXwiJJvQK4H +MCLuGK90oG91vEzntHRZ12u21RncjP+jNGAPUUb6JRvSquk2hK3AgnVnKC6FNTWK +a1hoxt+Q2SQNuWp+7lG+abxtaw== -----END PRIVATE KEY----- diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/cacert.crt b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/cacert.crt index a001678d..debdf7e2 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/cacert.crt +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/cacert.crt @@ -1,23 +1,24 @@ -----BEGIN CERTIFICATE----- -MIID7DCCAtSgAwIBAgIJAOnl++UeR/L/MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV -BAYTAkNBMQ8wDQYDVQQIDAZRdWViZWMxETAPBgNVBAcMCE1vbnRyZWFsMQ4wDAYD -VQQKDAViZWF0czENMAsGA1UECwwEcm9vdDAgFw0xOTA1MDYxMjI4MDVaGA8yMTE5 -MDQxMjEyMjgwNVowUDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8G -A1UEBwwITW9udHJlYWwxDjAMBgNVBAoMBWJlYXRzMQ0wCwYDVQQLDARyb290MIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv308G8JNjFEhcr3CYzE4p0No -sXxcrIM2i7I/KC1pBIK7XiB7f+g0TLmZK/0+ySlEMOgbITRw11MX+PfeJiMjFLcw -D1pnrehIdRPqnCdFxGKs5Y4uZ0KgDTVC2GX1pjN8BKBFalPPvHE4Yh6HJKSv955k -HsE03k+e6CEBdSdxaJkXq4OX/LwHH8VM3iIepclhny8bgVIbWIhyVUq81yFGHbwA -A2NPs5O2Vhb0klHJEjWFnkLa10SnP3k40922NHghnywukxsbRTYTYylpIzg1BSow -hVy6R3FcRerDig2bTdje4yZWCMDx1LhQhyMFivdzblBpLx+NtaHpfvQdVtqApQID -AQABo4HGMIHDMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJVU6SXb7bo+4nMu -yH/b88+qTSjUMIGABgNVHSMEeTB3gBSVVOkl2+26PuJzLsh/2/PPqk0o1KFUpFIw -UDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UEBwwITW9udHJl -YWwxDjAMBgNVBAoMBWJlYXRzMQ0wCwYDVQQLDARyb290ggkA6eX75R5H8v8wDgYD -VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQBWyni+iKihNtyNDnbM2fX/ -FjNRCPsRyBSIQBlos+SJoTkuYhNTVdwqXuwReLDXSGWqcchGwpU8d2o3yNcmFExE -GaCHdGSoJPmR7t/SnYI9/KT4Ul2jUuZu5b81bcPJcC9fLdfOJcrlX2EpLvtlKM14 -PyK3+TemXyToNcQKzY79UFJoKODxQVw/aBgd9Mtl0nqKkjFFDAHFqpAtSRLSPdVk -Mq8BNqwNgeY/Jy3qy1qdndEFwARYgi4LEkGXKSwkoVPCnf/aGeZqwDtaLZm7vHR/ -upLtUyGOauoeez/p0QyxZiyktUaph9qwRUP6hSS3RToj1GnsydJliIC/rm3TgONo +MIIEBDCCAuygAwIBAgIUXwbLbwGjWWlQNrMUsdDpKzeGixEwDQYJKoZIhvcNAQEL +BQAwUDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UEBwwITW9u +dHJlYWwxDjAMBgNVBAoMBWJlYXRzMQ0wCwYDVQQLDARyb290MCAXDTE5MDcyMjE5 +MjkwNVoYDzIxMTkwNjI4MTkyOTA1WjBQMQswCQYDVQQGEwJDQTEPMA0GA1UECAwG +UXVlYmVjMREwDwYDVQQHDAhNb250cmVhbDEOMAwGA1UECgwFYmVhdHMxDTALBgNV +BAsMBHJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtXsn+VCrW +ibutoByM5EeIK29XYffBwN78EeNjDdaZZqMF4wGZZ6z2xQXH6mFx+m1gjnf5R2qo +yfentYH5VRZz5AEtBGPsOqMffV9u5PkHSo/2ilCX40eBVp5u3qh6aFPZ5DKqexWu +5jUMYolTXpvAtML5YbMH9XvW6pn5WAqwHPLNe+fVuPg4tJN0u/ff0wKqSUBIhVOP +7EPhz3yLflACScgj+LPXz/5gtUXe9RR5RB8zyWGfNL91eoVVaApcdp4kIU+DHmgI +p+T4CpgdYWsYuOWH49F7RJyLpocUU4H+heeC4+zH0LIUcELa+n/M2DUDW3RE109a +tv9OEJKR8/YHAgMBAAGjgdMwgdAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +fyEN1Qe7FlWa+2RBnl8Vd4ZCFkIwgY0GA1UdIwSBhTCBgoAUfyEN1Qe7FlWa+2RB +nl8Vd4ZCFkKhVKRSMFAxCzAJBgNVBAYTAkNBMQ8wDQYDVQQIDAZRdWViZWMxETAP +BgNVBAcMCE1vbnRyZWFsMQ4wDAYDVQQKDAViZWF0czENMAsGA1UECwwEcm9vdIIU +XwbLbwGjWWlQNrMUsdDpKzeGixEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +CwUAA4IBAQAANxJCfDMcNNnAVRlXLdh+loVx8Y5STf1gTgX2gtf9tHZGYE7/ix2P +dG1uQcEz/ETlcGSWRZcQSNR8dNeBi5YWK5dmDUD7reQr3FoyIDvPGHyIcF3clglg +blYhsQN0TVwx4G3kZDenjzKNSyVLR81opLq/PDIGW61ZCioJUQKs5q+IqsKj+okn +in6/b5YfQqyTDIWY3IPiXjvcysbKC0pYc0TkmwGUnidxDny7txrVCVJ1vwIedQug +B/UOjVxi0qsNwpWS08mwEOVvgvObi0mFoGQl8l427M0kM//86NM7vDc4Z0QYHOlq +A0ZjtnSbR3RqfhBGXV3BL+GHtXevn55Z -----END CERTIFICATE----- diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/cacert.key b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/cacert.key index 4680417f..e864b93e 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/cacert.key +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/cacert.key @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAv308G8JNjFEhcr3CYzE4p0NosXxcrIM2i7I/KC1pBIK7XiB7 -f+g0TLmZK/0+ySlEMOgbITRw11MX+PfeJiMjFLcwD1pnrehIdRPqnCdFxGKs5Y4u -Z0KgDTVC2GX1pjN8BKBFalPPvHE4Yh6HJKSv955kHsE03k+e6CEBdSdxaJkXq4OX -/LwHH8VM3iIepclhny8bgVIbWIhyVUq81yFGHbwAA2NPs5O2Vhb0klHJEjWFnkLa -10SnP3k40922NHghnywukxsbRTYTYylpIzg1BSowhVy6R3FcRerDig2bTdje4yZW -CMDx1LhQhyMFivdzblBpLx+NtaHpfvQdVtqApQIDAQABAoIBAQCPsNAcHG/IrVCm -I1Ls0BCtIt464RFBuqyBo13VLk4xvlAPT9ycnIgyUstnwP8OQFMVR/ajshBC4+2H -O6iNgaxfbR85RiOq0jUc9bcFOksWFN2c3FZh0hL8Fk10yP3Om6+iYQn1wbKOu38N -0c6jZplM/KQwl9auQ50An1PSr6hgTcOBSqWtLHGju0NCYMZm8GLfn1g7dhV+49tL -tsg0HKTGVpsFecs4teAHtDJrh7HufbFJqP2eiLWXc9jZXBwSem5ybed1Jf9MD7E9 -jGOZdN5Joag5cDwlq/N4aEdj1S5a7JluhZ2IhqrJOWUEiDijzt1B0BTl1G7uG9DV -2aunM3+5AoGBAPEWD8wwj224vUQks040a9+PdsnqzlMbOHNN4ZVUhn0W5yawWTzz -wg6a2FDyqkubAQnKp4LeEq86hmDtOSppFObRZZVjtjhkULBBL3245ttLqCTsc9Y5 -WbjTVuXz4kEVWWjr2sgcqB1SNw4io98iZ0MOnKdac3TQqsGRsa3fe7ubAoGBAMtV -vDiy/9kLgzljUm3pwXzFwgshpdpZj7N84SS0dZI3nGcnuYS6YO4CSgyUeNnVHZnj -EOEEmqcCXpuSiVLnpBDKUUPkNSDAcHaQW3dXk0POefI4OAnjwpLHBhkN97OhlUqJ -A8I80vbjU+g2I8aNgS5RvodssxGakDya55RuiRi/AoGATXugsih9QG9abPc6pYzV -irFqJTURAMbD2tMSCFN1MejVe6q704ooOVds5H9JWilEKSh3s+i5qpWtsKMtd0L0 -k8aC1oOIghFDmZIpuEdf8uUa8lsIU7Z07qEF0bwTYIWDCeSbmSsUoO/Wf/WEI2fE -NloQ4PyCFO4nozS3HUGxW7cCgYEAv5REB1f/30wNk6CVJaI8/4aEUWCel6AS2RYs -Ox0cOWvUHQ08qmXAtf/KLRgm1XcKsNdUK+7el8SPxxzF7ir6VieJceIufHFUhSF2 -THdi9VwxYZq+kfLafNiwUiLq44C23MdDl1sfmiaOBBgelRD2SeITFh3AijGK/M8m -qp+K5JkCgYEAg12rljq5MwWf8n+ykfWXfwkaKgs358RKd7Bfd2D0LpiRz/1/ywXb -Qm08mdl2tudAcHLK86hu/I/T+1r1siQCKrBl9ESUkSgGwUyq0UxImhj+4Pg1DsJd -n3ZTsFrORZP6+PzpCkHY4QOW069JJVOJcJ5EbB78VWumOQhrZ2jJepw= +MIIEowIBAAKCAQEArV7J/lQq1om7raAcjORHiCtvV2H3wcDe/BHjYw3WmWajBeMB +mWes9sUFx+phcfptYI53+UdqqMn3p7WB+VUWc+QBLQRj7DqjH31fbuT5B0qP9opQ +l+NHgVaebt6oemhT2eQyqnsVruY1DGKJU16bwLTC+WGzB/V71uqZ+VgKsBzyzXvn +1bj4OLSTdLv339MCqklASIVTj+xD4c98i35QAknII/iz18/+YLVF3vUUeUQfM8lh +nzS/dXqFVWgKXHaeJCFPgx5oCKfk+AqYHWFrGLjlh+PRe0Sci6aHFFOB/oXnguPs +x9CyFHBC2vp/zNg1A1t0RNdPWrb/ThCSkfP2BwIDAQABAoIBAQCQmLJYENL5xD5n +/VZSnEKc670dYHRHgRl5m2HPR8doghYN3tuCmtnDp2e+6VkEux1mnuypWEs5I9oO +YnBZCAKF/fCNH1BHwlAy/1oNH6Qj1Khls86sH7+PvDK/va0/CqyE2rL3RVk8Wnx8 +K+LlSc8V1q2XWUj8pl33TgvFzwx6/QpmGa1ofK84GaeWNskRt8xyf2HECiRl6ZFm +zZr2Ror3nRbgZK9FYWpcp6HUgxAH/8GQ3+8vMvftfTsDGD5TmmEq6CFgAFCVj92L +d7AZmNWR1483NzZF0HWOQ6ew9qrWkqVpER7kKKp/kkfoh2qXgvtQBTrw4IcCRwwa +szaSsIEBAoGBANiqXhBzPQJszm1Ajln07ZeyvgRB8PgzZXcAHS9AfGqh/mGQw5/X +3vqHdGiEynphoYtNqK1YT7RH7pkjkpqDzdunZGz1xog7i4ys8kVtivkDGlhn6cXI +4wmFcmyCaf76VPPr1RX8PNjsEKDK3jq1d86lBjSLPgcHT7J16WZgOcJnAoGBAMzY +QVNpjk1WNT7gid3MUXciIIZAovej4AiVyn97XxxLSyByXmNds65f3dM8NOJkJUvT +iV7pAjKl9pd1lE+WTNQSjCgSxw7G+4u9cQfNE7p6klAh/Rek76Mani9rAmQ2PdJl +EFaEgLom3wbR5eOkYURjw2jfqzFYQ8T1YZkWBithAoGAa3EYkknDIFe6ifzwWnWV ++Jr/lXbpuvspvrhEwLDWwb4xOkqiZ7qR7WSMemQXUFbn1/+bvNJFPB5LmI9GXO8t +f1Zj+5BpchctHYaJ4Znvx4odX2ewSo9S3t7ZHiwRygpzZD43fd6Ggf+WQ1Y2m6Bv +l/7Hs/i0uqGKiPHl2wmuutMCgYABZN9c7/T19cY6/VAy4DcVtne+MiZpxQW7STmt +kGtfR+vk9qJJztNwNlrOGzTI7aGLWI8wxCktqw94jGZL/FvdfZrSkv4jzZrcopdo +VC70L+1a+kA8rvSqiX3WGMZVZEEbc3CfBhvSKH2QEFGeMPowevVTe2Iw3cboSjs1 +zX6RQQKBgFV7gOstMfvixCSUCD2s5j/skhNJsB3Wd/tVYRbl/vgA6hHW8UOy2oWv +UTE45vJNVzRv030G5katjOYhlxHf9rpeSAbeIyty54I3X9/vDJZLXwe8WilQjUr7 +Dw8yNwH44j/0s8xcQXG8yE0h1Aa9GxHHtJtYrRYdx7sSwNHtwpnp -----END RSA PRIVATE KEY----- diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/cacert.srl b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/cacert.srl index 0867f62a..fc2d089d 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/cacert.srl +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/cacert.srl @@ -1 +1 @@ -E23A090A1A1F5882 +79A07BBA4D838C033672E465D24684F65CBB2E3F diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client1.crt b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client1.crt index b3bc1161..c3139a72 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client1.crt +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client1.crt @@ -1,47 +1,48 @@ -----BEGIN CERTIFICATE----- -MIID/zCCAuegAwIBAgIJAOI6CQoaH1iBMA0GCSqGSIb3DQEBBQUAMFAxCzAJBgNV -BAYTAkNBMQ8wDQYDVQQIDAZRdWViZWMxETAPBgNVBAcMCE1vbnRyZWFsMQ4wDAYD -VQQKDAViZWF0czENMAsGA1UECwwEcm9vdDAgFw0xOTA1MDYxMjI4MDZaGA8yMTE5 -MDQxMjEyMjgwNlowZjELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8G -A1UEBwwITW9udHJlYWwxDjAMBgNVBAoMBWJlYXRzMQ8wDQYDVQQLDAZzZXJ2ZXIx -EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAKTr/41kAvUYyab5uHW7DvO7ufc554ZmwgbohIK+HiGfMREaG4yG0JCO8pIe -aI6XjRDI7SuFTWRG15LaNItQ5Ks1Fx0c+qvcrmpm2nsPmOMRzNZlD0MoSvEtFxuO -sytqAeoKec/zI1yQ51CEu1KpmXTzsHy3mt0MuqN/FmeNMeggrAaKuHgUR8q+Am5K -5iDLlUzmgyxD8p9tafgZZW32llAJOh1Akvd2IZZ/GiHAAXUQe6XMbW+nYhyEEaWR -6rHVA1Iifsi6SyGJ4DXq3qeEZA9ScCkPapbJJRrWFjKKkrDzhUExPhsj+btMYRYE -kP7sNQDaiK9s3OvKKjw4OB5KEzsCAwEAAaOBwzCBwDAMBgNVHRMBAf8EAjAAMB0G -A1UdDgQWBBQ77Zg0Chqvrl2VkAnia2+wnBmC9zCBgAYDVR0jBHkwd4AUlVTpJdvt -uj7icy7If9vzz6pNKNShVKRSMFAxCzAJBgNVBAYTAkNBMQ8wDQYDVQQIDAZRdWVi -ZWMxETAPBgNVBAcMCE1vbnRyZWFsMQ4wDAYDVQQKDAViZWF0czENMAsGA1UECwwE -cm9vdIIJAOnl++UeR/L/MA4GA1UdDwEB/wQEAwIF4DANBgkqhkiG9w0BAQUFAAOC -AQEAfFZFoTsyPgd9LxML5pMXfRtXTaCAuWRJjS6BPTsW9S/Z4GXBYl1eyqPDwz0i -kn/0mPi+GmFNdf4WY6LUvrKqQ82ho6wg8Nso+2p+dU21wCBaNgnD8rS4Cq8atfzx -9H3SU0dZroRrmwfdXaPwyiV2L8gltyR/j2co/FXvJhdXU/moUjHByonPuyt3Us8W -dxPmrUVJ5ohM5CheHVUPmIGtukqsadBgnlVLZCOp3gzerh/1enLYkCli+ShOGXUp -p+HOIW/DeGyMYY1GKGqJdQxSFxUTYD7uN2+L3xi+9Oi9vRbhYfZTl0eLvDZWdUWS -FR8qF5sUX7FZNJ5/n1MRX/8GZg== +MIIEFzCCAv+gAwIBAgIUeaB7uk2DjAM2cuRl0kaE9ly7Lj4wDQYJKoZIhvcNAQEL +BQAwUDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UEBwwITW9u +dHJlYWwxDjAMBgNVBAoMBWJlYXRzMQ0wCwYDVQQLDARyb290MCAXDTE5MDcyMjE5 +MjkwNVoYDzIxMTkwNjI4MTkyOTA1WjBmMQswCQYDVQQGEwJDQTEPMA0GA1UECAwG +UXVlYmVjMREwDwYDVQQHDAhNb250cmVhbDEOMAwGA1UECgwFYmVhdHMxDzANBgNV +BAsMBnNlcnZlcjESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA3jXEj7vN+BDlj6cYblKSml0FWpO4yi9C58cubXXDWXI6 +hdpzNpDa0+n606Jg4eVZpFUZPTnnjQmFIcesO0+i85V4Etswr4T22uobDu1AWV7n +26nDMY/vlf+kDI8H/uFgxQg/Htuh12nHuYrjIS+ot/D6gThwIWVldu0TaBaFfvL5 +5qTPRJoteiBPo5y+VuWLhzPWg8cQYZ4KJ4XREk8H4d7PqFRHp+zATfn2YLBjUK7Z +zd0W3mxkdB2P7MnzZuH5n5zrgJ8OI9voopX8QadMYtUSeITP1INmNKhi4vLbpZjU +mt+N/u1G6xwbuyJiSlklBoXdRcWj5kSljpLtF1evvwIDAQABo4HQMIHNMAwGA1Ud +EwEB/wQCMAAwHQYDVR0OBBYEFAuDdHxE9/Zr7iVwfnUJ/lRtJnZkMIGNBgNVHSME +gYUwgYKAFH8hDdUHuxZVmvtkQZ5fFXeGQhZCoVSkUjBQMQswCQYDVQQGEwJDQTEP +MA0GA1UECAwGUXVlYmVjMREwDwYDVQQHDAhNb250cmVhbDEOMAwGA1UECgwFYmVh +dHMxDTALBgNVBAsMBHJvb3SCFF8Gy28Bo1lpUDazFLHQ6Ss3hosRMA4GA1UdDwEB +/wQEAwIF4DANBgkqhkiG9w0BAQsFAAOCAQEACzuX6AiVHk5Igs/LdOW2sJ9lm95N +Su1PQCobM0Jo8wX3pDAEQlLmaWTDcr4bfrQPfI8pih1F89DQU9z0nzNCRfxiQaA7 +myF8ftvf8v5j3LpaPWlkdWgCRieCl58fgy5vtcKx73eTY4a6SRB4zbWpl0rX9H6w +En1kQbpCJDzh8W+xmr8AKvY77CSC1vt7TaKan6F+fGwbt8kIng6P6C7dvMGsDKQN +2Tiq/wtH16DB8mOeO+zfxJfa84TPWL4UcSbZJ8w5Fyz4GJormaymxJGtKv58RO7J +u63WF9vlEnKGyqY1FckTsp3P9ivGEb/Y75+NyRwmNq5VO5BPrRBMOF3VAg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIID7DCCAtSgAwIBAgIJAOnl++UeR/L/MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV -BAYTAkNBMQ8wDQYDVQQIDAZRdWViZWMxETAPBgNVBAcMCE1vbnRyZWFsMQ4wDAYD -VQQKDAViZWF0czENMAsGA1UECwwEcm9vdDAgFw0xOTA1MDYxMjI4MDVaGA8yMTE5 -MDQxMjEyMjgwNVowUDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8G -A1UEBwwITW9udHJlYWwxDjAMBgNVBAoMBWJlYXRzMQ0wCwYDVQQLDARyb290MIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv308G8JNjFEhcr3CYzE4p0No -sXxcrIM2i7I/KC1pBIK7XiB7f+g0TLmZK/0+ySlEMOgbITRw11MX+PfeJiMjFLcw -D1pnrehIdRPqnCdFxGKs5Y4uZ0KgDTVC2GX1pjN8BKBFalPPvHE4Yh6HJKSv955k -HsE03k+e6CEBdSdxaJkXq4OX/LwHH8VM3iIepclhny8bgVIbWIhyVUq81yFGHbwA -A2NPs5O2Vhb0klHJEjWFnkLa10SnP3k40922NHghnywukxsbRTYTYylpIzg1BSow -hVy6R3FcRerDig2bTdje4yZWCMDx1LhQhyMFivdzblBpLx+NtaHpfvQdVtqApQID -AQABo4HGMIHDMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJVU6SXb7bo+4nMu -yH/b88+qTSjUMIGABgNVHSMEeTB3gBSVVOkl2+26PuJzLsh/2/PPqk0o1KFUpFIw -UDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UEBwwITW9udHJl -YWwxDjAMBgNVBAoMBWJlYXRzMQ0wCwYDVQQLDARyb290ggkA6eX75R5H8v8wDgYD -VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQBWyni+iKihNtyNDnbM2fX/ -FjNRCPsRyBSIQBlos+SJoTkuYhNTVdwqXuwReLDXSGWqcchGwpU8d2o3yNcmFExE -GaCHdGSoJPmR7t/SnYI9/KT4Ul2jUuZu5b81bcPJcC9fLdfOJcrlX2EpLvtlKM14 -PyK3+TemXyToNcQKzY79UFJoKODxQVw/aBgd9Mtl0nqKkjFFDAHFqpAtSRLSPdVk -Mq8BNqwNgeY/Jy3qy1qdndEFwARYgi4LEkGXKSwkoVPCnf/aGeZqwDtaLZm7vHR/ -upLtUyGOauoeez/p0QyxZiyktUaph9qwRUP6hSS3RToj1GnsydJliIC/rm3TgONo +MIIEBDCCAuygAwIBAgIUXwbLbwGjWWlQNrMUsdDpKzeGixEwDQYJKoZIhvcNAQEL +BQAwUDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UEBwwITW9u +dHJlYWwxDjAMBgNVBAoMBWJlYXRzMQ0wCwYDVQQLDARyb290MCAXDTE5MDcyMjE5 +MjkwNVoYDzIxMTkwNjI4MTkyOTA1WjBQMQswCQYDVQQGEwJDQTEPMA0GA1UECAwG +UXVlYmVjMREwDwYDVQQHDAhNb250cmVhbDEOMAwGA1UECgwFYmVhdHMxDTALBgNV +BAsMBHJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtXsn+VCrW +ibutoByM5EeIK29XYffBwN78EeNjDdaZZqMF4wGZZ6z2xQXH6mFx+m1gjnf5R2qo +yfentYH5VRZz5AEtBGPsOqMffV9u5PkHSo/2ilCX40eBVp5u3qh6aFPZ5DKqexWu +5jUMYolTXpvAtML5YbMH9XvW6pn5WAqwHPLNe+fVuPg4tJN0u/ff0wKqSUBIhVOP +7EPhz3yLflACScgj+LPXz/5gtUXe9RR5RB8zyWGfNL91eoVVaApcdp4kIU+DHmgI +p+T4CpgdYWsYuOWH49F7RJyLpocUU4H+heeC4+zH0LIUcELa+n/M2DUDW3RE109a +tv9OEJKR8/YHAgMBAAGjgdMwgdAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +fyEN1Qe7FlWa+2RBnl8Vd4ZCFkIwgY0GA1UdIwSBhTCBgoAUfyEN1Qe7FlWa+2RB +nl8Vd4ZCFkKhVKRSMFAxCzAJBgNVBAYTAkNBMQ8wDQYDVQQIDAZRdWViZWMxETAP +BgNVBAcMCE1vbnRyZWFsMQ4wDAYDVQQKDAViZWF0czENMAsGA1UECwwEcm9vdIIU +XwbLbwGjWWlQNrMUsdDpKzeGixEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +CwUAA4IBAQAANxJCfDMcNNnAVRlXLdh+loVx8Y5STf1gTgX2gtf9tHZGYE7/ix2P +dG1uQcEz/ETlcGSWRZcQSNR8dNeBi5YWK5dmDUD7reQr3FoyIDvPGHyIcF3clglg +blYhsQN0TVwx4G3kZDenjzKNSyVLR81opLq/PDIGW61ZCioJUQKs5q+IqsKj+okn +in6/b5YfQqyTDIWY3IPiXjvcysbKC0pYc0TkmwGUnidxDny7txrVCVJ1vwIedQug +B/UOjVxi0qsNwpWS08mwEOVvgvObi0mFoGQl8l427M0kM//86NM7vDc4Z0QYHOlq +A0ZjtnSbR3RqfhBGXV3BL+GHtXevn55Z -----END CERTIFICATE----- diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client1.csr b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client1.csr index dda112df..4f36c0c3 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client1.csr +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client1.csr @@ -2,16 +2,16 @@ MIICqzCCAZMCAQAwZjELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8G A1UEBwwITW9udHJlYWwxDjAMBgNVBAoMBWJlYXRzMQ8wDQYDVQQLDAZzZXJ2ZXIx EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAKTr/41kAvUYyab5uHW7DvO7ufc554ZmwgbohIK+HiGfMREaG4yG0JCO8pIe -aI6XjRDI7SuFTWRG15LaNItQ5Ks1Fx0c+qvcrmpm2nsPmOMRzNZlD0MoSvEtFxuO -sytqAeoKec/zI1yQ51CEu1KpmXTzsHy3mt0MuqN/FmeNMeggrAaKuHgUR8q+Am5K -5iDLlUzmgyxD8p9tafgZZW32llAJOh1Akvd2IZZ/GiHAAXUQe6XMbW+nYhyEEaWR -6rHVA1Iifsi6SyGJ4DXq3qeEZA9ScCkPapbJJRrWFjKKkrDzhUExPhsj+btMYRYE -kP7sNQDaiK9s3OvKKjw4OB5KEzsCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCD -cjRosISvtyThvVFPq0dHGUZtyvOBPbIcz7/OH1DYQNZ9SO9LGx9i4oEwsiQv0EyF -ip+iHGC7Lbt0PuLTO5waks/JewAgpmvMzXK2gCJt8KLmfylaivSw0US4/VEA+B6z -VmD4Eg2VRpoJfjtgtCtGi0NJiGY0HLqWHDXStkTGczhdGAjO+pW2/2JdNC8JTeaN -ou23gAJZJ+MJxMo8cIi1K0eXRcayFy0Kxg+j8xMLo8ptF1u5TI8pkH66n94KqxA9 -LklxhbrVqXbDqYTEPAIJ8GThfDzeiBJ8lsKuafwyMFIH4VQp0SW4G56/J4B76usB -fjSf23GqX5dLfX69ztVv +ggEBAN41xI+7zfgQ5Y+nGG5SkppdBVqTuMovQufHLm11w1lyOoXaczaQ2tPp+tOi +YOHlWaRVGT05540JhSHHrDtPovOVeBLbMK+E9trqGw7tQFle59upwzGP75X/pAyP +B/7hYMUIPx7boddpx7mK4yEvqLfw+oE4cCFlZXbtE2gWhX7y+eakz0SaLXogT6Oc +vlbli4cz1oPHEGGeCieF0RJPB+Hez6hUR6fswE359mCwY1Cu2c3dFt5sZHQdj+zJ +82bh+Z+c64CfDiPb6KKV/EGnTGLVEniEz9SDZjSoYuLy26WY1Jrfjf7tRuscG7si +YkpZJQaF3UXFo+ZEpY6S7RdXr78CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQDM +2cECtcKs8hyxp9Sw3JtFXYDbvDcotAflLkVR2n0OVKg7MrOBlUCjW439tqsnCv9n +JliAwCo5hKSrVrw5ViDod+h8rm48TcSKf7bPEe26e3ojjW+FHgi+B48BGBtzv1RU +WCWDoKYPtCKrpzPbJCmpcaabbTrf893pLlMlMolMoY26vzngi/5hGaOdX8Abzoim +m8BnRGq8gYX11S3qZW5wVc9xbfkhRh8CprhY1SyuQ0qZsXLaIamvs2oCRi0U+9mn +KHDsL1aCV3vtBUbtsk++g8GS9YrpYNkZSAryjOsBod7E0zzxKB3QuVfzjE0J6WEB +xMTOWweKHegF1uA8Nsa6 -----END CERTIFICATE REQUEST----- diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client1.key b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client1.key index 61603d58..ce5274b7 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client1.key +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client1.key @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEApOv/jWQC9RjJpvm4dbsO87u59znnhmbCBuiEgr4eIZ8xERob -jIbQkI7ykh5ojpeNEMjtK4VNZEbXkto0i1DkqzUXHRz6q9yuambaew+Y4xHM1mUP -QyhK8S0XG46zK2oB6gp5z/MjXJDnUIS7UqmZdPOwfLea3Qy6o38WZ40x6CCsBoq4 -eBRHyr4CbkrmIMuVTOaDLEPyn21p+BllbfaWUAk6HUCS93Yhln8aIcABdRB7pcxt -b6diHIQRpZHqsdUDUiJ+yLpLIYngNerep4RkD1JwKQ9qlsklGtYWMoqSsPOFQTE+ -GyP5u0xhFgSQ/uw1ANqIr2zc68oqPDg4HkoTOwIDAQABAoIBAAmZr1OkucNYwQxW -RxWbYQBxMh8hIMgjHTJXwLb3qDtez/Vl5qqkgmmX2KkG2iFK0yxh9eRtqxamRRBI -YXympdkNix3nvPPaMdEB0cAOJWE6fQkR8vR+2PX3IPw6r1Vco2XjXDnttmZCDSUT -xO/H7aXwNZrc+Ufa4NZ5pG08u+X+QPk1jtaTmD3ebgygC2g3vI1FmXtf+8QcfmcU -ymOvAOrr/tHi/9xL1TVtPMOCnN2k7ATzA1yZ4Fh6mT/OkVLszLorkFBUfymf1RKS -3Locd7wLvUsAZP8NF+k1O98QegNfRkYIHtAl/PlqZbn6mKgyN1fq5kiT9bfnmDL6 -ccUcM1kCgYEAzZl+s7+yUEsEX49HtTZiYw3DZVuUW9MqruSn6x+E3SggkSt91fAt -vJuHw0G9z6eZecxshcgpI6Dz9Gp9yC7/5DkDlbMZr6aUrKPEdCrD6ARl/UW6N4JA -MZg0d3foSpoxc7hhoVntgydox6TVHV/SZaQaOyi3KS7y+VyGyWXwtp0CgYEAzVnA -qHGgYqHV9ZsqG+UIcsy3KdQTsrTkJbtj9VetmzuTdK261k6ADndpziKMziL4EeU/ -8VfTRJC0TR2QvL/BFLL4OfONLm3OTT6LHkJtBKGKDWC0BFijmAcmrlgaQezu6ty7 -J/n+5KrhcUn5qLbdLeb32d/w70SAwSzRqLo63bcCgYEApyaQlNBXxuGGV65kDRZ+ -3KsW3XOb5R+DxxaM0iIY4bg66esi7ejLNlh4Aq2TBJzssNIatJUrpRS44VAmnLZh -Qgl8OZuXWW+j1ct67zrJdPsGc+fZYkGZsPheR3aLuwMrCzqu3QAAki1bCVygCraZ -lhrZXJlYd7n8vfCUgG5JSh0CgYEAnx/NirmB7uw5P/jcyIDR6yN3S5JrMS+7GwH6 -k0M94+xmdyOohCiQUqV196YONi4izLs4sWu86oS3MoqWfayZkdCdSUrRPAkatACj -DO+sSspij7s/w55sJoJkFvVuY2eWO6iP3op6WfeQepk4POR2v/saVFqT+NS8cPSq -AnVM6EECgYEAycBu2xqO+EhijVz4M0E+UxAY2mLxpsnop0GMrYe33lysD+6ZFbGn -vwZlOqkp1TZ4CJvRLtbo21Qf/ZqPz2lmhR/ICrr/avQeFKbv1c6t5f8gtoX9XlAu -5FMVBDS8Pdox9QBMY4TbHACsdlo4vZUyE+xGscMrx8g2HczBipA+mS4= +MIIEowIBAAKCAQEA3jXEj7vN+BDlj6cYblKSml0FWpO4yi9C58cubXXDWXI6hdpz +NpDa0+n606Jg4eVZpFUZPTnnjQmFIcesO0+i85V4Etswr4T22uobDu1AWV7n26nD +MY/vlf+kDI8H/uFgxQg/Htuh12nHuYrjIS+ot/D6gThwIWVldu0TaBaFfvL55qTP +RJoteiBPo5y+VuWLhzPWg8cQYZ4KJ4XREk8H4d7PqFRHp+zATfn2YLBjUK7Zzd0W +3mxkdB2P7MnzZuH5n5zrgJ8OI9voopX8QadMYtUSeITP1INmNKhi4vLbpZjUmt+N +/u1G6xwbuyJiSlklBoXdRcWj5kSljpLtF1evvwIDAQABAoIBABdTza7JKHZCT9ck +04vBX2KVIVrA50VScNOkNVuIYVmihEJJDI9N5asZhRtykHkmeqKlzGCBE63asf85 +1vrjAVhQ+KoCGLpUWxXgPbbzcS3wqKaGy9cIJT65957Z5Rz8zAvjMb0rkXHryOvR +iMaTGkM1KRcntZ3L5zr06HSk6J7K8QCEexKHl7Q7Ki1498tvBWdJGeGWRiUtI89j +wOUdcf3pVSVqI7J8gmmqVwNrVMbVxhlen7nkckXofWAackYVQDBD+hU1n3doNKLa +NP6mZkI02BOB29WLDXLuHtKDZtgnXex4JUz6zw53uV42FCDoQf3DUiVsMEL8xRCJ +27H6bwECgYEA/w53zS00mNdYdXO7dGhAw3UYPc3PDyg6Z823BQzfdOzsn5Yw0BIw +nPgstzwzOL0kw2p/PgwkG/7LOsF5CWs2xvU3LhUdOhgmw4B5IbMOYvbkVoYGz+22 +HJf4qyexAr7tKCITB+LCzUwoAgXp8uju1XdLVpk6xmJ3u+kIhMYTxkUCgYEA3wgx +71/uIUsoW6bVL5K00yXPWTTFtTBWM768VJ8Y++k2igPgcvKaBVaElr4AbvX5iCGz +1Ycc9xsGAYAo7+q4D+4cuOki/m0PMKD3DgXWpTtN0kJ+npWUBdE98NyDlTJYsa/w +xjeMQoDvC8tE2bAiwtVIOPQL2C/3emqkJcsVcDMCgYB8NeOJ/DXdKSJfMJldu1eu +2FuR3aS00PaAjuJOh1JbcvZZUZ879V/PUd0U7zBStWot8LM+2FLNf2whlQ8I0zm9 +8rWIr6eoHxLhqrNTAgxDjdDtgh/XKwDBNBFZ6N5/Y9PC87Uo5fnQWQIy2gZw0Zde +RdZeugixjEqbLIWFg6ElsQKBgHRy6O+c3M6RWU8ROnoOVU9xjGN9REUoKbn2uopM +T1UoHQvOnmAl/vkOhUfXiI5m65SCVE0GsL7sYyRhb/5kRRo8Ls71GwpQkv/G63ds +4PeAkU9Y3JecbZ7j8z1RRXqewOR1gndcBWWrwCQeS6KFboDfr0fdVFnaIZLPH0mE +UXs1AoGBAM3zpcyl5o99dO6x9N/8SSnyLT9TzzbJ6pU6d0F0ELn3OxTUBH1oA1dy +q1fADcRgN5vNuJljY4es/scK2BMeX1isFitXoIzk01F4R61xoXr8T33731eXFG6L +ehoECH2Yj9H4qNbVW531iYKheuSyaMaxCxaDoK9jBzcKaxMGbTlc -----END RSA PRIVATE KEY----- diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client2.crt b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client2.crt index 23a27066..52369440 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client2.crt +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client2.crt @@ -1,47 +1,48 @@ -----BEGIN CERTIFICATE----- -MIID/zCCAuegAwIBAgIJAOI6CQoaH1iCMA0GCSqGSIb3DQEBBQUAMFAxCzAJBgNV -BAYTAkNBMQ8wDQYDVQQIDAZRdWViZWMxETAPBgNVBAcMCE1vbnRyZWFsMQ4wDAYD -VQQKDAViZWF0czENMAsGA1UECwwEcm9vdDAgFw0xOTA1MDYxMjI4MDdaGA8yMTE5 -MDQxMjEyMjgwN1owZjELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8G -A1UEBwwITW9udHJlYWwxDjAMBgNVBAoMBWJlYXRzMQ8wDQYDVQQLDAZjbGllbnQx -EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAMxSb3MYsUuR1oo9cVy5xOiiUsV337qyoLq+B3iHz4OQUhujrCpgWMdPZwWs -fR4DD2ps5aI5rRY6Iqrpk3n2JDT6e9ODpoKKChE+1Ab8tuJIJs5ck87X9qoau7kD -xj1aKa+sxvV3Xj7D1vF67S0sgFP0BCajjAkeGKLU3zfW0KqBZzRGl0JWr1KRnkHE -xTBIFgqhHOrGsbok6yZoMSmnoS6PVYXtnLD53MfFxyT5w192E98zikXQXgGtJxgN -eKae5Z4jyXiTCMglwKGN7BTZr9GXkpgFM5Q6yD9tWOcsOhbZUukam6+eQ4+LTO7p -2EvhsLgBrwufZBLiuTL4SuO5DmcCAwEAAaOBwzCBwDAMBgNVHRMBAf8EAjAAMB0G -A1UdDgQWBBQ4d0o449WTPr1veDShZEVxMVr3nTCBgAYDVR0jBHkwd4AUlVTpJdvt -uj7icy7If9vzz6pNKNShVKRSMFAxCzAJBgNVBAYTAkNBMQ8wDQYDVQQIDAZRdWVi -ZWMxETAPBgNVBAcMCE1vbnRyZWFsMQ4wDAYDVQQKDAViZWF0czENMAsGA1UECwwE -cm9vdIIJAOnl++UeR/L/MA4GA1UdDwEB/wQEAwID6DANBgkqhkiG9w0BAQUFAAOC -AQEAjkspLavt7wJqmNhBUY6+ZrCGCBRgLeB1gSnJMT3v4oJtny3KrKc9C2b80407 -1r5k7v9UEdfEjcpEQQdADFY3kFFjsNTHrzjkLLrcEjpoIDuVO0XePWl+4qrrQxPV -hPXvDMPShS+eQvAb3WRcqTQ60ELMGnUwVlUPo44JI3V6oeknKDcz2eIzTG7/JG2V -CoIH4K4T52vSJ/PUeEcCYnNTR0rge548krqjmbVlhoonHho+SCzN6VkIH2gDrB7+ -yX59SjG6eA2BUSGPqr9cnJXcM5uxoBrrBZpCzHHRh0lPfzr3llLkNcdVFN8poNhu -pb9TQ9EGbC4gG+VTlFeL5Va+5w== +MIIEFzCCAv+gAwIBAgIUeaB7uk2DjAM2cuRl0kaE9ly7Lj8wDQYJKoZIhvcNAQEL +BQAwUDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UEBwwITW9u +dHJlYWwxDjAMBgNVBAoMBWJlYXRzMQ0wCwYDVQQLDARyb290MCAXDTE5MDcyMjE5 +MjkwNVoYDzIxMTkwNjI4MTkyOTA1WjBmMQswCQYDVQQGEwJDQTEPMA0GA1UECAwG +UXVlYmVjMREwDwYDVQQHDAhNb250cmVhbDEOMAwGA1UECgwFYmVhdHMxDzANBgNV +BAsMBmNsaWVudDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA3/RX2wZJkf1sZIbnh6GVjxRMahZr/xtOeiCAjx0z9+M5 +3qA1YUH9KCqaIX7a30by02uw3utFIyPan4ukysHV0rWQ+uLU/yzqRMCB3PZt3bsM +U+T89btKvVB+btDYubgeS8dFVABzZwQDQA+3ha/eBdi1LcrAb/QdQQKsMzNm1r50 +U4Man1cSTmRxCsBrDbDqUi0XZbxYZgF36nBiQ7Laz/hu0Uc9G2ZF+0HwD8rc0NXj +vqPh/toAbFpd1jp+rOV7pBhAoFn8F8CnTXwFjgsSAM0c2f+e8AoHM5UL96CZq4tE +iiORVTpNR+HrQkbH8wDknxxPpDUxitqnMPI+3RxrNQIDAQABo4HQMIHNMAwGA1Ud +EwEB/wQCMAAwHQYDVR0OBBYEFLQZGSDd5qKfurzP+ZN9b85Mf4vpMIGNBgNVHSME +gYUwgYKAFH8hDdUHuxZVmvtkQZ5fFXeGQhZCoVSkUjBQMQswCQYDVQQGEwJDQTEP +MA0GA1UECAwGUXVlYmVjMREwDwYDVQQHDAhNb250cmVhbDEOMAwGA1UECgwFYmVh +dHMxDTALBgNVBAsMBHJvb3SCFF8Gy28Bo1lpUDazFLHQ6Ss3hosRMA4GA1UdDwEB +/wQEAwID6DANBgkqhkiG9w0BAQsFAAOCAQEAN5SYIJvWyYrhtUS7z1kyLcOX6tZM +bZx8mwmSdpzdPliOVpoefIDLjAHp0OxrBtP9aSPaDzAliZ2rPduL+EuHk5GJ0WsU +dy284GyiFrYkqIKBLDSsaIa7HxZshJk0mXHPpd4hgTapkxytUocPtjo5xIKOYHhe +VMwGMi1xbNnm/paHAHvxJhkeT1BkFGvvADS4Ovk70KlmN/NkyE9e9+4crQ0txKbU +liSTIqwKr2lRrACjXUQgHIZoZFSDe5QjPVjbxjtcNA0GodqF7CBWcy2HjkmRNQD5 +oSLKOClStpxaoTfCoAXURrI0p+hwa7crFYvoeHBh/CsCjgludDXdbMSHxQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIID7DCCAtSgAwIBAgIJAOnl++UeR/L/MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV -BAYTAkNBMQ8wDQYDVQQIDAZRdWViZWMxETAPBgNVBAcMCE1vbnRyZWFsMQ4wDAYD -VQQKDAViZWF0czENMAsGA1UECwwEcm9vdDAgFw0xOTA1MDYxMjI4MDVaGA8yMTE5 -MDQxMjEyMjgwNVowUDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8G -A1UEBwwITW9udHJlYWwxDjAMBgNVBAoMBWJlYXRzMQ0wCwYDVQQLDARyb290MIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv308G8JNjFEhcr3CYzE4p0No -sXxcrIM2i7I/KC1pBIK7XiB7f+g0TLmZK/0+ySlEMOgbITRw11MX+PfeJiMjFLcw -D1pnrehIdRPqnCdFxGKs5Y4uZ0KgDTVC2GX1pjN8BKBFalPPvHE4Yh6HJKSv955k -HsE03k+e6CEBdSdxaJkXq4OX/LwHH8VM3iIepclhny8bgVIbWIhyVUq81yFGHbwA -A2NPs5O2Vhb0klHJEjWFnkLa10SnP3k40922NHghnywukxsbRTYTYylpIzg1BSow -hVy6R3FcRerDig2bTdje4yZWCMDx1LhQhyMFivdzblBpLx+NtaHpfvQdVtqApQID -AQABo4HGMIHDMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJVU6SXb7bo+4nMu -yH/b88+qTSjUMIGABgNVHSMEeTB3gBSVVOkl2+26PuJzLsh/2/PPqk0o1KFUpFIw -UDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UEBwwITW9udHJl -YWwxDjAMBgNVBAoMBWJlYXRzMQ0wCwYDVQQLDARyb290ggkA6eX75R5H8v8wDgYD -VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQBWyni+iKihNtyNDnbM2fX/ -FjNRCPsRyBSIQBlos+SJoTkuYhNTVdwqXuwReLDXSGWqcchGwpU8d2o3yNcmFExE -GaCHdGSoJPmR7t/SnYI9/KT4Ul2jUuZu5b81bcPJcC9fLdfOJcrlX2EpLvtlKM14 -PyK3+TemXyToNcQKzY79UFJoKODxQVw/aBgd9Mtl0nqKkjFFDAHFqpAtSRLSPdVk -Mq8BNqwNgeY/Jy3qy1qdndEFwARYgi4LEkGXKSwkoVPCnf/aGeZqwDtaLZm7vHR/ -upLtUyGOauoeez/p0QyxZiyktUaph9qwRUP6hSS3RToj1GnsydJliIC/rm3TgONo +MIIEBDCCAuygAwIBAgIUXwbLbwGjWWlQNrMUsdDpKzeGixEwDQYJKoZIhvcNAQEL +BQAwUDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UEBwwITW9u +dHJlYWwxDjAMBgNVBAoMBWJlYXRzMQ0wCwYDVQQLDARyb290MCAXDTE5MDcyMjE5 +MjkwNVoYDzIxMTkwNjI4MTkyOTA1WjBQMQswCQYDVQQGEwJDQTEPMA0GA1UECAwG +UXVlYmVjMREwDwYDVQQHDAhNb250cmVhbDEOMAwGA1UECgwFYmVhdHMxDTALBgNV +BAsMBHJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtXsn+VCrW +ibutoByM5EeIK29XYffBwN78EeNjDdaZZqMF4wGZZ6z2xQXH6mFx+m1gjnf5R2qo +yfentYH5VRZz5AEtBGPsOqMffV9u5PkHSo/2ilCX40eBVp5u3qh6aFPZ5DKqexWu +5jUMYolTXpvAtML5YbMH9XvW6pn5WAqwHPLNe+fVuPg4tJN0u/ff0wKqSUBIhVOP +7EPhz3yLflACScgj+LPXz/5gtUXe9RR5RB8zyWGfNL91eoVVaApcdp4kIU+DHmgI +p+T4CpgdYWsYuOWH49F7RJyLpocUU4H+heeC4+zH0LIUcELa+n/M2DUDW3RE109a +tv9OEJKR8/YHAgMBAAGjgdMwgdAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +fyEN1Qe7FlWa+2RBnl8Vd4ZCFkIwgY0GA1UdIwSBhTCBgoAUfyEN1Qe7FlWa+2RB +nl8Vd4ZCFkKhVKRSMFAxCzAJBgNVBAYTAkNBMQ8wDQYDVQQIDAZRdWViZWMxETAP +BgNVBAcMCE1vbnRyZWFsMQ4wDAYDVQQKDAViZWF0czENMAsGA1UECwwEcm9vdIIU +XwbLbwGjWWlQNrMUsdDpKzeGixEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +CwUAA4IBAQAANxJCfDMcNNnAVRlXLdh+loVx8Y5STf1gTgX2gtf9tHZGYE7/ix2P +dG1uQcEz/ETlcGSWRZcQSNR8dNeBi5YWK5dmDUD7reQr3FoyIDvPGHyIcF3clglg +blYhsQN0TVwx4G3kZDenjzKNSyVLR81opLq/PDIGW61ZCioJUQKs5q+IqsKj+okn +in6/b5YfQqyTDIWY3IPiXjvcysbKC0pYc0TkmwGUnidxDny7txrVCVJ1vwIedQug +B/UOjVxi0qsNwpWS08mwEOVvgvObi0mFoGQl8l427M0kM//86NM7vDc4Z0QYHOlq +A0ZjtnSbR3RqfhBGXV3BL+GHtXevn55Z -----END CERTIFICATE----- diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client2.csr b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client2.csr index 7c508b05..02e3f7be 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client2.csr +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client2.csr @@ -2,16 +2,16 @@ MIICqzCCAZMCAQAwZjELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8G A1UEBwwITW9udHJlYWwxDjAMBgNVBAoMBWJlYXRzMQ8wDQYDVQQLDAZjbGllbnQx EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAMxSb3MYsUuR1oo9cVy5xOiiUsV337qyoLq+B3iHz4OQUhujrCpgWMdPZwWs -fR4DD2ps5aI5rRY6Iqrpk3n2JDT6e9ODpoKKChE+1Ab8tuJIJs5ck87X9qoau7kD -xj1aKa+sxvV3Xj7D1vF67S0sgFP0BCajjAkeGKLU3zfW0KqBZzRGl0JWr1KRnkHE -xTBIFgqhHOrGsbok6yZoMSmnoS6PVYXtnLD53MfFxyT5w192E98zikXQXgGtJxgN -eKae5Z4jyXiTCMglwKGN7BTZr9GXkpgFM5Q6yD9tWOcsOhbZUukam6+eQ4+LTO7p -2EvhsLgBrwufZBLiuTL4SuO5DmcCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAo -MDTqoxCZrPL42FM9p7H3G3RcQtK2yCenCXuGxGTRAA52tWE2MwyeGBRXd99otisA -8yOxWEKI0qHUyDzncWK7qVvvJur4gpnbA0DkH9lQ0KLSbybzhTCl9R8AzHpdZZbt -gxXvGQhxZPMQtXq9RnbL4AKEZ2na/ZgYAc0Xpf+cU4TNq74j+y+ScY0WK9EN5goQ -6PQCpMiStVM+z/LapK6pLXTUB0anXFjs4txNT8WECC5W675kCxF6fogbknRJZiwv -aaCcb8NOwkYmVR9L1I7eAM2Le6hORSGzGU5cKqdJMP6iZXzv7igLIF9bNQ+WxJJG -Sma0mXithtTVWunipjZ0 +ggEBAN/0V9sGSZH9bGSG54ehlY8UTGoWa/8bTnoggI8dM/fjOd6gNWFB/SgqmiF+ +2t9G8tNrsN7rRSMj2p+LpMrB1dK1kPri1P8s6kTAgdz2bd27DFPk/PW7Sr1Qfm7Q +2Lm4HkvHRVQAc2cEA0APt4Wv3gXYtS3KwG/0HUECrDMzZta+dFODGp9XEk5kcQrA +aw2w6lItF2W8WGYBd+pwYkOy2s/4btFHPRtmRftB8A/K3NDV476j4f7aAGxaXdY6 +fqzle6QYQKBZ/BfAp018BY4LEgDNHNn/nvAKBzOVC/egmauLRIojkVU6TUfh60JG +x/MA5J8cT6Q1MYrapzDyPt0cazUCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAj +8bdBmvvth0KtQbOioASdgfGhPE1zqXSiXvPiZbte+zcH+lnefXcBgBHhHPDN9UAN +G82YY3fbVRYrIbArYhFVtaOIxic55NtMUOCz0fZnK5uAeaNtt28+7qvsxKLU0f9C +uJUoAJ7iNfrno50AO5IcQJrvOmBVF0Rr2PogIy3CM8/9J5+T773xWJ8nHRTWF1B7 +W6cKt9/Dj5yxAx0oVzMxLWbWcL5fG/S4/zR0B5CxwpQ+NMVC1tdA5O9zcPChQ0Fn +eYMQ1xcK9Mb1WtMfyqfQbDaxeUPAesv9J31ahyW9JVlsioNzv4BCsNWvJwx0oQd3 +Cnq+lUtyMbcRDqWmeuQH -----END CERTIFICATE REQUEST----- diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client2.key b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client2.key index c407aad4..917b34ff 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client2.key +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/config/certificates/client2.key @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAzFJvcxixS5HWij1xXLnE6KJSxXffurKgur4HeIfPg5BSG6Os -KmBYx09nBax9HgMPamzlojmtFjoiqumTefYkNPp704OmgooKET7UBvy24kgmzlyT -ztf2qhq7uQPGPVopr6zG9XdePsPW8XrtLSyAU/QEJqOMCR4YotTfN9bQqoFnNEaX -QlavUpGeQcTFMEgWCqEc6saxuiTrJmgxKaehLo9Vhe2csPncx8XHJPnDX3YT3zOK -RdBeAa0nGA14pp7lniPJeJMIyCXAoY3sFNmv0ZeSmAUzlDrIP21Y5yw6FtlS6Rqb -r55Dj4tM7unYS+GwuAGvC59kEuK5MvhK47kOZwIDAQABAoIBAA24h3VyNg2+GGsm -HyO78eYxaF+MYkDWWAbSVgwZCq1qFql2f0xFNhEEWwW9hJVsXS+nanBPcTkp5EQX -9WheSCYqoAAfOiJQBMcNsg1aESn28GwxOVfNlunra6nMABcEpAIBF0dKodCTNC75 -M04yS9fXbiPuHaxLEhp1Mxw7171rXnxLktcOiD1zNHhuZJjS/jBQWzPNwE0Ga7Sl -EeFPLe6aL9G+9ZoGKdYMhB+TjC9eP1m9wPSKOVDE/bATEJbL7EhJKw9GOK+jLvA8 -6OZNToW/e3moSZ6GvrFU9lETx6M8c8CMFbfgG1aBnsY8I7RhEBFRr9n5tz6s7Chu -Rwl4M1ECgYEA5PnyqEVRAZPiwutue3YFaK0zQZtOrRUf1ARJ0nwA1xNYrQMqT/MR -94q/i5BiKaV1D3RvcUCn9vXLykoUKLHc/FUqmZfWo5n2qi2in3i2Z73c6OF0x3ER -U08gosUE94j4uuqMzLtZUfYARotQDtAhRepAj9PRSvibzlrTFy3pbT8CgYEA5G+b -W1HeVuZxyM15a5GuwPMueyX/T+2Dn2siHsmCxOJCcSNhF0ks1ViTZd0W4yPnYZqT -FEqZyBJvf/4m4L7r9mtEQzjnNao0/Makynl1E6n6df493XXqKBfuuz/8/OzraezD -im8Syj389f5zV1OSFsk7RB3UMWT0rTklLL6jjNkCgYEAzS0fgCLkrHo8tpbKID0o -KZ0Rkdc9z6BfLddN4xsUkaSXUCjG8G8JiXw9mSyemVzWoSufdKcQGx4zJyfsGm8O -atlR2+GQBnc+7U0JLMa5BArAebkUsGYjtTfxMYlDox+Mackks4upROUfaBcLfMqJ -FiILChYus3REAMun3VxZj3cCgYEA1JOTlCCUcnPScRXdJyAT6pSirZEHjR6u/Nxa -jSHi4krXn6dXw66h3QunZwSeNtODj42jzx85Cjk1r3sYPM8OkGrzxEagyozQ8GX+ -ljj+nUTxwXnNolgHhjX3QCNkzw2+aP0eXqXMa43R6C1Ysmwfp7qtv06u1yRmmQhz -srbZRckCgYAzxAanOFRWqKIFLd1rtuL6BTiCCwp9MnCuE7sRKLgENkdA4/JGvSE4 -ILgaJAt+KRFiK0AbL0XIOx0QPJUnLDTYfdZs1W1eQIX+DICWdKgLB615/rKhhQOo -ANWIRYafZq6ylgMCwPOFv/lmrDrVEFfMQnmKIaMmoNPveAgPw7dGOw== +MIIEpQIBAAKCAQEA3/RX2wZJkf1sZIbnh6GVjxRMahZr/xtOeiCAjx0z9+M53qA1 +YUH9KCqaIX7a30by02uw3utFIyPan4ukysHV0rWQ+uLU/yzqRMCB3PZt3bsMU+T8 +9btKvVB+btDYubgeS8dFVABzZwQDQA+3ha/eBdi1LcrAb/QdQQKsMzNm1r50U4Ma +n1cSTmRxCsBrDbDqUi0XZbxYZgF36nBiQ7Laz/hu0Uc9G2ZF+0HwD8rc0NXjvqPh +/toAbFpd1jp+rOV7pBhAoFn8F8CnTXwFjgsSAM0c2f+e8AoHM5UL96CZq4tEiiOR +VTpNR+HrQkbH8wDknxxPpDUxitqnMPI+3RxrNQIDAQABAoIBAA+0nwSpKDeowhU6 +sLn+RvLFxaYa9G/rhlFiPiHLNn3H3aMTMSsk6ZALjMuUjdziqNzSzJCVhz+zn/1Y +WbIubcRdH1G43p8Wk0dHCNRqI8JM/8xSXrsM62zjXDqBQvGjS9ycmOwPLAipa2Du +uTwS3Usjq3EOqvgu8m5AtbrRfADLMM+nRA8Rq3BecovAeEbs8xA04xkUz19PoC3u +O++ZFa3sHF+MKgY7IJf6+oHA/1VpKx2PbZT4eNioCLleQTr0KPXw8o/ayqyYph1k +VsuWJ/ZerdzVaQ9BhgYJigxRUC1hP+VX+4MjEPB/FwDJiuSc5cXC/kOemMttnxcX +jmc5DIECgYEA/o917c6KqATnf/Kl3pbJ2N1wczBf6Mb7iukpi6JKjl7gr7kCjx4N +g3vsMH7oeeSJxU4p7LxF4pk9XV7CPz+jSPZ92YRK7dqggsCqRfjwiaPx5C0mNPT7 +lSKhPx2jgUd2PO0Ij0h0IUNssVu0WF0s8gBMZi1SI22qmgnTtGwSyZkCgYEA4TiS +plXwJYzkYe63n2+0YZm5j5nZoC90dtVADORqAobT4vwqTSjzrERQ7lBMmkRGvglm +ZjLeNWD9SXe/2Gy8TGf7hECF5CnHigjImmDqNax489s7kH0Hd6kmmCqtwALcXeql +xCjtKHoYkXgIF+dioZhO6G17NMTSx5lFAJhIB/0CgYEAhGLRftpSa+0ZBAaKUsdy +s9D94ToANwv815JI4/CD+6TGDz0VYp7LglzZSaNGfdXn/G+ZCCAl7CGrszpLpR8Q +aSqf6paNbUOtBDL0mq1LUxmq+/KrExFxIW9AEpX0aZBjom3XbMTOeFobVeWOVgIn +FLgpA16AgCJRfgisTAGEh8kCgYEAme7pxMhuB6xBmHHpjQ5zMlY4Tt7vsJ1es63T +RjyD/FAc2EJTw0MfMPnMeuXlRXcvBsoz89wGpmMxGxq+w/Slym8zqFPVb3niyQRx +35on2iGU1c9c6cea5/1zxIM/GEKcTZCIVgdG+OhijGKG3ZengR0xqYjSseFo00V9 +tQdgDB0CgYEA0PUzoSRgdI7zavOMJkli22K+RDssvPQcshRt+xHkc8XO9y/msnKh +KRK9cZRD3QPtpqxAVM/hC7J3g2xjrQhGzX2CGF+pl17x0WQMMsZDnTglqVm3NVzj +eNlfMKpXjCA6hPvl/lupJ9F4lGAzlNySg9Tyg26lg+eKDSIzg8C4qIY= -----END RSA PRIVATE KEY----- diff --git a/vendor/github.com/elastic/beats/libbeat/docs/highlights-7.3.0.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/highlights-7.3.0.asciidoc new file mode 100644 index 00000000..74f303e0 --- /dev/null +++ b/vendor/github.com/elastic/beats/libbeat/docs/highlights-7.3.0.asciidoc @@ -0,0 +1,118 @@ +[[release-highlights-7.3.0]] +=== 7.3.0 release highlights +++++ +7.3.0 +++++ + +Each release of {beats} brings new features and product improvements. +Here are the highlights of the new features and enhancements in 7.3.0. + +Refer to the {beats} <> and +<> for a list of bug fixes and other changes. + +//NOTE: The notable-highlights tagged regions are re-used in the +//Installation and Upgrade Guide + +// tag::notable-highlights[] +// ADD NOTABLE HIGHLIGHTS HERE +[float] +==== Automated {functionbeat} deployment with CloudFormation templates + +{functionbeat} 7.3.0 introduces the ability to export a CloudFormation +template for integration with automation systems. Previously, {functionbeat} was +only available for manual command line deployment, but with this new +functionality, you can more easily automate {functionbeat} deployments through +their own CloudFormation stacks. + +To export CloudFormation templates, use the following command: + +[source,shell] +---- +$ ./functionbeat export function +---- + +[float] +==== Google Cloud integrations + +{filebeat} 7.3.0 introduces a +{filebeat-ref}/filebeat-module-googlecloud.html[Google Cloud module] that +monitors Virtual Private Cloud (VPC) flow logs from Google Cloud through +Stackdriver. It ships data to {es} in ECS format, so it’s immediately available +for analysis in the https://www.elastic.co/products/siem[SIEM app] (or with +https://www.elastic.co/products/maps[Maps] or a +https://www.elastic.co/what-is/kibana-canvas[Canvas] workpad). + +Along with the module, {filebeat} also introduces a +{filebeat-ref}/filebeat-input-google-pubsub.html[Google Cloud Pub/Sub] input for +consuming from Google Cloud Pub/Sub topics. You can use this input to ingest all +your events from Google Cloud for real-time analytics with the {stack}. + +[float] +==== Expanded database monitoring + +7.3.0 introduces support for three new databases in {metricbeat} and a new +database source in {filebeat}. + +* *Oracle Database* ++ +The {metricbeat} {metricbeat-ref}/metricbeat-module-oracle.html[Oracle +module] provides the +{metricbeat-ref}/metricbeat-metricset-oracle-tablespace.html[`tablespace`] +metricset, which includes information about data files and temp files, grouped +by tablespace. This module includes information about used and free space, the +status of the data files, and the status of the tablespace itself. + +* *Amazon RDS* ++ +If you’re using https://aws.amazon.com/rds/[Amazon Relational Database Service +(RDS)], you can now collect a rich set of metrics about your deployment, from +CPU and memory usage, to disk and network throughput and latency. See all the +details in the {metricbeat-ref}/metricbeat-metricset-aws-rds.html[`RDS`] +metricset, now available in the {metricbeat} +{metricbeat-ref}/metricbeat-module-aws.html[AWS module]. + +* *CockroachDB* ++ +The {metricbeat} {metricbeat-ref}/metricbeat-module-cockroachdb.html[CockroachDB +module] exposes the +{metricbeat-ref}/metricbeat-metricset-cockroachdb-status.html[`status`] +metricset, which is compatible with any CockroachDB version exposing metrics in +Prometheus format. + +* *Microsoft SQL Server* ++ +The {filebeat} {filebeat-ref}/filebeat-module-mssql.html[MS SQL module] monitors +the Microsoft SQL Server error logs with the {stack}. + +[float] +==== Improved Kubernetes monitoring + +{metricbeat} 7.3.0 strengthens Kubernetes observability by introducing +metricsets for three additional Kubernetes components: + +* The {metricbeat-ref}/metricbeat-metricset-kubernetes-controllermanager.html[`controllermanager`] +metricset captures metrics from +https://kubernetes.io/docs/reference/command-line-tools-reference/cloud-controller-manager/[kube-controller-manager]. + +* The {metricbeat-ref}/metricbeat-metricset-kubernetes-proxy.html[`proxy`] +metricset covers +https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/[kube-proxy], +the network proxy component in Kubernetes. + +* The {metricbeat-ref}/metricbeat-metricset-kubernetes-scheduler.html[`scheduler`] +metricset provides visibility into the +https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler/[kube-scheduler]. + +[float] +==== Configuration-only {metricbeat} modules + +For developers, we've streamlined the process of adding new data sources. 7.3.0 +introduces a new way of creating {metricbeat} modules, called _light modules_, +that doesn’t require a single line of Go code. Light modules provide pre-defined +configurations on top of existing, more generic modules, such as +{metricbeat-ref}/metricbeat-module-prometheus.html[Prometheus] or +{metricbeat-ref}/metricbeat-module-jolokia.html[Jolokia]. In fact, the +{metricbeat-ref}/metricbeat-module-cockroachdb.html[CockroachDB] module, +introduced in this release, is a light module. + +// end::notable-highlights[] diff --git a/vendor/github.com/elastic/beats/libbeat/docs/highlights.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/highlights.asciidoc index c7f0f908..2f5eb107 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/highlights.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/highlights.asciidoc @@ -4,12 +4,16 @@ This section summarizes the most important changes in each release. For the full list, see <> and <>. +* <> + * <> * <> * <> +include::highlights-7.3.0.asciidoc[] + include::highlights-7.2.0.asciidoc[] include::highlights-7.1.0.asciidoc[] diff --git a/vendor/github.com/elastic/beats/libbeat/docs/monitoring/monitoring-beats.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/monitoring/monitoring-beats.asciidoc index deb7c0b6..d13842aa 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/monitoring/monitoring-beats.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/monitoring/monitoring-beats.asciidoc @@ -1,15 +1,3 @@ -////////////////////////////////////////////////////////////////////////// -//// This content is shared by all Elastic Beats. Make sure you keep the -//// descriptions here generic enough to work for all Beats that include -//// this file. When using cross references, make sure that the cross -//// references resolve correctly for any files that include this one. -//// Use the appropriate variables defined in the index.asciidoc file to -//// resolve Beat names: beatname_uc and beatname_lc. -//// Use the following include to pull this content into a doc file: -//// include::../../libbeat/docs/monitoring/configuring.asciidoc[] -//// Make sure this content appears below a level 2 heading. -////////////////////////////////////////////////////////////////////////// - [role="xpack"] [[monitoring]] = Monitoring {beatname_uc} @@ -17,58 +5,30 @@ [partintro] -- -NOTE: The {monitor-features} for {beatname_uc} require {es} {beat_monitoring_version} or later. - -The {stack} {monitor-features} enable you to easily monitor {beatname_uc} from {kib}. For more -information, see -{stack-ov}/xpack-monitoring.html[Monitoring the {stack}] and -{kibana-ref}/beats-page.html[Beats Monitoring Metrics]. +You can use the {stack} {monitor-features} to gain insight into the health of +{beatname_uc} agents running in your environment. -To configure {beatname_uc} to collect and send monitoring metrics: +To monitor {beatname_uc}, make sure monitoring is enabled on your {es} cluster, +then configure the method used to collect {beatname_uc} metrics. You +ifndef::serverless[] +can use one of following methods: +endif::[] +ifdef::serverless[] +can use the following method: +endif::[] -. Create a user that has appropriate authority to send system-level monitoring -data to {es}. For example, you can use the built-in +{beat_monitoring_user}+ user or -assign the built-in +{beat_monitoring_user}+ role to another user. For more -information, see -{stack-ov}/setting-up-authentication.html[Setting Up User Authentication] and -{stack-ov}/built-in-roles.html[Built-in Roles]. +* <> +ifndef::serverless[] +* <> +endif::[] -. Add the `monitoring` settings in the {beatname_uc} configuration file. If you -configured the {es} output and want to send {beatname_uc} monitoring events to -the same {es} cluster, specify the following minimal configuration: -+ -["source","yml",subs="attributes"] --------------------- -monitoring: - enabled: true - elasticsearch: - username: {beat_monitoring_user} - password: somepassword --------------------- -+ -If you configured a different output, such as {ls} or you want to send {beatname_uc} -monitoring events to a separate {es} cluster (referred to as the _monitoring cluster_), -you must specify additional configuration options. For example: -+ -["source","yml",subs="attributes"] --------------------- -monitoring: - enabled: true - elasticsearch: - hosts: ["https://example.com:9200", "https://example2.com:9200"] <1> - username: {beat_monitoring_user} - password: somepassword --------------------- -<1> This setting identifies the hosts and port numbers of {es} nodes -that are part of the monitoring cluster. +To learn about monitoring in general, see +{stack-ov}/xpack-monitoring.html[Monitoring the {stack}]. -. {kibana-ref}/monitoring-xpack-kibana.html[Configure monitoring in {kib}]. - -. To verify your monitoring configuration, point your web browser at your {kib} -host, and select Monitoring from the side navigation. Metrics reported from -{beatname_uc} should be visible in the Beats section. When {security} is enabled, -to view the monitoring dashboards you must log in to {kib} as a user who has the -`kibana_user` and `monitoring_user` roles. -- -include::shared-monitor-config.asciidoc[] +include::monitoring-internal-collection.asciidoc[] + +ifndef::serverless[] +include::monitoring-metricbeat.asciidoc[] +endif::[] diff --git a/vendor/github.com/elastic/beats/libbeat/docs/monitoring/monitoring-internal-collection.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/monitoring/monitoring-internal-collection.asciidoc new file mode 100644 index 00000000..5715fd14 --- /dev/null +++ b/vendor/github.com/elastic/beats/libbeat/docs/monitoring/monitoring-internal-collection.asciidoc @@ -0,0 +1,78 @@ +////////////////////////////////////////////////////////////////////////// +//// This content is shared by all Elastic Beats. Make sure you keep the +//// descriptions here generic enough to work for all Beats that include +//// this file. When using cross references, make sure that the cross +//// references resolve correctly for any files that include this one. +//// Use the appropriate variables defined in the index.asciidoc file to +//// resolve Beat names: beatname_uc and beatname_lc. +//// Use the following include to pull this content into a doc file: +//// include::../../libbeat/docs/monitoring/monitoring-internal-collection.asciidoc[] +////////////////////////////////////////////////////////////////////////// + +[role="xpack"] +[[monitoring-internal-collection]] +== Collect {beatname_uc} monitoring data with internal collectors +++++ +Internal collection +++++ + +The following method involves sending the metrics to the production cluster, +which ultimately routes them to the monitoring cluster. +ifndef::serverless[] +For an alternative method, see <>. +endif::[] + +To learn about monitoring in general, see +{stack-ov}/xpack-monitoring.html[Monitoring the {stack}]. + +//TODO: Not sure if these docs need to be updated to be parallel with other +//stack components since this is the old way of configuring monitoring. + +. Create a user that has appropriate authority to send system-level monitoring +data to {es}. For example, you can use the built-in +{beat_monitoring_user}+ user or +assign the built-in +{beat_monitoring_user}+ role to another user. For more +information, see +{stack-ov}/setting-up-authentication.html[Setting Up User Authentication] and +{stack-ov}/built-in-roles.html[Built-in Roles]. + +. Add the `monitoring` settings in the {beatname_uc} configuration file. If you +configured the {es} output and want to send {beatname_uc} monitoring events to +the same {es} cluster, specify the following minimal configuration: ++ +["source","yml",subs="attributes"] +-------------------- +monitoring: + enabled: true + elasticsearch: + username: {beat_monitoring_user} + password: somepassword +-------------------- ++ +If you configured a different output, such as {ls} or you want to send {beatname_uc} +monitoring events to a separate {es} cluster (referred to as the _monitoring cluster_), +you must specify additional configuration options. For example: ++ +["source","yml",subs="attributes"] +-------------------- +monitoring: + enabled: true + elasticsearch: + hosts: ["https://example.com:9200", "https://example2.com:9200"] <1> + username: {beat_monitoring_user} + password: somepassword +-------------------- +<1> This setting identifies the hosts and port numbers of {es} nodes +that are part of the monitoring cluster. + +ifndef::serverless[] +. <<{beatname_lc}-starting,Start {beatname_uc}>>. +endif::serverless[] + +ifdef::serverless[] +. <<{beatname_lc}-deploying,Deploy {beatname_uc}>>. +endif::serverless[] + +. {kibana-ref}/monitoring-data.html[View the monitoring data in {kib}]. + + +include::shared-monitor-config.asciidoc[] diff --git a/vendor/github.com/elastic/beats/libbeat/docs/monitoring/monitoring-metricbeat.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/monitoring/monitoring-metricbeat.asciidoc new file mode 100644 index 00000000..d6f675bc --- /dev/null +++ b/vendor/github.com/elastic/beats/libbeat/docs/monitoring/monitoring-metricbeat.asciidoc @@ -0,0 +1,252 @@ +[role="xpack"] +[[monitoring-metricbeat-collection]] +== Collect {beatname_uc} monitoring data with {metricbeat} +[subs="attributes"] +++++ +{metricbeat} collection +++++ + +In 7.3 and later, you can use {metricbeat} to collect data about {beatname_uc} +and ship it to the monitoring cluster, rather than routing it through the +production cluster as described in <>. + +ifeval::["{beatname_lc}"=="metricbeat"] +Because you'll be using {metricbeat} to _monitor_ {beatname_uc}, you'll need to +run two instances of {beatname_uc}: a main instance that collects metrics from +the system and services running on the server, and a second instance that +collects metrics from {beatname_uc} only. Using a separate instance as a +monitoring agent allows you to send monitoring data to a dedicated monitoring +cluster. If the main agent goes down, the monitoring agent remains active. + +If you're running {beatname_uc} as a service, this approach requires extra work +because you need to run two instances of the same installed service +concurrently. If you don't want to run two instances concurrently, use +<> instead of using +{metricbeat}. +endif::[] + +To learn about monitoring in general, see +{stack-ov}/xpack-monitoring.html[Monitoring the {stack}]. + +//NOTE: The tagged regions are re-used in the Stack Overview. + +To collect and ship monitoring data: + +. <> + +. <> + +[float] +[[configure-shipper]] +=== Configure the shipper you want to monitor + +. Enable the HTTP endpoint to allow external collection of monitoring data: ++ +-- +// tag::enable-http-endpoint[] +Add the following setting in the {beatname_uc} configuration file +(+{beatname_lc}.yml+): + +[source,yaml] +---------------------------------- +http.enabled: true +---------------------------------- + +By default, metrics are exposed on port 5066. If you need to monitor multiple +{beats} shippers running on the same server, set `http.port` to expose metrics +for each shipper on a different port number: + +[source,yaml] +---------------------------------- +http.port: 5067 +---------------------------------- +// end::enable-http-endpoint[] +-- + +. Disable the default collection of {beatname_uc} monitoring metrics. + ++ +-- +// tag::disable-beat-collection[] +Add the following setting in the {beatname_uc} configuration file +(+{beatname_lc}.yml+): + +[source,yaml] +---------------------------------- +monitoring.enabled: false +---------------------------------- +// end::disable-beat-collection[] + +For more information, see +<>. +-- + +ifndef::serverless[] +. <<{beatname_lc}-starting,Start {beatname_uc}>>. +endif::serverless[] + +[float] +[[configure-metricbeat]] +=== Install and configure {metricbeat} to collect monitoring data + +ifeval::["{beatname_lc}"!="metricbeat"] +. {metricbeat-ref}/metricbeat-installation.html[Install {metricbeat}] on the +same server as {beatname_uc}. If you already have {metricbeat} installed on the +server, skip this step. +endif::[] +ifeval::["{beatname_lc}"=="metricbeat"] +. The next step depends on how you want to run {metricbeat}: +* If you're running as a service and want to run a separate monitoring instance, +take the the steps required for your environment to run two instances of +{metricbeat} as a service. The steps for doing this vary by platform and are +beyond the scope of this documentation. +* If you're running the binary directly in the foreground and want to run a +separate monitoring instance, +{metricbeat-ref}/metricbeat-installation.html[install {metricbeat}] to a +different path. If necessary, set `path.config`, `path.data`, and `path.log` +to point to the correct directories. See <> for the default +locations. +endif::[] + +. Enable the `beat-xpack` module in {metricbeat}. + +endif::[] ++ +-- +// tag::enable-beat-module[] +For example, to enable the default configuration in the `modules.d` directory, +run the following command, using the correct command syntax for your OS: + +["source","sh",subs="attributes,callouts"] +---------------------------------------------------------------------- +metricbeat modules enable beat-xpack +---------------------------------------------------------------------- + +For more information, see +{metricbeat-ref}/configuration-metricbeat.html[Specify which modules to run] and +{metricbeat-ref}/metricbeat-module-beat.html[beat module]. +// end::enable-beat-module[] +-- + +. Configure the `beat-xpack` module in {metricbeat}. + ++ +-- +// tag::configure-beat-module[] +The `modules.d/beat-xpack.yml` file contains the following settings: + +[source,yaml] +---------------------------------- +- module: beat + metricsets: + - stats + - state + period: 10s + hosts: ["http://localhost:5066"] + #username: "user" + #password: "secret" + xpack.enabled: true +---------------------------------- + +Set the `hosts`, `username`, and `password` settings as required by your +environment. For other module settings, it's recommended that you accept the +defaults. + +By default, the module collects {beatname_uc} monitoring data from +`localhost:5066`. If you exposed the metrics on a different host or port when +you enabled the HTTP endpoint, update the `hosts` setting. + +To monitor multiple {beats} agents, specify a list of hosts, for example: +[source,yaml] +---------------------------------- +hosts: ["http://localhost:5066","http://localhost:5067","http://localhost:5068"] +---------------------------------- + +If you configured {beatname_uc} to use encrypted communications, you must access +it via HTTPS. For example, use a `hosts` setting like `https://localhost:5066`. +// end::configure-beat-module[] + +// tag::remote-monitoring-user[] +If the Elastic {security-features} are enabled, you must also provide a user +ID and password so that {metricbeat} can collect metrics successfully: + +.. Create a user on the production cluster that has the +`remote_monitoring_collector` {stack-ov}/built-in-roles.html[built-in role]. +Alternatively, use the `remote_monitoring_user` +{stack-ov}/built-in-users.html[built-in user]. + +.. Add the `username` and `password` settings to the beat module configuration +file. +// end::remote-monitoring-user[] +-- + +. Optional: Disable the system module in the {metricbeat}. ++ +-- +// tag::disable-system-module[] +By default, the {metricbeat-ref}/metricbeat-module-system.html[system module] is +enabled. The information it collects, however, is not shown on the +*Stack Monitoring* page in {kib}. Unless you want to use that information for +other purposes, run the following command: + +["source","sh",subs="attributes,callouts"] +---------------------------------------------------------------------- +metricbeat modules disable system +---------------------------------------------------------------------- +// end::disable-system-module[] +-- + +. Identify where to send the monitoring data. + ++ +-- +TIP: In production environments, we strongly recommend using a separate cluster +(referred to as the _monitoring cluster_) to store the data. Using a separate +monitoring cluster prevents production cluster outages from impacting your +ability to access your monitoring data. It also prevents monitoring activities +from impacting the performance of your production cluster. + +For example, specify the {es} output information in the {metricbeat} +configuration file (`metricbeat.yml`): + +[source,yaml] +---------------------------------- +output.elasticsearch: + # Array of hosts to connect to. + hosts: ["http://es-mon-1:9200", "http://es-mon2:9200"] <1> + + # Optional protocol and basic auth credentials. + #protocol: "https" + #username: "elastic" + #password: "changeme" +---------------------------------- +<1> In this example, the data is stored on a monitoring cluster with nodes +`es-mon-1` and `es-mon-2`. + +If you configured the monitoring cluster to use encrypted communications, you +must access it via HTTPS. For example, use a `hosts` setting like +`https://es-mon-1:9200`. + +IMPORTANT: The {es} {monitor-features} use ingest pipelines, therefore the +cluster that stores the monitoring data must have at least one ingest node. + +If the {es} {security-features} are enabled on the monitoring cluster, you +must provide a valid user ID and password so that {metricbeat} can send metrics +successfully: + +.. Create a user on the monitoring cluster that has the +`remote_monitoring_agent` {stack-ov}/built-in-roles.html[built-in role]. +Alternatively, use the `remote_monitoring_user` +{stack-ov}/built-in-users.html[built-in user]. ++ +TIP: If you're using index lifecycle management, the remote monitoring user +requires additional privileges to create and read indices. For more +information, see <>. + +.. Add the `username` and `password` settings to the {es} output information in +the {metricbeat} configuration file. + +For more information about these configuration options, see +{metricbeat-ref}/elasticsearch-output.html[Configure the {es} output]. +-- + +. {metricbeat-ref}/metricbeat-starting.html[Start {metricbeat}] to begin +collecting monitoring data. + +. {kibana-ref}/monitoring-data.html[View the monitoring data in {kib}]. diff --git a/vendor/github.com/elastic/beats/libbeat/docs/monitoring/shared-monitor-config.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/monitoring/shared-monitor-config.asciidoc index 2ea94649..f7dabd8d 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/monitoring/shared-monitor-config.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/monitoring/shared-monitor-config.asciidoc @@ -10,36 +10,33 @@ //// Make sure this content appears below a level 2 heading. ////////////////////////////////////////////////////////////////////////// +[role="xpack"] [[configuration-monitor]] -== Monitoring configuration options -++++ -Configuration options -++++ +=== Settings for internal monitoring collection -You can specify the following options in the `xpack.monitoring` section of the +Use the following settings to configure internal collection when you are not +using {metricbeat} to collect monitoring data. + +You specify these settings in the `monitoring` section of the +{beatname_lc}.yml+ config file: -[float] -=== `enabled` +==== `enabled` The `enabled` config is a boolean setting to enable or disable {monitoring}. If set to `true`, monitoring is enabled. The default value is `false`. -[float] -=== `elasticsearch` +==== `elasticsearch` The {es} instances that you want to ship your {beatname_uc} metrics to. This configuration option contains the following fields: -[float] ==== `bulk_max_size` The maximum number of metrics to bulk in a single {es} bulk API index request. The default is `50`. For more information, see <>. -[float] ==== `backoff.init` The number of seconds to wait before trying to reconnect to Elasticsearch after @@ -48,13 +45,11 @@ reconnect. If the attempt fails, the backoff timer is increased exponentially up to `backoff.max`. After a successful connection, the backoff timer is reset. The default is 1s. -[float] -===== `backoff.max` +==== `backoff.max` The maximum number of seconds to wait before attempting to connect to Elasticsearch after a network error. The default is 60s. -[float] ==== `compression_level` The gzip compression level. Setting this value to `0` disables compression. The @@ -62,70 +57,59 @@ compression level must be in the range of `1` (best speed) to `9` (best compression). The default value is `0`. Increasing the compression level reduces the network usage but increases the CPU usage. -[float] ==== `headers` Custom HTTP headers to add to each request. For more information, see <>. -[float] ==== `hosts` The list of {es} nodes to connect to. Monitoring metrics are distributed to these nodes in round robin order. For more information, see <>. -[float] ==== `max_retries` The number of times to retry sending the monitoring metrics after a failure. After the specified number of retries, the metrics are typically dropped. The default value is `3`. For more information, see <>. -[float] ==== `parameters` Dictionary of HTTP parameters to pass within the url with index operations. -[float] ==== `password` The password that {beatname_uc} uses to authenticate with the {es} instances for shipping monitoring data. -[float] ==== `metrics.period` The time interval (in seconds) when metrics are sent to the {es} cluster. A new snapshot of {beatname_uc} metrics is generated and scheduled for publishing each period. The default value is 10 * time.Second. -[float] ==== `state.period` The time interval (in seconds) when state information are sent to the {es} cluster. A new snapshot of {beatname_uc} state is generated and scheduled for publishing each period. The default value is 60 * time.Second. -[float] ==== `protocol` The name of the protocol to use when connecting to the {es} cluster. The options are: `http` or `https`. The default is `http`. If you specify a URL for `hosts`, however, the value of protocol is overridden by the scheme you specify in the URL. -[float] ==== `proxy_url` The URL of the proxy to use when connecting to the {es} cluster. For more information, see <>. -[float] ==== `timeout` The HTTP request timeout in seconds for the {es} request. The default is `90`. -[float] ==== `ssl` Configuration options for Transport Layer Security (TLS) or Secure Sockets Layer @@ -133,7 +117,6 @@ Configuration options for Transport Layer Security (TLS) or Secure Sockets Layer connections. If the `ssl` section is missing, the host CAs are used for HTTPS connections to {es}. For more information, see <>. -[float] ==== `username` The user ID that {beatname_uc} uses to authenticate with the {es} instances for diff --git a/vendor/github.com/elastic/beats/libbeat/docs/outputconfig.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/outputconfig.asciidoc index 5d460e28..17fbdb59 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/outputconfig.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/outputconfig.asciidoc @@ -218,7 +218,7 @@ for more information about the environment variables. ===== `index` ifndef::apm-server[] -The index name to write events to. The default is +The index name to write events to when you're using daily indices. The default is +"{beatname_lc}-%\{[{beat_version_key}]\}-%\{+yyyy.MM.dd\}"+ (for example, +"{beatname_lc}-{version}-{localdate}"+). If you change this setting, you also need to configure the `setup.template.name` and `setup.template.pattern` options @@ -248,6 +248,12 @@ dashboards, you also need to set the `setup.dashboards.index` option (see endif::no_dashboards[] ifndef::apm-server[] +ifndef::no_ilm[] +The `index` setting is ignored when index lifecycle management is enabled. If +you’re sending events to a cluster that supports index lifecycle management, see +<> to learn how to change the index name. +endif::no_ilm[] + You can set the index dynamically by using a format string to access any event field. For example, this configuration uses a custom field, `fields.log_type`, to set the index: diff --git a/vendor/github.com/elastic/beats/libbeat/docs/processors-using.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/processors-using.asciidoc index ca34e4e5..09dd0d33 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/processors-using.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/processors-using.asciidoc @@ -215,7 +215,6 @@ ifdef::has_decode_csv_fields_processor[] * <> endif::[] * <> - * <> * <> * <> * <> @@ -884,8 +883,9 @@ processor to drop the field and then rename the field. ------- processors: - decode_base64_field: - from: "field1" - to: "field2" + field: + from: "field1" + to: "field2" ignore_missing: false fail_on_error: true ------- @@ -918,8 +918,9 @@ processor to drop the field and then rename the field. ------- processors: - decompress_gzip_field: - from: "field1" - to: "field2" + field: + from: "field1" + to: "field2" ignore_missing: false fail_on_error: true ------- diff --git a/vendor/github.com/elastic/beats/libbeat/docs/release.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/release.asciidoc index 290369a6..5291f368 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/release.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/release.asciidoc @@ -8,6 +8,9 @@ This section summarizes the changes in each release. Also read <> for more detail about changes that affect upgrade. +* <> +* <> +* <> * <> * <> * <> @@ -18,6 +21,8 @@ upgrade. * <> * <> * <> +* <> +* <> * <> * <> * <> diff --git a/vendor/github.com/elastic/beats/libbeat/docs/security/basic-auth.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/security/basic-auth.asciidoc index 02f276f1..b29abb89 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/security/basic-auth.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/security/basic-auth.asciidoc @@ -19,7 +19,7 @@ under `output.elasticsearch`. For example: ---- output.elasticsearch: hosts: ["localhost:9200"] - username: "{beat_default_index_prefix}_internal" <1> + username: "{beat_default_index_prefix}_writer" <1> password: "{pwd}" <2> ---- <1> Let's assume this user has the privileges required to publish events to @@ -36,7 +36,7 @@ authenticating with {kib}. For example: ---- setup.kibana: host: "mykibanahost:5601" - username: "{beat_default_index_prefix}_internal" <1> + username: "{beat_default_index_prefix}_setup" <1> password: "{pwd}" ---- <1> Let's assume this user has the privileges required to set up dashboards. diff --git a/vendor/github.com/elastic/beats/libbeat/docs/security/users.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/security/users.asciidoc index ab2e1b22..fe61b131 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/security/users.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/security/users.asciidoc @@ -4,198 +4,311 @@ You can use role-based access control to grant users access to secured resources. The roles that you set up depend on your organization's security -requirements and the minimum privileges required to use specific features. +requirements and the minimum privileges required to use specific features. -{beatname_uc} users typically perform these main roles: they do the initial -setup, publish monitoring information, and publish events. If they're using -{kib}, they view and sometimes create visualizations that access {beatname_uc} -indices. +Typically you need the create the following separate roles: -{security} provides pre-built roles that grant _some_ of the privileges needed -by {beatname_uc} users. When possible, use the built-in roles to minimize the -affect of future changes on your security strategy. +* <> for setting up index templates and +other dependencies +* <> for sending monitoring +information +* <> for publishing events collected +by {beatname_uc} +* <> for {kib} users who need to view and +create visualizations that access {beatname_uc} data -For privileges not granted by existing roles, create new roles. At a minimum, -create a role for setting up {beatname_uc}, a role for publishing events, and a -role for reading {beatname_uc} indices. Assign these new roles, along with the -pre-built roles, to grant the full set of privileges required by {beatname_uc} -users. -The following sections describe the privileges and roles required to perform -specific job roles. +{security} provides built-in roles that grant a subset of the privileges +needed by {beatname_uc} users. When possible, use the built-in roles to minimize +the affect of future changes on your security strategy. + [[privileges-to-setup-beats]] -==== Privileges needed for initial setup +==== Grant privileges and roles needed for setup -Users who set up {beatname_uc} typically need to load mappings, dashboards, and -other objects used to index data into {es} and visualize it in {kib}. The -privileges required depend on the setup tasks users need to perform. +IMPORTANT: Setting up {beatname_uc} is an admin-level task that requires extra +privileges. As a best practice, grant the setup role to administrators only, and +use a less restrictive role for event publishing. -NOTE: These instructions assume that you are using the default name for -{beatname_uc} indices. If you are using a custom name, modify the privileges to -match your index naming pattern. +Administrators who set up {beatname_uc} typically need to load mappings, +dashboards, and other objects used to index data into {es} and visualize it in +{kib}. + +To grant users the required privileges: +. Create a *setup role*, called something like +{beat_default_index_prefix}_setup+, that has +the following privileges: ++ [options="header"] |==== -|Task | Required privileges and roles +|Privileges | Why needed? -.3+|Set up index templates -|`manage_index_templates` and `monitor` on cluster -|`manage_ilm` on cluster (if cluster supports index lifecycle management) -|`manage` on +{beat_default_index_prefix}-*+ indices (if cluster supports index lifecycle management) +|`monitor` +|Send monitoring data to the cluster -ifndef::no_dashboards[] -|Set up example dashboards -|`kibana_user` role -endif::no_dashboards[] +ifndef::no_ilm[] +|`manage_ilm` +|Set up and manage index lifecycle management (ILM) policy +endif::no_ilm[] ifdef::has_ml_jobs[] -.3+|Set up machine learning job configurations -|`manage_ml` and `monitor` on cluster +|`manage_ml` +|Set up machine learning job configurations +endif::has_ml_jobs[] + +|`manage` on +{beat_default_index_prefix}-*+ indices +|Set up aliases used by ILM + +ifdef::has_ml_jobs[] |`read` on +{beat_default_index_prefix}-*+ indices -|`kibana_user` role +|Read {beatname_uc} indices in order to set up machine learning jobs endif::has_ml_jobs[] +|==== ++ +Omit any privileges that aren't relevant in your environment. ++ +NOTE: These instructions assume that you are using the default name for +{beatname_uc} indices. If you are using a custom name, modify the privileges to +match your index naming pattern. -ifeval::["{beatname_lc}"=="filebeat"] -.2+|Set up ingest pipelines -|`monitor` on cluster -|`ingest_admin` role -endif::[] +. Assign the *setup role*, along with the following built-in roles, to users who +need to set up {beatname_uc}: ++ +[options="header"] +|==== +|Roles | Why needed? + +|`kibana_user` +|Load dependencies, such as example dashboards, if available, into {kib} + +|`ingest_admin` +|Set up index templates and, if available, ingest pipelines ifdef::apm-server[] -.2+|Set up ingest pipelines -|`monitor` on cluster -|`ingest_admin` role +|`ingest_admin` +|Set up ingest pipelines endif::apm-server[] -.2+|Set up index lifecycle policies -|`manage_ilm`, `manage_index_templates`, and `monitor` on cluster -|`manage` on +{beat_default_index_prefix}-*+ indices - ifdef::has_central_config[] +|`beats_admin` |Enroll and manage configurations in Beats central management -|`beats_admin` and `kibana_user` roles endif::has_central_config[] |==== ++ +Omit any roles that aren't relevant in your environment. [[privileges-to-publish-monitoring]] -==== Privileges needed to publish and view monitoring information +==== Grant privileges and roles needed for monitoring + +{security} provides built-in users and roles for monitoring. The privileges and +roles needed depend on the method used to collect monitoring data. + +===== Internal collection -{security} provides the +{beat_default_index_prefix}_system+ +For <>, {security} +provides the +{beat_default_index_prefix}_system+ {stack-ov}/built-in-users.html[built-in user] and +{beat_default_index_prefix}_system+ {stack-ov}/built-in-roles.html[built-in role] for sending monitoring information. You can use the built-in user, or create a user who has the privileges needed to send monitoring information. + If you use the +{beat_default_index_prefix}_system+ user, make sure you <>. +If you don't use the +{beat_default_index_prefix}_system+ user: + +. Create a *monitoring role*, called something like ++{beat_default_index_prefix}_monitoring+, that has the following privileges: ++ [options="header"] |==== -|Task | Required privileges and roles +|Privileges | Why needed? +|`monitor` |Send monitoring info -|`monitor` on cluster +|`kibana_user` +|Use {kib} +|==== + +. Assign the *monitoring role*, along with the following built-in role, to +users who need to monitor {beatname_uc}: ++ +[options="header"] +|==== +|Role | Why needed? +|`monitoring_user` |Use *Stack Monitoring* in {kib} to monitor {beatname_uc} -|`monitoring_user` and `kibana_user` roles |==== +ifndef::serverless[] +===== {metricbeat} collection + +For <>, {security} +provides the `remote_monitoring_user` {stack-ov}/built-in-users.html[built-in +user], and the `remote_monitoring_collector` and `remote_monitoring_agent` +{stack-ov}/built-in-roles.html[built-in roles] for collecting and sending +monitoring information. You can use the built-in user, or +create a user who has the privileges needed to collect and send monitoring +information. + +If you use the `remote_monitoring_user` user, make sure you +<>. + +If you don't use the `remote_monitoring_user` user: + +. Create a user on the production cluster who will collect and send monitoring +information. + +. Assign the following roles to the user: ++ +[options="header"] +|==== +|Role | Why needed? +|`remote_monitoring_collector` +|Collect monitoring metrics from {beatname_uc} +|`remote_monitoring_agent` +|Send monitoring data to the monitoring cluster +|==== + +. Assign the following role to users who will view the monitoring data in +{kib}: + +[options="header"] +|==== +|Role | Why needed? +|`monitoring_user` +|Use *Stack Monitoring* in {kib} to monitor {beatname_uc} +|==== +endif::serverless[] [[privileges-to-publish-events]] -==== Privileges needed to publish events +==== Grant privileges and roles needed for publishing Users who publish events to {es} need to create and read from {beatname_uc} -indices. The privileges required for this role depend on the tasks users -need to perform: - +indices. To minimize the privileges required by the writer role, you can use the +<> to pre-load dependencies. Then turn off +setup options in the {beatname_uc} config file before running {beatname_uc} to +publish events. For example: + +ifndef::no_ilm[] +[source,yaml] +---- +setup.template.enabled: false +setup.ilm.check_exists: false +setup.ilm.overwrite: false <1> +---- +<1> Omit `ilm.check_exists` and `ilm.overwrite` if ILM is disabled. +endif::no_ilm[] + +ifdef::no_ilm[] +[source,yaml] +---- +setup.template.enabled: false +---- +endif::no_ilm[] + +To grant the required privileges: + +. Create a *writer role*, called something like +{beat_default_index_prefix}_writer+, that has +the following privileges (this list assumes the setup options shown earlier are +set to `false`): ++ [options="header"] |==== -|Task | Required privileges and roles +|Privileges | Why needed? ifndef::apm-server[] -.3+|Send data to a secured cluster without index lifecycle management -|`monitor` on cluster -ifeval::["{beatname_lc}"=="filebeat"] -(and `manage_pipeline` if {beatname_uc} modules are used) -endif::[] -|`create_index` and `index` on +{beat_default_index_prefix}-*+ indices -|also requires privileges to <> -unless you've disabled automatic template loading - -.2+|Send data to a secured cluster that supports index lifecycle management -|`manage_index_templates`, `manage_ilm` footnote:[Use `read_ilm` instead of -`manage_ilm` if you pre-loaded the lifecycle policy], and `monitor` -on cluster +|`monitor` +|Send monitoring info +endif::apm-server[] + +ifndef::no_ilm[] +|`read_ilm` +|Read the ILM policy when connecting to clusters that support ILM +endif::no_ilm[] + ifeval::["{beatname_lc}"=="filebeat"] -(and `manage_pipeline` if {beatname_uc} modules are used) +|`manage_pipeline` +|Load ingest pipelines used by modules endif::[] -| `index` and `manage` on +{beat_default_index_prefix}-*+ indices -endif::apm-server[] -ifdef::apm-server[] -.3+|Send data to a secured cluster without index lifecycle management -|`monitor` on cluster -|`create_index` and `write` on +{beat_default_index_prefix}-*+ indices -|also requires privileges to <> -unless you've disabled automatic template loading: `setup.template.enabled=false` - -.3+|Send data to a secured cluster that supports index lifecycle management -|`manage_ilm` and `monitor` on cluster -| `index` and `manage` on +{beat_default_index_prefix}-*+ indices -|also requires privileges to <> -unless you've disabled automatic template loading: `setup.template.enabled=false` -endif::apm-server[] +ifndef::no_ilm[] +|`view_index_metadata` on +{beat_default_index_prefix}-*+ indices +|Check for alias when connecting to clusters that support ILM +endif::no_ilm[] -ifdef::has_central_config[] -.2+|Read configurations from Beats central management -| `monitor` on cluster -|`beats_admin` role -endif::has_central_config[] +|`index` on +{beat_default_index_prefix}-*+ indices +|Index events into {es} + +|`create_index` on +{beat_default_index_prefix}-*+ indices +|Create daily indices when connecting to clusters that do not support ILM |==== +ifndef::apm-server[] ++ +Omit any privileges that aren't relevant in your environment. +endif::apm-server[] -// REVIEWERS: Do users need `index` and `manage` on `shrink-beatname-*`, too? -// Are there other privileges that might be required as indices move through the -// lifecycle stages? +. Assign the *writer role* to users who will index events into {es}. [[kibana-user-privileges]] -==== Privileges needed by {kib} users +==== Grant privileges and roles needed to read {beatname_uc} data {kib} users typically need to view dashboards and visualizations that contain {beatname_uc} data. These users might also need to create and edit dashboards and visualizations. ifdef::has_central_config[] -If you're using Beats central management, they need to create and manage -configurations. +If you're using Beats central management, some of these users might need to +create and manage configurations. endif::has_central_config[] -The privileges required for {kib} users depend on the tasks they need to -perform: +To grant users the required privileges: +ifndef::apm-server[] +. Create a *reader role*, called something like +{beat_default_index_prefix}_reader+, that has +the following privilege: ++ [options="header"] |==== -|Task | Required privileges and roles +|Privilege | Why needed? -ifndef::apm-server[] -.2+|View {beatname_uc} dashboards |`read` on +{beat_default_index_prefix}-*+ indices -|`kibana_dashboard_only_user` role +|Read data indexed by {beatname_uc} +|==== -.2+|View and edit {beatname_uc} dashboards -|`read` on +{beat_default_index_prefix}-*+ indices -|`kibana_user` role +. Assign the *reader role*, along with the following built-in roles, to +users who need to read {beatname_uc} data: ++ +[options="header"] +|==== +|Roles | Why needed? + +|`kibana_user` or `kibana_dashboard_only_user` +|Use {kib}. `kibana_dashboard_only_user` grants read-only access to dashboards. + +ifdef::has_central_config[] +|`beats_admin` +|Create and manage configurations in Beats central management. Only assign this +role to users who need to use Beats central management. +endif::[] +|==== ++ +Omit any roles that aren't relevant in your environment. endif::apm-server[] ifdef::apm-server[] +. Assign the following built-in roles to users who need to read {beatname_uc} +data: ++ +[options="header"] +|==== +|Roles | Why needed? + +|`kibana_user` and `apm_user` |Use the APM UI -|`kibana_user` and `apm_user` roles +|==== endif::apm-server[] -ifdef::has_central_config[] -.2+|Create and manage configurations in Beats central management -|`beats_admin` role -|`kibana_user` role -endif::[] -|==== [[learn-more-security]] ==== Learn more about users and roles @@ -206,4 +319,4 @@ Want to learn more about creating users and roles? See * {stack-ov}/security-privileges.html[Security privileges] for a description of available privileges * {stack-ov}/built-in-roles.html[Built-in roles] for a description of roles that -you can assign to users \ No newline at end of file +you can assign to users diff --git a/vendor/github.com/elastic/beats/libbeat/docs/shared-template-load.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/shared-template-load.asciidoc index b7fe1b7b..d044b4e5 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/shared-template-load.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/shared-template-load.asciidoc @@ -145,7 +145,7 @@ ifdef::deb_os,rpm_os[] *deb and rpm:* ["source","sh",subs="attributes"] ---- -{beatname_lc} setup --template{disable_logstash} -E 'output.elasticsearch.hosts=["localhost:9200"]' +{beatname_lc} setup --index-management{disable_logstash} -E 'output.elasticsearch.hosts=["localhost:9200"]' ---- endif::deb_os,rpm_os[] @@ -154,14 +154,14 @@ ifdef::mac_os[] ["source","sh",subs="attributes"] ---- -./{beatname_lc} setup --template{disable_logstash} -E 'output.elasticsearch.hosts=["localhost:9200"]' +./{beatname_lc} setup --index-management{disable_logstash} -E 'output.elasticsearch.hosts=["localhost:9200"]' ---- *brew:* ["source","sh",subs="attributes"] ---- -{beatname_lc} setup --template{disable_logstash} -E 'output.elasticsearch.hosts=["localhost:9200"]' +{beatname_lc} setup --index-management{disable_logstash} -E 'output.elasticsearch.hosts=["localhost:9200"]' ---- endif::mac_os[] @@ -170,7 +170,7 @@ ifdef::linux_os[] ["source","sh",subs="attributes"] ---- -./{beatname_lc} setup --template{disable_logstash} -E 'output.elasticsearch.hosts=["localhost:9200"]' +./{beatname_lc} setup --index-management{disable_logstash} -E 'output.elasticsearch.hosts=["localhost:9200"]' ---- endif::linux_os[] @@ -180,7 +180,7 @@ ifdef::docker_platform[] ["source","sh",subs="attributes"] ---------------------------------------------------------------------- -docker run {dockerimage} setup --template{disable_logstash} -E 'output.elasticsearch.hosts=["localhost:9200"]' +docker run {dockerimage} setup --index-management{disable_logstash} -E 'output.elasticsearch.hosts=["localhost:9200"]' ---------------------------------------------------------------------- endif::docker_platform[] @@ -197,7 +197,7 @@ and run: ["source","sh",subs="attributes"] ---------------------------------------------------------------------- -PS > .{backslash}{beatname_lc}.exe setup --template{disable_logstash} -E 'output.elasticsearch.hosts=["localhost:9200"]' +PS > .{backslash}{beatname_lc}.exe setup --index-management{disable_logstash} -E 'output.elasticsearch.hosts=["localhost:9200"]' ---------------------------------------------------------------------- endif::win_os[] diff --git a/vendor/github.com/elastic/beats/libbeat/docs/upgrading.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/upgrading.asciidoc index 9e4c66d3..77b9e252 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/upgrading.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/upgrading.asciidoc @@ -161,14 +161,15 @@ these fields, but your {kib} visualizations and aggregations will not work on these fields until the conflicts are resolved. Some of your {es} API queries may continue to work, if the old and new types are compatible. -// TODO: Add a link to the breaking changes after we've added the list of type -// changes. -// TODO: Add link to docs about resolving conflicts when they are available. - We strongly advise that you adjust your custom {kib} dashboards, machine -learning jobs, and other content to use the new ECS field names. After removing -all references to old fields, you should set `migration.6_to_7.enabled: false` -so that field aliases will not be created during your next minor upgrade. +learning jobs, and other content to use the new ECS field names. To learn more +about migrating to ECS, see the +https://www.elastic.co/blog/migrating-to-elastic-common-schema-in-beats-environments[Migrating +to Elastic Common Schema (ECS) in Beats environments] blog post. + +After removing all references to old fields, you should set +`migration.6_to_7.enabled: false` so that field aliases will not be created +during your next minor upgrade. The aliases will be removed in 8.0. diff --git a/vendor/github.com/elastic/beats/libbeat/docs/version.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/version.asciidoc index de3d0d5a..bfff608f 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/version.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/version.asciidoc @@ -1,7 +1,7 @@ :stack-version: 7.3.0 :doc-branch: 7.3 :go-version: 1.12.4 -:release-state: unreleased +:release-state: released :python: 2.7.9 :docker: 1.12 :docker-compose: 1.11 diff --git a/vendor/github.com/elastic/beats/libbeat/processors/actions/decode_base64_field.go b/vendor/github.com/elastic/beats/libbeat/processors/actions/decode_base64_field.go index e56daa43..c4e33d4a 100644 --- a/vendor/github.com/elastic/beats/libbeat/processors/actions/decode_base64_field.go +++ b/vendor/github.com/elastic/beats/libbeat/processors/actions/decode_base64_field.go @@ -35,36 +35,29 @@ const ( ) type decodeBase64Field struct { - log *logp.Logger - config base64Config + log *logp.Logger } type base64Config struct { - fromTo `config:"field"` - IgnoreMissing bool `config:"ignore_missing"` - FailOnError bool `config:"fail_on_error"` + Field fromTo `config:"field"` + IgnoreMissing bool `config:"ignore_missing"` + FailOnError bool `config:"fail_on_error"` } -var ( - defaultBase64Config = base64Config{ - IgnoreMissing: false, - FailOnError: true, - } -) - func init() { processors.RegisterPlugin(processorName, checks.ConfigChecked(NewDecodeBase64Field, checks.RequireFields("field"), - checks.AllowedFields("field", "when"))) + checks.AllowedFields("field", "when", "ignore_missing", "fail_on_error"))) } // NewDecodeBase64Field construct a new decode_base64_field processor. func NewDecodeBase64Field(c *common.Config) (processors.Processor, error) { - config := defaultBase64Config - - log := logp.NewLogger(processorName) + config := base64Config{ + IgnoreMissing: false, + FailOnError: true, + } err := c.Unpack(&config) if err != nil { @@ -72,8 +65,8 @@ func NewDecodeBase64Field(c *common.Config) (processors.Processor, error) { } return &decodeBase64Field{ - log: log, config: config, + log: logp.NewLogger(processorName), }, nil } @@ -84,55 +77,50 @@ func (f *decodeBase64Field) Run(event *beat.Event) (*beat.Event, error) { backup = event.Fields.Clone() } - err := f.decodeField(f.config.From, f.config.To, event.Fields) - if err != nil && f.config.FailOnError { + err := f.decodeField(event) + if err != nil { errMsg := fmt.Errorf("failed to decode base64 fields in processor: %v", err) - f.log.Debug("decode base64", errMsg.Error()) - event.Fields = backup - _, _ = event.PutValue("error.message", errMsg.Error()) - return event, err + f.log.Debug(errMsg.Error()) + if f.config.FailOnError { + event.Fields = backup + event.PutValue("error.message", errMsg.Error()) + return event, err + } } - return event, nil } func (f decodeBase64Field) String() string { - return fmt.Sprintf("%s=%+v", processorName, f.config.fromTo) + return fmt.Sprintf("%s=%+v", processorName, f.config.Field) } -func (f *decodeBase64Field) decodeField(from string, to string, fields common.MapStr) error { - value, err := fields.GetValue(from) +func (f *decodeBase64Field) decodeField(event *beat.Event) error { + value, err := event.GetValue(f.config.Field.From) if err != nil { - // Ignore ErrKeyNotFound errors if f.config.IgnoreMissing && errors.Cause(err) == common.ErrKeyNotFound { return nil } - return fmt.Errorf("could not fetch value for key: %s, Error: %s", from, err) + return fmt.Errorf("could not fetch base64 value for key: %s, Error: %v", f.config.Field.From, err) } - text, ok := value.(string) + base64String, ok := value.(string) if !ok { return fmt.Errorf("invalid type for `from`, expecting a string received %T", value) } - decodedData, err := base64.StdEncoding.DecodeString(text) + decodedData, err := base64.StdEncoding.DecodeString(base64String) if err != nil { - return fmt.Errorf("error trying to unmarshal %s: %v", text, err) + return fmt.Errorf("error trying to decode %s: %v", base64String, err) } - field := to + target := f.config.Field.To // If to is empty - if to == "" || from == to { - // Deletion must happen first to support cases where a becomes a.b - if err = fields.Delete(from); err != nil { - return fmt.Errorf("could not delete key: %s, %+v", from, err) - } - - field = from + if f.config.Field.To == "" || f.config.Field.From == f.config.Field.To { + target = f.config.Field.From } - if _, err = fields.Put(field, string(decodedData)); err != nil { - return fmt.Errorf("could not put value: %s: %v, %v", decodedData, field, err) + if _, err = event.PutValue(target, string(decodedData)); err != nil { + return fmt.Errorf("could not put value: %s: %v, %v", decodedData, target, err) } return nil diff --git a/vendor/github.com/elastic/beats/libbeat/processors/actions/decode_base64_field_test.go b/vendor/github.com/elastic/beats/libbeat/processors/actions/decode_base64_field_test.go index 67e01271..de4f6a42 100644 --- a/vendor/github.com/elastic/beats/libbeat/processors/actions/decode_base64_field_test.go +++ b/vendor/github.com/elastic/beats/libbeat/processors/actions/decode_base64_field_test.go @@ -38,7 +38,7 @@ func TestDecodeBase64Run(t *testing.T) { { description: "simple field base64 decode", config: base64Config{ - fromTo: fromTo{ + Field: fromTo{ From: "field1", To: "field2", }, IgnoreMissing: false, @@ -56,7 +56,7 @@ func TestDecodeBase64Run(t *testing.T) { { description: "simple field base64 decode To empty", config: base64Config{ - fromTo: fromTo{ + Field: fromTo{ From: "field1", To: "", }, IgnoreMissing: false, @@ -73,7 +73,7 @@ func TestDecodeBase64Run(t *testing.T) { { description: "simple field base64 decode from and to equals", config: base64Config{ - fromTo: fromTo{ + Field: fromTo{ From: "field1", To: "field1", }, IgnoreMissing: false, @@ -90,7 +90,7 @@ func TestDecodeBase64Run(t *testing.T) { { description: "simple field bad data - fail on error", config: base64Config{ - fromTo: fromTo{ + Field: fromTo{ From: "field1", To: "field1", }, IgnoreMissing: false, @@ -102,7 +102,7 @@ func TestDecodeBase64Run(t *testing.T) { Output: common.MapStr{ "field1": "bad data", "error": common.MapStr{ - "message": "failed to decode base64 fields in processor: error trying to unmarshal bad data: illegal base64 data at input byte 3", + "message": "failed to decode base64 fields in processor: error trying to decode bad data: illegal base64 data at input byte 3", }, }, error: true, @@ -110,7 +110,7 @@ func TestDecodeBase64Run(t *testing.T) { { description: "simple field bad data fail on error false", config: base64Config{ - fromTo: fromTo{ + Field: fromTo{ From: "field1", To: "field2", }, IgnoreMissing: false, @@ -127,7 +127,7 @@ func TestDecodeBase64Run(t *testing.T) { { description: "missing field", config: base64Config{ - fromTo: fromTo{ + Field: fromTo{ From: "field2", To: "field3", }, IgnoreMissing: false, @@ -139,7 +139,7 @@ func TestDecodeBase64Run(t *testing.T) { Output: common.MapStr{ "field1": "Y29ycmVjdCBkYXRh", "error": common.MapStr{ - "message": "failed to decode base64 fields in processor: could not fetch value for key: field2, Error: key not found", + "message": "failed to decode base64 fields in processor: could not fetch base64 value for key: field2, Error: key not found", }, }, error: true, @@ -147,7 +147,7 @@ func TestDecodeBase64Run(t *testing.T) { { description: "missing field ignore", config: base64Config{ - fromTo: fromTo{ + Field: fromTo{ From: "field2", To: "field3", }, IgnoreMissing: true, diff --git a/vendor/github.com/elastic/beats/libbeat/version/version.go b/vendor/github.com/elastic/beats/libbeat/version/version.go index 6a4aa443..c8078217 100644 --- a/vendor/github.com/elastic/beats/libbeat/version/version.go +++ b/vendor/github.com/elastic/beats/libbeat/version/version.go @@ -18,4 +18,4 @@ // Code generated by dev-tools/set_version package version -const defaultBeatVersion = "7.3.0" +const defaultBeatVersion = "7.3.1" diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/modules/beat.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/modules/beat.asciidoc new file mode 100644 index 00000000..a3305f26 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/docs/modules/beat.asciidoc @@ -0,0 +1,55 @@ +//// +This file is generated! See scripts/docs_collector.py +//// + +[[metricbeat-module-beat]] +== Beat module + +This is the Beat module. + +The default metricsets are `state` and `stats`. + +[float] +=== Compability + +The beat module is tested with metricbeat 7.2.0. + + +[float] +=== Example configuration + +The Beat module supports the standard configuration options that are described +in <>. Here is an example configuration: + +[source,yaml] +---- +metricbeat.modules: +- module: beat + metricsets: + - stats + - state + period: 10s + hosts: ["http://localhost:5066"] + #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] + + # Set to true to send data collected by module to X-Pack + # Monitoring instead of metricbeat-* indices. + #xpack.enabled: false +---- + +This module supports TLS connections when using `ssl` config field, as described in <>. +It also supports the options described in <>. + +[float] +=== Metricsets + +The following metricsets are available: + +* <> + +* <> + +include::beat/state.asciidoc[] + +include::beat/stats.asciidoc[] + diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/modules/beat/state.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/modules/beat/state.asciidoc new file mode 100644 index 00000000..ace5d2ac --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/docs/modules/beat/state.asciidoc @@ -0,0 +1,21 @@ +//// +This file is generated! See scripts/docs_collector.py +//// + +[[metricbeat-metricset-beat-state]] +=== Beat state metricset + +include::../../../module/beat/state/_meta/docs.asciidoc[] + + +==== Fields + +For a description of each field in the metricset, see the +<> section. + +Here is an example document generated by this metricset: + +[source,json] +---- +include::../../../module/beat/state/_meta/data.json[] +---- diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/modules/beat/stats.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/modules/beat/stats.asciidoc new file mode 100644 index 00000000..210eb470 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/docs/modules/beat/stats.asciidoc @@ -0,0 +1,21 @@ +//// +This file is generated! See scripts/docs_collector.py +//// + +[[metricbeat-metricset-beat-stats]] +=== Beat stats metricset + +include::../../../module/beat/stats/_meta/docs.asciidoc[] + + +==== Fields + +For a description of each field in the metricset, see the +<> section. + +Here is an example document generated by this metricset: + +[source,json] +---- +include::../../../module/beat/stats/_meta/data.json[] +---- diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/modules_list.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/modules_list.asciidoc index d7743159..9fcd2883 100644 --- a/vendor/github.com/elastic/beats/metricbeat/docs/modules_list.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/docs/modules_list.asciidoc @@ -16,6 +16,9 @@ This file is generated! See scripts/docs_collector.py |<> beta[] |<> beta[] |<> beta[] +|<> |image:./images/icon-no.png[No prebuilt dashboards] | +.2+| .2+| |<> +|<> |<> |image:./images/icon-no.png[No prebuilt dashboards] | .7+| .7+| |<> |<> @@ -189,6 +192,7 @@ This file is generated! See scripts/docs_collector.py include::modules/aerospike.asciidoc[] include::modules/apache.asciidoc[] include::modules/aws.asciidoc[] +include::modules/beat.asciidoc[] include::modules/ceph.asciidoc[] include::modules/cockroachdb.asciidoc[] include::modules/consul.asciidoc[] diff --git a/vendor/github.com/elastic/beats/metricbeat/module/beat/_meta/docs.asciidoc b/vendor/github.com/elastic/beats/metricbeat/module/beat/_meta/docs.asciidoc new file mode 100644 index 00000000..b0b892ed --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/beat/_meta/docs.asciidoc @@ -0,0 +1,8 @@ +This is the Beat module. + +The default metricsets are `state` and `stats`. + +[float] +=== Compability + +The beat module is tested with metricbeat 7.2.0. diff --git a/vendor/github.com/elastic/beats/metricbeat/module/beat/beat.go b/vendor/github.com/elastic/beats/metricbeat/module/beat/beat.go index 7801a285..1539d83c 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/beat/beat.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/beat/beat.go @@ -19,6 +19,7 @@ package beat import ( "encoding/json" + "fmt" "net/url" "github.com/pkg/errors" @@ -74,6 +75,13 @@ func validateXPackMetricsets(base mb.BaseModule) error { // ModuleName is the name of this module. const ModuleName = "beat" +var ( + // ErrClusterUUID is the error to be returned when the monitored beat is using the Elasticsearch output but hasn't + // yet connected or is having trouble connecting to that Elasticsearch, so the cluster UUID cannot be + // determined + ErrClusterUUID = fmt.Errorf("monitored beat is using Elasticsearch output but cluster UUID cannot be determined") +) + // Info construct contains the relevant data from the Beat's / endpoint type Info struct { UUID string `json:"uuid"` @@ -85,6 +93,9 @@ type Info struct { // State construct contains the relevant data from the Beat's /state endpoint type State struct { + Output struct { + Name string `json:"name"` + } `json:"output"` Outputs struct { Elasticsearch struct { ClusterUUID string `json:"cluster_uuid"` diff --git a/vendor/github.com/elastic/beats/metricbeat/module/beat/state/_meta/docs.asciidoc b/vendor/github.com/elastic/beats/metricbeat/module/beat/state/_meta/docs.asciidoc new file mode 100644 index 00000000..d66ce70d --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/beat/state/_meta/docs.asciidoc @@ -0,0 +1 @@ +This is the state metricset of the beat module. diff --git a/vendor/github.com/elastic/beats/metricbeat/module/beat/state/data_xpack.go b/vendor/github.com/elastic/beats/metricbeat/module/beat/state/data_xpack.go index 67fed65d..3b66f0fc 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/beat/state/data_xpack.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/beat/state/data_xpack.go @@ -27,10 +27,10 @@ import ( "github.com/elastic/beats/libbeat/common" "github.com/elastic/beats/metricbeat/mb" - "github.com/elastic/beats/metricbeat/module/beat" + b "github.com/elastic/beats/metricbeat/module/beat" ) -func eventMappingXPack(r mb.ReporterV2, m *MetricSet, info beat.Info, content []byte) error { +func eventMappingXPack(r mb.ReporterV2, m *MetricSet, info b.Info, content []byte) error { now := time.Now() // Massage info into beat @@ -54,7 +54,16 @@ func eventMappingXPack(r mb.ReporterV2, m *MetricSet, info beat.Info, content [] "timestamp": now, } - clusterUUID := getClusterUUID(state) + var clusterUUID string + if isOutputES(state) { + clusterUUID = getClusterUUID(state) + if clusterUUID == "" { + // Output is ES but cluster UUID could not be determined. No point sending monitoring + // data with empty cluster UUID since it will not be associated with the correct ES + // production cluster. Log error instead. + return errors.Wrap(b.ErrClusterUUID, "could not determine cluster UUID") + } + } var event mb.Event event.RootFields = common.MapStr{ @@ -108,3 +117,27 @@ func getClusterUUID(state map[string]interface{}) string { return clusterUUID } + +func isOutputES(state map[string]interface{}) bool { + o, exists := state["output"] + if !exists { + return false + } + + output, ok := o.(map[string]interface{}) + if !ok { + return false + } + + n, exists := output["name"] + if !exists { + return false + } + + name, ok := n.(string) + if !ok { + return false + } + + return name == "elasticsearch" +} diff --git a/vendor/github.com/elastic/beats/metricbeat/module/beat/stats/_meta/docs.asciidoc b/vendor/github.com/elastic/beats/metricbeat/module/beat/stats/_meta/docs.asciidoc new file mode 100644 index 00000000..bf8bcd78 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/beat/stats/_meta/docs.asciidoc @@ -0,0 +1 @@ +This is the stats metricset of the beat module. diff --git a/vendor/github.com/elastic/beats/metricbeat/module/beat/stats/data_xpack.go b/vendor/github.com/elastic/beats/metricbeat/module/beat/stats/data_xpack.go index 2c75d7c6..e9d4fd00 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/beat/stats/data_xpack.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/beat/stats/data_xpack.go @@ -83,5 +83,18 @@ func (m *MetricSet) getClusterUUID() (string, error) { return "", errors.Wrap(err, "could not get state information") } - return state.Outputs.Elasticsearch.ClusterUUID, nil + if state.Output.Name != "elasticsearch" { + return "", nil + } + + clusterUUID := state.Outputs.Elasticsearch.ClusterUUID + if clusterUUID == "" { + // Output is ES but cluster UUID could not be determined. No point sending monitoring + // data with empty cluster UUID since it will not be associated with the correct ES + // production cluster. Log error instead. + return "", beat.ErrClusterUUID + } + + return clusterUUID, nil + } diff --git a/vendor/github.com/elastic/beats/metricbeat/module/logstash/logstash.go b/vendor/github.com/elastic/beats/metricbeat/module/logstash/logstash.go index abc74d28..6e5bd523 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/logstash/logstash.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/logstash/logstash.go @@ -92,7 +92,10 @@ type graph struct { } type graphContainer struct { - Graph *graph `json:"graph,omitempty"` + Graph *graph `json:"graph,omitempty"` + Type string `json:"type"` + Version string `json:"version"` + Hash string `json:"hash"` } // PipelineState represents the state (shape) of a Logstash pipeline diff --git a/vendor/github.com/elastic/beats/metricbeat/module/logstash/node_stats/data_xpack.go b/vendor/github.com/elastic/beats/metricbeat/module/logstash/node_stats/data_xpack.go index 72a03f54..ba398ac1 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/logstash/node_stats/data_xpack.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/logstash/node_stats/data_xpack.go @@ -35,10 +35,18 @@ type jvm struct { HeapUsedInBytes int `json:"heap_used_in_bytes"` HeapUsedPercent int `json:"heap_used_percent"` } `json:"mem"` + UptimeInMillis int `json:"uptime_in_millis"` +} + +type events struct { + DurationInMillis int `json:"duration_in_millis"` + In int `json:"in"` + Filtered int `json:"filtered"` + Out int `json:"out"` } type commonStats struct { - Events map[string]interface{} `json:"events"` + Events events `json:"events"` JVM jvm `json:"jvm"` Reloads map[string]interface{} `json:"reloads"` Queue struct { @@ -93,13 +101,6 @@ type reloads struct { Failures int `json:"failures"` } -type events struct { - DurationInMillis int `json:"duration_in_millis"` - In int `json:"in"` - Filtered int `json:"filtered"` - Out int `json:"out"` -} - // NodeStats represents the stats of a Logstash node type NodeStats struct { nodeInfo @@ -124,7 +125,7 @@ type PipelineStats struct { ID string `json:"id"` Hash string `json:"hash"` EphemeralID string `json:"ephemeral_id"` - Events events `json:"events"` + Events map[string]interface{} `json:"events"` Reloads reloads `json:"reloads"` Queue map[string]interface{} `json:"queue"` Vertices []map[string]interface{} `json:"vertices"` diff --git a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_beat.py b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_beat.py index ede2e32b..f93a32fd 100644 --- a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_beat.py +++ b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_beat.py @@ -7,7 +7,7 @@ class Test(metricbeat.BaseTest): - COMPOSE_SERVICES = ['metricbeat'] + COMPOSE_SERVICES = ['metricbeat', 'elasticsearch'] FIELDS = ['beat'] METRICSETS = ['stats', 'state'] @@ -34,6 +34,13 @@ def test_xpack(self): } }]) + # Give the monitored Metricbeat instance enough time to collect metrics and index them + # into Elasticsearch, so it may establish the connection to Elasticsearch and determine + # it's cluster UUID in the process. Otherwise, the monitoring Metricbeat instance will + # show errors in its log about not being able to determine the Elasticsearch cluster UUID + # to be associated with the monitored Metricbeat instance. + time.sleep(30) + proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() diff --git a/vendor/github.com/elastic/beats/testing/environments/latest.yml b/vendor/github.com/elastic/beats/testing/environments/latest.yml index 5526b496..08f2a27d 100644 --- a/vendor/github.com/elastic/beats/testing/environments/latest.yml +++ b/vendor/github.com/elastic/beats/testing/environments/latest.yml @@ -3,7 +3,7 @@ version: '2.3' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:7.2.0 + image: docker.elastic.co/elasticsearch/elasticsearch:8.0.0-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9200"] retries: 300 @@ -16,7 +16,7 @@ services: - "xpack.security.enabled=false" logstash: - image: docker.elastic.co/logstash/logstash:7.2.0 + image: docker.elastic.co/logstash/logstash:8.0.0-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] retries: 300 @@ -26,7 +26,7 @@ services: - ./docker/logstash/pki:/etc/pki:ro kibana: - image: docker.elastic.co/kibana/kibana:7.2.0 + image: docker.elastic.co/kibana/kibana:8.0.0-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:5601"] retries: 300 diff --git a/vendor/github.com/elastic/beats/testing/environments/snapshot-oss.yml b/vendor/github.com/elastic/beats/testing/environments/snapshot-oss.yml index 59cce600..935b3c62 100644 --- a/vendor/github.com/elastic/beats/testing/environments/snapshot-oss.yml +++ b/vendor/github.com/elastic/beats/testing/environments/snapshot-oss.yml @@ -3,7 +3,7 @@ version: '2.3' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch-oss:8.0.0-SNAPSHOT + image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.3.1-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9200"] retries: 300 @@ -15,7 +15,7 @@ services: - "http.host=0.0.0.0" logstash: - image: docker.elastic.co/logstash/logstash-oss:8.0.0-SNAPSHOT + image: docker.elastic.co/logstash/logstash-oss:7.3.1-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] retries: 600 @@ -25,7 +25,7 @@ services: - ./docker/logstash/pki:/etc/pki:ro kibana: - image: docker.elastic.co/kibana/kibana-oss:8.0.0-SNAPSHOT + image: docker.elastic.co/kibana/kibana-oss:7.3.1-SNAPSHOT healthcheck: test: ["CMD-SHELL", 'python -c ''import urllib, json; response = urllib.urlopen("http://localhost:5601/api/status"); data = json.loads(response.read()); exit(1) if data["status"]["overall"]["state"] != "green" else exit(0);'''] retries: 600 diff --git a/vendor/github.com/elastic/beats/testing/environments/snapshot.yml b/vendor/github.com/elastic/beats/testing/environments/snapshot.yml index ff1d550c..66752320 100644 --- a/vendor/github.com/elastic/beats/testing/environments/snapshot.yml +++ b/vendor/github.com/elastic/beats/testing/environments/snapshot.yml @@ -3,7 +3,7 @@ version: '2.3' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.0.0-SNAPSHOT + image: docker.elastic.co/elasticsearch/elasticsearch:7.3.1-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9200"] retries: 300 @@ -16,7 +16,7 @@ services: - "xpack.security.enabled=false" logstash: - image: docker.elastic.co/logstash/logstash:8.0.0-SNAPSHOT + image: docker.elastic.co/logstash/logstash:7.3.1-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] retries: 600 @@ -26,7 +26,7 @@ services: - ./docker/logstash/pki:/etc/pki:ro kibana: - image: docker.elastic.co/kibana/kibana:8.0.0-SNAPSHOT + image: docker.elastic.co/kibana/kibana:7.3.1-SNAPSHOT healthcheck: test: ["CMD-SHELL", 'python -c ''import urllib, json; response = urllib.urlopen("http://localhost:5601/api/status"); data = json.loads(response.read()); exit(1) if data["status"]["overall"]["state"] != "green" else exit(0);'''] retries: 600 diff --git a/vendor/github.com/elastic/beats/x-pack/auditbeat/docker-compose.yml b/vendor/github.com/elastic/beats/x-pack/auditbeat/docker-compose.yml index e11d8ec3..0272ca43 100644 --- a/vendor/github.com/elastic/beats/x-pack/auditbeat/docker-compose.yml +++ b/vendor/github.com/elastic/beats/x-pack/auditbeat/docker-compose.yml @@ -10,4 +10,3 @@ services: pid: host cap_add: - AUDIT_CONTROL - - AUDIT_READ diff --git a/vendor/github.com/elastic/beats/x-pack/winlogbeat/module/security/test/testdata/security-windows2012r2-logon.evtx.golden.json b/vendor/github.com/elastic/beats/x-pack/winlogbeat/module/security/test/testdata/security-windows2012r2-logon.evtx.golden.json index d9f97fe5..20c93598 100644 --- a/vendor/github.com/elastic/beats/x-pack/winlogbeat/module/security/test/testdata/security-windows2012r2-logon.evtx.golden.json +++ b/vendor/github.com/elastic/beats/x-pack/winlogbeat/module/security/test/testdata/security-windows2012r2-logon.evtx.golden.json @@ -54,7 +54,7 @@ "id": 536 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1535, "task": "Logon", @@ -116,7 +116,7 @@ "id": 556 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1538, "task": "Logon", @@ -181,7 +181,7 @@ "id": 556 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1542, "task": "Logon", @@ -243,7 +243,7 @@ "id": 556 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1545, "task": "Logon", @@ -305,7 +305,7 @@ "id": 556 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1547, "task": "Logon", @@ -367,7 +367,7 @@ "id": 556 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1550, "task": "Logon", @@ -429,7 +429,7 @@ "id": 548 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1553, "task": "Logon", @@ -491,7 +491,7 @@ "id": 548 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1556, "task": "Logon", @@ -556,7 +556,7 @@ "id": 808 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1561, "task": "Logon", @@ -618,7 +618,7 @@ "id": 548 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1563, "task": "Logon", @@ -683,7 +683,7 @@ "id": 808 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1567, "task": "Logon", @@ -745,7 +745,7 @@ "id": 556 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1570, "task": "Logon", @@ -807,7 +807,7 @@ "id": 1132 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1574, "task": "Logon", @@ -869,7 +869,7 @@ "id": 1132 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1576, "task": "Logon", @@ -931,7 +931,7 @@ "id": 504 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1578, "task": "Logon", @@ -993,7 +993,7 @@ "id": 1132 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1581, "task": "Logon", @@ -1055,7 +1055,7 @@ "id": 344 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1583, "task": "Logon", @@ -1120,7 +1120,7 @@ "id": 2756 } }, - "provider_guid": "{54849625-5478-4994-A5BA-3E3B0328C30D}", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": 1585, "task": "Logon" diff --git a/vendor/github.com/elastic/beats/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json b/vendor/github.com/elastic/beats/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json index df9deeee..92a1c78b 100644 --- a/vendor/github.com/elastic/beats/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json +++ b/vendor/github.com/elastic/beats/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json @@ -22,7 +22,7 @@ "id": 4724 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 1, "user": { @@ -56,7 +56,7 @@ "id": 4516 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 2, "user": { @@ -84,14 +84,14 @@ "args": [ "C:\\Windows\\Sysmon.exe" ], - "entity_id": "{42F11C3B-CE01-5C8F-0000-0010C73E2A00}", + "entity_id": "{42f11c3b-ce01-5c8f-0000-0010c73e2a00}", "executable": "C:\\Windows\\Sysmon.exe", "name": "Sysmon.exe", "parent": { "args": [ "C:\\Windows\\system32\\services.exe" ], - "entity_id": "{42F11C3B-6E1A-5C8C-0000-0010F14D0000}", + "entity_id": "{42f11c3b-6e1a-5c8c-0000-0010f14d0000}", "executable": "C:\\Windows\\System32\\services.exe", "name": "services.exe", "pid": 488 @@ -112,7 +112,7 @@ "Description": "System activity monitor", "FileVersion": "9.01", "IntegrityLevel": "System", - "LogonGuid": "{42F11C3B-6E1A-5C8C-0000-0020E7030000}", + "LogonGuid": "{42f11c3b-6e1a-5c8c-0000-0020e7030000}", "LogonId": "0x3e7", "Product": "Sysinternals Sysmon", "TerminalSessionId": "0" @@ -124,7 +124,7 @@ "id": 4516 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 3, "user": { @@ -153,7 +153,7 @@ "C:\\Windows\\system32\\wbem\\unsecapp.exe", "-Embedding" ], - "entity_id": "{42F11C3B-CE01-5C8F-0000-00102C412A00}", + "entity_id": "{42f11c3b-ce01-5c8f-0000-00102c412a00}", "executable": "C:\\Windows\\System32\\wbem\\unsecapp.exe", "name": "unsecapp.exe", "parent": { @@ -162,7 +162,7 @@ "-k", "DcomLaunch" ], - "entity_id": "{42F11C3B-6E1B-5C8C-0000-00102F610000}", + "entity_id": "{42f11c3b-6e1b-5c8c-0000-00102f610000}", "executable": "C:\\Windows\\System32\\svchost.exe", "name": "svchost.exe", "pid": 560 @@ -183,7 +183,7 @@ "Description": "Sink to receive asynchronous callbacks for WMI client application", "FileVersion": "6.3.9600.16384 (winblue_rtm.130821-1623)", "IntegrityLevel": "System", - "LogonGuid": "{42F11C3B-6E1A-5C8C-0000-0020E7030000}", + "LogonGuid": "{42f11c3b-6e1a-5c8c-0000-0020e7030000}", "LogonId": "0x3e7", "Product": "Microsoft® Windows® Operating System", "TerminalSessionId": "0" @@ -195,7 +195,7 @@ "id": 4516 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 4, "user": { @@ -217,7 +217,7 @@ "level": "information" }, "process": { - "entity_id": "{42F11C3B-CDF4-5C8F-0000-0010E61E2A00}", + "entity_id": "{42f11c3b-cdf4-5c8f-0000-0010e61e2a00}", "executable": "C:\\Users\\vagrant\\AppData\\Local\\Temp\\Sysmon.exe", "name": "Sysmon.exe", "pid": 4616 @@ -233,7 +233,7 @@ "id": 4516 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 5, "user": { @@ -255,7 +255,7 @@ "level": "information" }, "process": { - "entity_id": "{42F11C3B-CDF4-5C8F-0000-0010071E2A00}", + "entity_id": "{42f11c3b-cdf4-5c8f-0000-0010071e2a00}", "executable": "C:\\Users\\vagrant\\Downloads\\Sysmon.exe", "name": "Sysmon.exe", "pid": 4648 @@ -271,7 +271,7 @@ "id": 4516 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 6, "user": { @@ -300,7 +300,7 @@ "C:\\Windows\\system32\\wbem\\wmiprvse.exe", "-Embedding" ], - "entity_id": "{42F11C3B-CE03-5C8F-0000-0010E9462A00}", + "entity_id": "{42f11c3b-ce03-5c8f-0000-0010e9462a00}", "executable": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe", "name": "WmiPrvSE.exe", "parent": { @@ -309,7 +309,7 @@ "-k", "DcomLaunch" ], - "entity_id": "{42F11C3B-6E1B-5C8C-0000-00102F610000}", + "entity_id": "{42f11c3b-6e1b-5c8c-0000-00102f610000}", "executable": "C:\\Windows\\System32\\svchost.exe", "name": "svchost.exe", "pid": 560 @@ -330,7 +330,7 @@ "Description": "WMI Provider Host", "FileVersion": "6.3.9600.16384 (winblue_rtm.130821-1623)", "IntegrityLevel": "System", - "LogonGuid": "{42F11C3B-6E1A-5C8C-0000-0020E7030000}", + "LogonGuid": "{42f11c3b-6e1a-5c8c-0000-0020e7030000}", "LogonId": "0x3e7", "Product": "Microsoft® Windows® Operating System", "TerminalSessionId": "0" @@ -342,7 +342,7 @@ "id": 4516 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 7, "user": { @@ -374,7 +374,7 @@ "type": "ipv6" }, "process": { - "entity_id": "{42F11C3B-0BAD-5C8C-0000-0010DFBC0000}", + "entity_id": "{42f11c3b-0bad-5c8c-0000-0010dfbc0000}", "executable": "C:\\Windows\\System32\\svchost.exe", "name": "svchost.exe", "pid": 924 @@ -398,7 +398,7 @@ "id": 4492 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 8, "user": { @@ -430,7 +430,7 @@ "type": "ipv4" }, "process": { - "entity_id": "{42F11C3B-0BAD-5C8C-0000-0010DFBC0000}", + "entity_id": "{42f11c3b-0bad-5c8c-0000-0010dfbc0000}", "executable": "C:\\Windows\\System32\\svchost.exe", "name": "svchost.exe", "pid": 924 @@ -455,7 +455,7 @@ "id": 4492 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 9, "user": { @@ -487,7 +487,7 @@ "type": "ipv4" }, "process": { - "entity_id": "{42F11C3B-CCAA-5C8F-0000-0010B4E22700}", + "entity_id": "{42f11c3b-ccaa-5c8f-0000-0010b4e22700}", "executable": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "name": "chrome.exe", "pid": 1600 @@ -512,7 +512,7 @@ "id": 4492 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 10, "user": { @@ -544,7 +544,7 @@ "type": "ipv4" }, "process": { - "entity_id": "{42F11C3B-CCAA-5C8F-0000-0010B4E22700}", + "entity_id": "{42f11c3b-ccaa-5c8f-0000-0010b4e22700}", "executable": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "name": "chrome.exe", "pid": 1600 @@ -569,7 +569,7 @@ "id": 4492 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 11, "user": { @@ -601,7 +601,7 @@ "type": "ipv4" }, "process": { - "entity_id": "{42F11C3B-6E19-5C8C-0000-0010EB030000}", + "entity_id": "{42f11c3b-6e19-5c8c-0000-0010eb030000}", "executable": "System", "name": "System", "pid": 4 @@ -629,7 +629,7 @@ "id": 4492 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 12, "user": { @@ -662,7 +662,7 @@ "type": "ipv4" }, "process": { - "entity_id": "{42F11C3B-6E19-5C8C-0000-0010EB030000}", + "entity_id": "{42f11c3b-6e19-5c8c-0000-0010eb030000}", "executable": "System", "name": "System", "pid": 4 @@ -689,7 +689,7 @@ "id": 4492 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 13, "user": { @@ -721,7 +721,7 @@ "type": "ipv6" }, "process": { - "entity_id": "{42F11C3B-0BAD-5C8C-0000-0010DFBC0000}", + "entity_id": "{42f11c3b-0bad-5c8c-0000-0010dfbc0000}", "executable": "C:\\Windows\\System32\\svchost.exe", "name": "svchost.exe", "pid": 924 @@ -746,7 +746,7 @@ "id": 4492 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 14, "user": { @@ -778,7 +778,7 @@ "type": "ipv6" }, "process": { - "entity_id": "{42F11C3B-0BAD-5C8C-0000-0010DFBC0000}", + "entity_id": "{42f11c3b-0bad-5c8c-0000-0010dfbc0000}", "executable": "C:\\Windows\\System32\\svchost.exe", "name": "svchost.exe", "pid": 924 @@ -802,7 +802,7 @@ "id": 4492 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 15, "user": { @@ -834,7 +834,7 @@ "type": "ipv4" }, "process": { - "entity_id": "{42F11C3B-6E19-5C8C-0000-0010EB030000}", + "entity_id": "{42f11c3b-6e19-5c8c-0000-0010eb030000}", "executable": "System", "name": "System", "pid": 4 @@ -861,7 +861,7 @@ "id": 4492 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 16, "user": { @@ -893,7 +893,7 @@ "type": "ipv4" }, "process": { - "entity_id": "{42F11C3B-6E19-5C8C-0000-0010EB030000}", + "entity_id": "{42f11c3b-6e19-5c8c-0000-0010eb030000}", "executable": "System", "name": "System", "pid": 4 @@ -920,7 +920,7 @@ "id": 4492 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 17, "user": { @@ -952,7 +952,7 @@ "type": "ipv6" }, "process": { - "entity_id": "{42F11C3B-0BAD-5C8C-0000-0010DFBC0000}", + "entity_id": "{42f11c3b-0bad-5c8c-0000-0010dfbc0000}", "executable": "C:\\Windows\\System32\\svchost.exe", "name": "svchost.exe", "pid": 924 @@ -976,7 +976,7 @@ "id": 4492 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 18, "user": { @@ -1008,7 +1008,7 @@ "type": "ipv6" }, "process": { - "entity_id": "{42F11C3B-0BAD-5C8C-0000-0010DFBC0000}", + "entity_id": "{42f11c3b-0bad-5c8c-0000-0010dfbc0000}", "executable": "C:\\Windows\\System32\\svchost.exe", "name": "svchost.exe", "pid": 924 @@ -1032,7 +1032,7 @@ "id": 4492 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 19, "user": { @@ -1064,7 +1064,7 @@ "type": "ipv4" }, "process": { - "entity_id": "{42F11C3B-6E19-5C8C-0000-0010EB030000}", + "entity_id": "{42f11c3b-6e19-5c8c-0000-0010eb030000}", "executable": "System", "name": "System", "pid": 4 @@ -1092,7 +1092,7 @@ "id": 4492 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 20, "user": { @@ -1124,7 +1124,7 @@ "type": "ipv4" }, "process": { - "entity_id": "{42F11C3B-6E19-5C8C-0000-0010EB030000}", + "entity_id": "{42f11c3b-6e19-5c8c-0000-0010eb030000}", "executable": "System", "name": "System", "pid": 4 @@ -1152,7 +1152,7 @@ "id": 4492 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 21, "user": { @@ -1184,7 +1184,7 @@ "type": "ipv4" }, "process": { - "entity_id": "{42F11C3B-6E19-5C8C-0000-0010EB030000}", + "entity_id": "{42f11c3b-6e19-5c8c-0000-0010eb030000}", "executable": "System", "name": "System", "pid": 4 @@ -1212,7 +1212,7 @@ "id": 4492 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 22, "user": { @@ -1244,7 +1244,7 @@ "type": "ipv4" }, "process": { - "entity_id": "{42F11C3B-6E19-5C8C-0000-0010EB030000}", + "entity_id": "{42f11c3b-6e19-5c8c-0000-0010eb030000}", "executable": "System", "name": "System", "pid": 4 @@ -1272,7 +1272,7 @@ "id": 4492 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 23, "user": { @@ -1294,7 +1294,7 @@ "level": "information" }, "process": { - "entity_id": "{42F11C3B-CCC6-5C8F-0000-001005082900}", + "entity_id": "{42f11c3b-ccc6-5c8f-0000-001005082900}", "executable": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "name": "chrome.exe", "pid": 4832 @@ -1310,7 +1310,7 @@ "id": 4516 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 24, "user": { @@ -1332,7 +1332,7 @@ "level": "information" }, "process": { - "entity_id": "{42F11C3B-CCCC-5C8F-0000-0010E8272900}", + "entity_id": "{42f11c3b-cccc-5c8f-0000-0010e8272900}", "executable": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "name": "chrome.exe", "pid": 3208 @@ -1348,7 +1348,7 @@ "id": 4516 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 25, "user": { @@ -1373,7 +1373,7 @@ "level": "information" }, "process": { - "entity_id": "{42F11C3B-CCAA-5C8F-0000-0010B4E22700}", + "entity_id": "{42f11c3b-ccaa-5c8f-0000-0010b4e22700}", "executable": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "name": "chrome.exe", "pid": 1600 @@ -1393,7 +1393,7 @@ "id": 4516 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 26, "user": { @@ -1418,7 +1418,7 @@ "level": "information" }, "process": { - "entity_id": "{42F11C3B-CCAA-5C8F-0000-0010B4E22700}", + "entity_id": "{42f11c3b-ccaa-5c8f-0000-0010b4e22700}", "executable": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "name": "chrome.exe", "pid": 1600 @@ -1438,7 +1438,7 @@ "id": 4516 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 27, "user": { @@ -1463,7 +1463,7 @@ "level": "information" }, "process": { - "entity_id": "{42F11C3B-CCAA-5C8F-0000-0010B4E22700}", + "entity_id": "{42f11c3b-ccaa-5c8f-0000-0010b4e22700}", "executable": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "name": "chrome.exe", "pid": 1600 @@ -1483,7 +1483,7 @@ "id": 4516 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 28, "user": { @@ -1508,7 +1508,7 @@ "level": "information" }, "process": { - "entity_id": "{42F11C3B-CCAA-5C8F-0000-0010B4E22700}", + "entity_id": "{42f11c3b-ccaa-5c8f-0000-0010b4e22700}", "executable": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "name": "chrome.exe", "pid": 1600 @@ -1528,7 +1528,7 @@ "id": 4516 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 29, "user": { @@ -1550,7 +1550,7 @@ "level": "information" }, "process": { - "entity_id": "{42F11C3B-CCAB-5C8F-0000-001064EB2700}", + "entity_id": "{42f11c3b-ccab-5c8f-0000-001064eb2700}", "executable": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "name": "chrome.exe", "pid": 2680 @@ -1566,7 +1566,7 @@ "id": 4516 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 30, "user": { @@ -1591,7 +1591,7 @@ "level": "information" }, "process": { - "entity_id": "{42F11C3B-CCAA-5C8F-0000-0010B4E22700}", + "entity_id": "{42f11c3b-ccaa-5c8f-0000-0010b4e22700}", "executable": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "name": "chrome.exe", "pid": 1600 @@ -1611,7 +1611,7 @@ "id": 4516 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 31, "user": { @@ -1636,7 +1636,7 @@ "level": "information" }, "process": { - "entity_id": "{42F11C3B-CCAA-5C8F-0000-0010B4E22700}", + "entity_id": "{42f11c3b-ccaa-5c8f-0000-0010b4e22700}", "executable": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "name": "chrome.exe", "pid": 1600 @@ -1656,7 +1656,7 @@ "id": 4516 } }, - "provider_guid": "{5770385F-C22A-43E0-BF4C-06F5698FFBD9}", + "provider_guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "provider_name": "Microsoft-Windows-Sysmon", "record_id": 32, "user": { diff --git a/vendor/github.com/elastic/beats/x-pack/winlogbeat/module/testing_windows.go b/vendor/github.com/elastic/beats/x-pack/winlogbeat/module/testing_windows.go index 5be7076b..489b0826 100644 --- a/vendor/github.com/elastic/beats/x-pack/winlogbeat/module/testing_windows.go +++ b/vendor/github.com/elastic/beats/x-pack/winlogbeat/module/testing_windows.go @@ -11,8 +11,12 @@ import ( "io/ioutil" "os" "path/filepath" + "reflect" + "regexp" + "strings" "testing" + "github.com/pmezard/go-difflib/difflib" "github.com/stretchr/testify/assert" "github.com/elastic/beats/libbeat/common" @@ -146,10 +150,33 @@ func testPipeline(t testing.TB, evtx string, pipeline string, p *params) { return } for i, e := range events { - assert.EqualValues(t, expected[i], normalize(t, e)) + assertEqual(t, expected[i], normalize(t, e)) } } +// assertEqual asserts that the two objects are deeply equal. If not it will +// error the test and output a diff of the two objects' JSON representation. +func assertEqual(t testing.TB, expected, actual interface{}) bool { + t.Helper() + + if reflect.DeepEqual(expected, actual) { + return true + } + + expJSON, _ := json.MarshalIndent(expected, "", " ") + actJSON, _ := json.MarshalIndent(actual, "", " ") + + diff, _ := difflib.GetUnifiedDiffString(difflib.UnifiedDiff{ + A: difflib.SplitLines(string(expJSON)), + B: difflib.SplitLines(string(actJSON)), + FromFile: "Expected", + ToFile: "Actual", + Context: 1, + }) + t.Errorf("Expected and actual are different:\n%s", diff) + return false +} + func writeGolden(t testing.TB, source string, events []common.MapStr) { data, err := json.MarshalIndent(events, "", " ") if err != nil { @@ -179,6 +206,9 @@ func readGolden(t testing.TB, source string) []common.MapStr { t.Fatal(err) } + for _, e := range events { + lowercaseGUIDs(e) + } return events } @@ -193,7 +223,8 @@ func normalize(t testing.TB, m common.MapStr) common.MapStr { t.Fatal(err) } - return out + // Lowercase the GUIDs in case tests are run Windows < 2019. + return lowercaseGUIDs(out) } func filterEvent(m common.MapStr, ignores []string) common.MapStr { @@ -202,3 +233,21 @@ func filterEvent(m common.MapStr, ignores []string) common.MapStr { } return m } + +var uppercaseGUIDRegex = regexp.MustCompile(`^{[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}}$`) + +// lowercaseGUIDs finds string fields that look like GUIDs and converts the hex +// from uppercase to lowercase. Prior to Windows 2019, GUIDs used uppercase hex +// (contrary to RFC 4122). +func lowercaseGUIDs(m common.MapStr) common.MapStr { + for k, v := range m.Flatten() { + str, ok := v.(string) + if !ok { + continue + } + if uppercaseGUIDRegex.MatchString(str) { + m.Put(k, strings.ToLower(str)) + } + } + return m +}