Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add skeleton x-pack Auditbeat module #8252

Merged
merged 1 commit into from
Sep 18, 2018
Merged

Add skeleton x-pack Auditbeat module #8252

merged 1 commit into from
Sep 18, 2018

Conversation

andrewkroh
Copy link
Member

@andrewkroh andrewkroh commented Sep 5, 2018
edited
Loading

This adds an skeleton x-pack module to Auditbeat. The module is only included in the Elastic licensed Auditbeat binary.

The config and fields.yml data are not yet included in the packaging. Additional updates are required in a separate PR. We need to decide on how we want to interact with the x-pack source code from a developer perspective (e.g. do we want to have separate Makefile for each Beat in the x-pack directory?).

If you run go build from x-pack/auditbeat/ the generated binary will include this module.

Note that this is targeted to a feature branch.

@andrewkroh andrewkroh requested a review from tsg September 5, 2018 23:19
@andrewkroh
Add skeleton x-pack Auditbeat module
b825251 
This adds an skeleton x-pack module to Auditbeat. The module is only included in the Elastic licensed Auditbeat binary.

The config and fields.yml data are not yet included in the packaging. Additional updates are required.
@andrewkroh andrewkroh force-pushed the feature/auditbeat-host-xpack-module-skeleton branch from 138336e to b825251 Compare September 5, 2018 23:21
@ruflin
Copy link
Member

ruflin commented Sep 6, 2018

It would be nice if we would only have 1 Makefile per Beat. So the Auditbeat Makefile when running make update would also update everything inside x-pack an make would actually build the xpack binary. If running go build directly it would build the OSS binary.

We also need to figure out how we adapt the generation of the fields.go files.

@adriansr
Copy link
Contributor

adriansr commented Sep 6, 2018

What about using a custom build tag, i.e.

// +build x-pack

So we can have some include.go that links whatever is in <beats>/x-pack depending if we run make or make oss

tsg
tsg approved these changes Sep 7, 2018
View reviewed changes
Copy link
Contributor

@tsg tsg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, only have a naming question, but we can also decide that later. I’m good with merging as is.

x-pack/auditbeat/module/sysinfo/_meta/docs.asciidoc
@@ -0,0 +1,22 @@
== Sysinfo Module

The `sysinfo` module ... TODO.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking to name it system to follow the Metricbeat and Filebeat tradition, but maybe that creates more confusion? I’m not sure.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be OK to call it "system" if we avoid creating "metricsets" that have the same name as the existing ones in Metricbeat. We use nearly the exact same config between Auditbeat and Metricbeat so calling it the same thing could be confusing (even to us if we just glance at a config), but with unique names then it should be clear.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I propose we merge it as is and let the module devs take ownership of naming.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed

ruflin
ruflin reviewed Sep 7, 2018
View reviewed changes
auditbeat/core/eventmod.go

// Modules without "datasets" should set their module and metricset names
// to the same value then this will omit the event.dataset field.
if module != metricSet {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting. Lets discuss this in an other thread.

@andrewkroh
Copy link
Member Author

After we merge this I will rename feature/auditbeat-host-xpack-module-skeleton to avoid having a / in the branch name (I hear this is a problem for Jenkins).

@webmat
Copy link
Contributor

webmat commented Sep 14, 2018

LGTM

@andrewkroh andrewkroh merged this pull request into elastic:feature/auditbeat-host Sep 18, 2018
andrewkroh added a commit that referenced this pull request Sep 18, 2018
@andrewkroh
Add skeleton x-pack Auditbeat module (#8252)
4bd1205 
This adds an skeleton x-pack module to Auditbeat. The module is only included in the Elastic licensed Auditbeat binary.

The config and fields.yml data are not yet included in the packaging. Additional updates are required.
@cwurm cwurm mentioned this pull request Sep 19, 2018
Merged
cwurm pushed a commit to cwurm/beats that referenced this pull request Dec 16, 2018
@andrewkroh
Add skeleton x-pack Auditbeat module (elastic#8252)
ef247ed 
This adds an skeleton x-pack module to Auditbeat. The module is only included in the Elastic licensed Auditbeat binary.

The config and fields.yml data are not yet included in the packaging. Additional updates are required.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruflin ruflin ruflin left review comments

@webmat webmat webmat approved these changes

@tsg tsg tsg approved these changes

Assignees
No one assigned
Labels
Auditbeat review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@andrewkroh @ruflin @adriansr @webmat @tsg