./sysutils/beats, Data Shippers for Elasticsearch

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 6.2.4, Package name: beats-6.2.4, Maintainer: filip

The Beats are lightweight processes, written in Go, that you install
on your servers to capture all sorts of operational data like logs,
operating system metrics or network packet data, and to send it to
Elasticsearch, either directly or via Logstash, so it can be
visualized with Kibana.


Required to build:
[lang/go] [pkgtools/cwrappers]

Master sites:

SHA1: 4bec24f50654e0712bce08f3835609ea450caf95
RMD160: aa5ccfcb92b4d61daa3d0a615050296540e16115
Filesize: 19010.03 KB

Version history: (Expand)


CVS history: (Expand)


   2018-04-18 14:18:49 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
sysutils/beats: Update to 6.2.4. Enable auditbeat (outside SunOS).

Auditbeat
- Add hex decoding for the name field in audit path records.

Filebeat
- Fix panic when log prospector configuration fails to load.

Packetbeat
- HTTP parses successfully on empty status phrase.
   2018-04-06 18:06:23 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
sysutils/beats: Update to 6.2.3.

- Fix conditions checking on autodiscover Docker labels.
- Avoid panic errors when processing nil Pod events in
  add_kubernetes_metadata.
- Fix infinite failure on Kubernetes watch.
   2018-03-30 13:56:27 by Benny Siegert | Files touched by this commit (94) | Package updated
Log message:
Revbump all Go packages after 1.10.1 update.

ok wiz@ for committing during freeze
   2018-03-04 16:52:21 by Benny Siegert | Files touched by this commit (95) | Package updated
Log message:
Revbump all Go packages after Go 1.10 update.
   2018-02-27 13:54:02 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
sysutils/beats: Update to 6.2.2.

==== Bugfixes

Affecting all Beats

- Add logging when monitoring cannot connect to Elasticsearch.
- Fix infinite loop when event unmarshal fails in Kubernetes
  pod watcher.

Filebeat

- Fix a conversion issue for time related fields in the Logstash
  module for the slowlog fileset.
   2018-02-07 17:31:34 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
sysutils/beats: Update to 6.2.0.

==== Breaking changes

Affecting all Beats

- The log format may differ due to logging library changes.
- The default value for pipelining is reduced to 2 to avoid high
  memory in the Logstash beats input.

Auditbeat

- Split the audit.kernel and audit.file metricsets into their own
  modules
  named auditd and file_integrity, respectively. This change requires
  existing users to update their config.
- Renamed file_integrity module fields.
- Renamed auditd module fields.

Metricbeat

- Rename `golang.heap.system.optained` field to
  `golang.heap.system.obtained`.
- De dot keys in jolokia/jmx metricset to prevent collisions.

==== Bugfixes

Auditbeat

- Fixed an issue where the proctitle value was being truncated.
- Fixed an issue where values were incorrectly interpretted as hex
  data.
- Fixed parsing of the `key` value when multiple keys are present.
- Fix possible resource leak if file_integrity module is used with
  config
  reloading on Windows or Linux.

Filebeat

- Fix variable name for `convert_timezone` in the system module.

Metricbeat

- Fix error `datastore '*' not found` in Vsphere module.
- Fix error `NotAuthenticated` in Vsphere module.
- Fix mongodb session consistency mode to allow command execution on
  secondary nodes.
- Fix kubernetes `state_pod` `status.phase` so that the active phase
  is returned instead of `unknown`.
- Fix error collecting network_names in Vsphere module.
- Fix process cgroup memory metrics for memsw, kmem, and kmem_tcp.
- Fix kafka OffsetFetch request missing topic and partition
  parameters.

Packetbeat

- Fix mysql SQL parser to trim `\r` from Windows Server
  `SELECT\r\n\t1`.

==== Added

Affecting all Beats

- Adding a local keystore to allow user to obfuscate password
- Add autodiscover for kubernetes.
- Add Beats metrics reporting to Xpack.
- Update the command line library cobra and add support for zsh
  completion
- Update to Golang 1.9.2
- Moved `ip_port` indexer for `add_kubernetes_metadata` to all beats.
- `ip_port` indexer now index both IP and IP:port pairs.
- Add the ability to write structured logs.
- Use structured logging for the metrics that are periodically logged
  via the
  `logging.metrics` feature.
- Improve Elasticsearch output metrics to count number of dropped and
  duplicate (if event ID is given) events.
- Add the abilility for the add_docker_metadata process to enrich
  based on process ID.
- The `add_docker_metadata` and `add_kubernetes_metadata` processors
  are now GA, instead of Beta.
- Update go-ucfg library to support top level key reference and cyclic
  key reference for the
  keystore

Auditbeat

- Auditbeat is marked as GA, no longer Beta.
- Add support for BLAKE2b hash algorithms to the file integrity
  module.
- Add support for recursive file watches.

Filebeat

- Add Osquery module.
- Add stream filtering when using `docker` prospector.

Metricbeat

- Add ceph osd_df to metricbeat
- Add field network_names of hosts and virtual machines.
- Add experimental system/raid metricset.
- Add a dashboard for the Nginx module.
- Add experimental mongodb/collstats metricset.
- Update the MySQL dashboard to use the Time Series Visual Builder.
- Add experimental uwsgi module.
- Docker and Kubernetes modules are now GA, instead of Beta.
- Support haproxy stats gathering using http (additionaly to tcp
  socket).
- Support to optionally 'de dot' keys in http/json metricset to
  prevent collisions.

Packetbeat

- Configure good defaults for `add_kubernetes_metadata`.
   2018-01-22 20:54:56 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update sysutils/beats to 6.1.2.

6.1.2

Auditbeat
- Add an error check to the file integrity scanner to prevent a panic
  when there is an error reading file info via lstat.

Filebeat
- Switch to docker prospector in sample manifests for Kubernetes
  deployment
   2017-12-18 15:37:02 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update sysutils/beats to 6.1.0.

=== Beats version 6.1.0

==== Breaking changes

Auditbeat

- Changed `audit.file.path` to be a multi-field so that path is
  searchable.

Metricbeat

- Rename `heap_init` field to `heap.init` in the Elasticsearch module.
- Rename `http.response.status_code` field to `http.response.code` in
  the HTTP module.

==== Bugfixes

Affecting all Beats

- Remove ID() from Runner interface
- Correctly send configured `Host` header to the remote server.
- Change add_kubernetes_metadata to attempt detection of namespace.
- Avoid double slash when join url and path
- Fix console color output for Windows.
- Fix logstash output debug message.
- Fix isolation of modules when merging local and global field
  settings.

Filebeat

- Add support for adding string tags
- Fix race condition when limiting the number of harvesters running in
  parallel
- Fix relative paths in the prospector definitions.
- Fix `recursive_globe.enabled` option.

Metricbeat

- Change field type of http header from nested to object
- Fix the fetching of process information when some data is missing
  under MacOS X.
- Change `MySQL active connections` visualization title to `MySQL
  total connections`.
- Fix `ProcState` on Linux and FreeBSD when process names contain
  parentheses.
- Fix incorrect `Mem.Used` calculation under linux.

Packetbeat

- Fix http status phrase parsing not allow spaces.
- Fix http parse to allow to parse get request with space in the URI.

Winlogbeat

- Fix the registry file. It was not correctly storing event log names,
  and upon restart it would begin reading at the start of each event log.

==== Added

Affecting all Beats

- Support dashboard loading without Elasticseach
- Changed the hashbang used in the beat helper script from `/bin/bash`
  to `/usr/bin/env bash`.
- Changed beat helper script to use `exec` when running the beat.
- Fix reloader error message to only print on actual error
- Add support for enabling TLS renegotiation.
- Add Azure VM support for add_cloud_metadata processor
- Add `output.file.permission` config option.
- Refactor add_kubernetes_metadata to support autodiscovery
- Improve custom flag handling and CLI flags usage message.
- Add number_of_routing_shards config set to 30
- Set log level for kafka output.
- Move TCP UDP start up into `server.Start()`
- Update to Golang 1.9.2

Auditbeat

- Add support for SHA3 hash algorithms to the file integrity module.
- Add dashboards for Linux audit framework events (overview,
  executions, sockets).

Filebeat

- Add PostgreSQL module with slowlog support.
- Add Kafka log module.
- Add support for `/var/log/containers/` log path in
  `add_kubernetes_metadata` processor.
- Remove error log from runnerfactory as error is returned by API.
- Add experimental Docker `json-file` prospector .
- Add experimental Docker autodiscover functionality.
- Add option to convert the timestamps to UTC in the system module.
- Add Logstash module support for main log and the slow log, support
  the plain text or structured JSON format

Metricbeat

- Add graphite protocol metricbeat module.
- Add http server metricset to support push metrics via http.
- Make config object public for graphite and http server
- Add system uptime metricset.
- Add experimental `queue` metricset to RabbitMQ module.
- Add additional php-fpm pool status kpis for Metricbeat module
- Add etcd module.
- Add ip address of docker containers to event.
- Add ceph osd tree information to Metricbeat
- Add basic Logstash module.
- Add dashboard for Windows service metricset.
- Add experimental Docker autodiscover functionality.
- Add Windows service metricset in the windows module.
- Update gosigar to v0.6.0.

Packetbeat

- Add support for decoding the TLS envelopes.

=== Beats version 6.0.1

==== Bugfixes

Affecting all Beats

- Fix documentation links in README.md files.
- Fix `add_docker_metadata` dropping some containers.

Heartbeat

- Fix the "HTTP up status" visualization.

Metricbeat

- Fix map overwrite in docker diskio module.
- Fix connection leak in mongodb module.
- Fix the include top N processes feature for cases where there are
  fewer processes than N.