From b7813206f2d61f5783ea970a2591d1d36b659a4d Mon Sep 17 00:00:00 2001 From: Mauri de Souza Meneguzzo Date: Thu, 2 Jan 2025 09:32:02 -0300 Subject: [PATCH 1/5] libbeat/system/tests: bump python libs to fix issues with Python 3.13 (#42183) --- libbeat/tests/system/requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libbeat/tests/system/requirements.txt b/libbeat/tests/system/requirements.txt index 00f3914d1a4b..edf7f66093c3 100644 --- a/libbeat/tests/system/requirements.txt +++ b/libbeat/tests/system/requirements.txt @@ -10,7 +10,7 @@ backports.ssl-match-hostname==3.5.0.1 bcrypt==4.1.2 cached-property==1.4.2 certifi==2024.7.4 -cffi==1.16.0 +cffi==1.17.1 chardet==3.0.4 charset-normalizer==3.3.2 cryptography==43.0.1 @@ -24,7 +24,7 @@ elasticsearch==7.8.1 enum34==1.1.6 exceptiongroup==1.2.0 googleapis-common-protos==1.56.4 -grpcio==1.60.0 +grpcio==1.68.1 idna==3.7 importlib-metadata==1.7.0 iniconfig==1.0.1 From 3d1bdcfd9e3d6cfffa19f0ed5f54924f49de48d9 Mon Sep 17 00:00:00 2001 From: Mauri de Souza Meneguzzo Date: Thu, 2 Jan 2025 12:09:13 -0300 Subject: [PATCH 2/5] libbeat: optimize asset data decoding (#42180) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While working on #41888 I was benchmarking the filebeatreceiver CreateLogs factory and noticed that the asset decoding in libbeat dominates the cpu and memory profile of the receiver creation. This behavior is expected since asset decoding is intended to occur at startup. However, it's still worthwhile to optimize it if possible. Some time ago I worked on `iobuf.ReadAll` at elastic/elastic-agent-libs#229, an optimized version of `io.ReadAll` that has a better growth algorithm—based on bytes.Buffer—and benefits from the `io.ReaderFrom` optimization. The choice of when to use this is very picky, as using it with a reader that is not a `io.ReaderFrom` can be slower than the standard `io.ReadAll`. For this case we are certain of the reader implementation, so we can use it. Benchmark results show that it is 5% faster and uses 17% less memory. After these fixes the profiles are still dominated by the asset decoding, but I guess that is expected, at least it is a bit faster now. --- libbeat/asset/registry.go | 6 +-- x-pack/filebeat/fbreceiver/receiver_test.go | 45 +++++++++++++++++++++ 2 files changed, 48 insertions(+), 3 deletions(-) diff --git a/libbeat/asset/registry.go b/libbeat/asset/registry.go index 99fc1a7dba09..fe34971c995a 100644 --- a/libbeat/asset/registry.go +++ b/libbeat/asset/registry.go @@ -21,8 +21,9 @@ import ( "bytes" "compress/zlib" "encoding/base64" - "io/ioutil" "sort" + + "github.com/elastic/elastic-agent-libs/iobuf" ) // FieldsRegistry contains a list of fields.yml files @@ -106,7 +107,6 @@ func EncodeData(data string) (string, error) { // DecodeData base64 decodes the data and uncompresses it func DecodeData(data string) ([]byte, error) { - decoded, err := base64.StdEncoding.DecodeString(data) if err != nil { return nil, err @@ -119,5 +119,5 @@ func DecodeData(data string) ([]byte, error) { } defer r.Close() - return ioutil.ReadAll(r) + return iobuf.ReadAll(r) } diff --git a/x-pack/filebeat/fbreceiver/receiver_test.go b/x-pack/filebeat/fbreceiver/receiver_test.go index 3bbdc1690ea2..928db4c4b649 100644 --- a/x-pack/filebeat/fbreceiver/receiver_test.go +++ b/x-pack/filebeat/fbreceiver/receiver_test.go @@ -11,6 +11,7 @@ import ( "time" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "go.opentelemetry.io/collector/consumer" "go.opentelemetry.io/collector/pdata/plog" "go.opentelemetry.io/collector/receiver" @@ -89,3 +90,47 @@ found: err = r.Shutdown(context.Background()) assert.NoError(t, err, "Error shutting down filebeatreceiver") } + +func BenchmarkFactory(b *testing.B) { + tmpDir := b.TempDir() + + cfg := &Config{ + Beatconfig: map[string]interface{}{ + "filebeat": map[string]interface{}{ + "inputs": []map[string]interface{}{ + { + "type": "benchmark", + "enabled": true, + "message": "test", + "count": 10, + }, + }, + }, + "output": map[string]interface{}{ + "otelconsumer": map[string]interface{}{}, + }, + "logging": map[string]interface{}{ + "level": "debug", + "selectors": []string{ + "*", + }, + }, + "path.home": tmpDir, + }, + } + + var zapLogs bytes.Buffer + core := zapcore.NewCore( + zapcore.NewJSONEncoder(zap.NewProductionEncoderConfig()), + zapcore.AddSync(&zapLogs), + zapcore.DebugLevel) + + receiverSettings := receiver.Settings{} + receiverSettings.Logger = zap.New(core) + + b.ResetTimer() + for i := 0; i < b.N; i++ { + _, err := NewFactory().CreateLogsReceiver(context.Background(), receiverSettings, cfg, nil) + require.NoError(b, err) + } +} From 3bab9579c0486b04b50c6f73d6d0c6f20b644d1f Mon Sep 17 00:00:00 2001 From: Vihas Makwana <121151420+VihasMakwana@users.noreply.github.com> Date: Thu, 2 Jan 2025 21:29:51 +0530 Subject: [PATCH 3/5] chore: welcome 2025 (#42191) --- NOTICE.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NOTICE.txt b/NOTICE.txt index 7968c2b8fd1f..1a6213165679 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -1,5 +1,5 @@ Elastic Beats -Copyright 2014-2024 Elasticsearch BV +Copyright 2014-2025 Elasticsearch BV This product includes software developed by The Apache Software Foundation (http://www.apache.org/). From 1430cfda7e247d0e4642ef2ba5b833e5187c2d4d Mon Sep 17 00:00:00 2001 From: Tiago Queiroz Date: Fri, 3 Jan 2025 02:31:47 -0500 Subject: [PATCH 4/5] Fix Otel API change and update system test golden files to 2025 (#42199) * Fix Otel API change * Update test files with new date/year --- x-pack/filebeat/fbreceiver/receiver_test.go | 2 +- .../additional_messages.log-expected.json | 36 +++++++++---------- .../asa/test/non-canonical.log-expected.json | 8 ++--- ...lear_users_history_start.log-expected.json | 2 +- ..._clear_users_history_end.log-expected.json | 2 +- ...tor_dr_replication_start.log-expected.json | 2 +- ...nitor_dr_replication_end.log-expected.json | 2 +- ...7_monitor_fw_rules_start.log-expected.json | 2 +- ...358_monitor_fw_rules_end.log-expected.json | 2 +- ...ault_certificate_is_sha1.log-expected.json | 2 +- .../59_clear_safe_history.log-expected.json | 2 +- .../test/88_set_password.log-expected.json | 2 +- .../audit/test/legacysyslog.log-expected.json | 2 +- ...365_defender-test.ndjson.log-expected.json | 4 +-- .../test/mysql_audit_test.log-expected.json | 6 ++-- 15 files changed, 38 insertions(+), 38 deletions(-) diff --git a/x-pack/filebeat/fbreceiver/receiver_test.go b/x-pack/filebeat/fbreceiver/receiver_test.go index 928db4c4b649..7da5c24f0adf 100644 --- a/x-pack/filebeat/fbreceiver/receiver_test.go +++ b/x-pack/filebeat/fbreceiver/receiver_test.go @@ -130,7 +130,7 @@ func BenchmarkFactory(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - _, err := NewFactory().CreateLogsReceiver(context.Background(), receiverSettings, cfg, nil) + _, err := NewFactory().CreateLogs(context.Background(), receiverSettings, cfg, nil) require.NoError(b, err) } } diff --git a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json index 256cb7f997bf..914a4645c379 100644 --- a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json @@ -181,12 +181,12 @@ "event.code": 609002, "event.dataset": "cisco.asa", "event.duration": 0, - "event.end": "2024-05-05T17:51:17.000-02:00", + "event.end": "2025-05-05T17:51:17.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%FTD-7-609002: Teardown local-host net:192.168.2.2 duration 0:00:00", "event.severity": 7, - "event.start": "2024-05-05T19:51:17.000Z", + "event.start": "2025-05-05T19:51:17.000Z", "event.timezone": "-02:00", "event.type": [ "connection", @@ -701,12 +701,12 @@ "event.code": 609002, "event.dataset": "cisco.asa", "event.duration": 0, - "event.end": "2024-05-05T18:24:31.000-02:00", + "event.end": "2025-05-05T18:24:31.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-7-609002: Teardown local-host identity:10.10.10.10 duration 0:00:00", "event.severity": 7, - "event.start": "2024-05-05T20:24:31.000Z", + "event.start": "2025-05-05T20:24:31.000Z", "event.timezone": "-02:00", "event.type": [ "connection", @@ -849,13 +849,13 @@ "event.code": 302014, "event.dataset": "cisco.asa", "event.duration": 0, - "event.end": "2024-05-05T18:29:32.000-02:00", + "event.end": "2025-05-05T18:29:32.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 2960892904 for out111:10.10.10.10/443 to fw111:192.168.2.2/55225 duration 0:00:00 bytes 0 TCP Reset-I", "event.reason": "TCP Reset-I", "event.severity": 6, - "event.start": "2024-05-05T20:29:32.000Z", + "event.start": "2025-05-05T20:29:32.000Z", "event.timezone": "-02:00", "event.type": [ "connection", @@ -966,12 +966,12 @@ "event.code": 305012, "event.dataset": "cisco.asa", "event.duration": 0, - "event.end": "2024-05-05T18:29:32.000-02:00", + "event.end": "2025-05-05T18:29:32.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-305012: Teardown dynamic UDP translation from fw111:10.10.10.10/54230 to out111:192.168.2.2/54230 duration 0:00:00", "event.severity": 6, - "event.start": "2024-05-05T20:29:32.000Z", + "event.start": "2025-05-05T20:29:32.000Z", "event.timezone": "-02:00", "event.type": [ "connection", @@ -1175,12 +1175,12 @@ "event.code": 302016, "event.dataset": "cisco.asa", "event.duration": 124000000000, - "event.end": "2024-05-05T18:40:50.000-02:00", + "event.end": "2025-05-05T18:40:50.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-2-302016: Teardown UDP connection 1671727 for intfacename:10.10.10.10/161 to net:192.186.2.2/53356 duration 0:02:04 bytes 64585", "event.severity": 2, - "event.start": "2024-05-05T20:38:46.000Z", + "event.start": "2025-05-05T20:38:46.000Z", "event.timezone": "-02:00", "event.type": [ "connection", @@ -1812,13 +1812,13 @@ "event.code": 302023, "event.dataset": "cisco.asa", "event.duration": 0, - "event.end": "2024-05-05T19:02:58.000-02:00", + "event.end": "2025-05-05T19:02:58.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302023: Teardown stub TCP connection for fw111:10.10.10.10/39210 to net:192.168.2.2/10051 duration 0:00:00 forwarded bytes 0 Cluster flow with CLU closed on owner", "event.reason": "Cluster flow with CLU closed on owner", "event.severity": 6, - "event.start": "2024-05-05T21:02:58.000Z", + "event.start": "2025-05-05T21:02:58.000Z", "event.timezone": "-02:00", "event.type": [ "info" @@ -1868,13 +1868,13 @@ "event.code": 302023, "event.dataset": "cisco.asa", "event.duration": 0, - "event.end": "2024-05-05T19:02:58.000-02:00", + "event.end": "2025-05-05T19:02:58.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302023: Teardown stub TCP connection for net:10.10.10.10/10051 to unknown:192.168.2.2/39222 duration 0:00:00 forwarded bytes 0 Forwarding or redirect flow removed to create director or backup flow", "event.reason": "Forwarding or redirect flow removed to create director or backup flow", "event.severity": 6, - "event.start": "2024-05-05T21:02:58.000Z", + "event.start": "2025-05-05T21:02:58.000Z", "event.timezone": "-02:00", "event.type": [ "info" @@ -2687,13 +2687,13 @@ "event.code": 302304, "event.dataset": "cisco.asa", "event.duration": 3602000000000, - "event.end": "2024-04-27T04:12:23.000-02:00", + "event.end": "2025-04-27T04:12:23.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302304: Teardown TCP state-bypass connection 2751765169 from server.deflan:81.2.69.143/54242 to server.deflan:67.43.156.12/9101 duration 1:00:02 bytes 245 Connection timeout", "event.reason": "Connection timeout", "event.severity": 6, - "event.start": "2024-04-27T05:12:21.000Z", + "event.start": "2025-04-27T05:12:21.000Z", "event.timezone": "-02:00", "event.type": [ "connection", @@ -3227,13 +3227,13 @@ "event.code": 113019, "event.dataset": "cisco.asa", "event.duration": 1936000000000, - "event.end": "2024-04-27T02:03:03.000-02:00", + "event.end": "2025-04-27T02:03:03.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-4-113019: Group = 81.2.69.143, Username = 81.2.69.143, IP = 81.2.69.143, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:32m:16s, Bytes xmt: 297103, Bytes rcv: 1216163, Reason: User Requested", "event.reason": "User Requested", "event.severity": 4, - "event.start": "2024-04-27T03:30:47.000Z", + "event.start": "2025-04-27T03:30:47.000Z", "event.timezone": "-02:00", "event.type": [ "info" diff --git a/x-pack/filebeat/module/cisco/asa/test/non-canonical.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/non-canonical.log-expected.json index d7c455136e2f..c7975c79e2ca 100644 --- a/x-pack/filebeat/module/cisco/asa/test/non-canonical.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/non-canonical.log-expected.json @@ -361,12 +361,12 @@ "event.code": 305012, "event.dataset": "cisco.asa", "event.duration": 41000000000, - "event.end": "2024-07-15T13:38:47.000-02:00", + "event.end": "2025-07-15T13:38:47.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-305012: Teardown dynamic UDP translation from SERVERS:exp-wait/62409 to outside:81.2.69.142/62409 duration 0:00:41", "event.severity": 6, - "event.start": "2024-07-15T15:38:06.000Z", + "event.start": "2025-07-15T15:38:06.000Z", "event.timezone": "-02:00", "event.type": [ "connection", @@ -423,12 +423,12 @@ "event.code": 305012, "event.dataset": "cisco.asa", "event.duration": 30000000000, - "event.end": "2024-07-15T13:37:33.000-02:00", + "event.end": "2025-07-15T13:37:33.000-02:00", "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-305012: Teardown dynamic UDP translation from SERVERS:exp-wait/56421 to outside:81.2.69.142/56421 duration 0:00:30", "event.severity": 6, - "event.start": "2024-07-15T15:37:03.000Z", + "event.start": "2025-07-15T15:37:03.000Z", "event.timezone": "-02:00", "event.type": [ "connection", diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/288_auto_clear_users_history_start.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/288_auto_clear_users_history_start.log-expected.json index fb3cfbbb9cb5..fedbb0ab9460 100644 --- a/x-pack/filebeat/module/cyberarkpas/audit/test/288_auto_clear_users_history_start.log-expected.json +++ b/x-pack/filebeat/module/cyberarkpas/audit/test/288_auto_clear_users_history_start.log-expected.json @@ -38,7 +38,7 @@ ] }, { - "@timestamp": "2024-03-08T03:00:20.000-02:00", + "@timestamp": "2025-03-08T03:00:20.000-02:00", "cyberarkpas.audit.action": "Auto Clear Users History start", "cyberarkpas.audit.desc": "Auto Clear Users History start", "cyberarkpas.audit.issuer": "Batch", diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/289_auto_clear_users_history_end.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/289_auto_clear_users_history_end.log-expected.json index 9ad5b886c6ca..270efd699732 100644 --- a/x-pack/filebeat/module/cyberarkpas/audit/test/289_auto_clear_users_history_end.log-expected.json +++ b/x-pack/filebeat/module/cyberarkpas/audit/test/289_auto_clear_users_history_end.log-expected.json @@ -38,7 +38,7 @@ ] }, { - "@timestamp": "2024-03-08T03:00:20.000-02:00", + "@timestamp": "2025-03-08T03:00:20.000-02:00", "cyberarkpas.audit.action": "Auto Clear Users History end", "cyberarkpas.audit.desc": "Auto Clear Users History end", "cyberarkpas.audit.issuer": "Batch", diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/310_monitor_dr_replication_start.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/310_monitor_dr_replication_start.log-expected.json index 9d813f639d65..d2d5e390dde0 100644 --- a/x-pack/filebeat/module/cyberarkpas/audit/test/310_monitor_dr_replication_start.log-expected.json +++ b/x-pack/filebeat/module/cyberarkpas/audit/test/310_monitor_dr_replication_start.log-expected.json @@ -38,7 +38,7 @@ ] }, { - "@timestamp": "2024-03-08T02:48:07.000-02:00", + "@timestamp": "2025-03-08T02:48:07.000-02:00", "cyberarkpas.audit.action": "Monitor DR Replication start", "cyberarkpas.audit.desc": "Monitor DR Replication start", "cyberarkpas.audit.issuer": "Batch", diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/311_monitor_dr_replication_end.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/311_monitor_dr_replication_end.log-expected.json index ee767935d3b0..ccdcc1546f06 100644 --- a/x-pack/filebeat/module/cyberarkpas/audit/test/311_monitor_dr_replication_end.log-expected.json +++ b/x-pack/filebeat/module/cyberarkpas/audit/test/311_monitor_dr_replication_end.log-expected.json @@ -38,7 +38,7 @@ ] }, { - "@timestamp": "2024-03-08T02:48:07.000-02:00", + "@timestamp": "2025-03-08T02:48:07.000-02:00", "cyberarkpas.audit.action": "Monitor DR Replication end", "cyberarkpas.audit.desc": "Monitor DR Replication end", "cyberarkpas.audit.issuer": "Batch", diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/357_monitor_fw_rules_start.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/357_monitor_fw_rules_start.log-expected.json index 2943356268b9..73692aa9b6c8 100644 --- a/x-pack/filebeat/module/cyberarkpas/audit/test/357_monitor_fw_rules_start.log-expected.json +++ b/x-pack/filebeat/module/cyberarkpas/audit/test/357_monitor_fw_rules_start.log-expected.json @@ -38,7 +38,7 @@ ] }, { - "@timestamp": "2024-03-08T02:32:56.000-02:00", + "@timestamp": "2025-03-08T02:32:56.000-02:00", "cyberarkpas.audit.action": "Monitor FW rules start", "cyberarkpas.audit.desc": "Monitor FW rules start", "cyberarkpas.audit.issuer": "Batch", diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/358_monitor_fw_rules_end.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/358_monitor_fw_rules_end.log-expected.json index bed2becb5d42..4ad89388da98 100644 --- a/x-pack/filebeat/module/cyberarkpas/audit/test/358_monitor_fw_rules_end.log-expected.json +++ b/x-pack/filebeat/module/cyberarkpas/audit/test/358_monitor_fw_rules_end.log-expected.json @@ -38,7 +38,7 @@ ] }, { - "@timestamp": "2024-03-08T02:32:56.000-02:00", + "@timestamp": "2025-03-08T02:32:56.000-02:00", "cyberarkpas.audit.action": "Monitor FW Rules end", "cyberarkpas.audit.desc": "Monitor FW Rules end", "cyberarkpas.audit.issuer": "Batch", diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/479_security_warning_the_signature_hash_algorithm_of_the_vault_certificate_is_sha1.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/479_security_warning_the_signature_hash_algorithm_of_the_vault_certificate_is_sha1.log-expected.json index bb66629fa39b..5ee1cc82cc63 100644 --- a/x-pack/filebeat/module/cyberarkpas/audit/test/479_security_warning_the_signature_hash_algorithm_of_the_vault_certificate_is_sha1.log-expected.json +++ b/x-pack/filebeat/module/cyberarkpas/audit/test/479_security_warning_the_signature_hash_algorithm_of_the_vault_certificate_is_sha1.log-expected.json @@ -39,7 +39,7 @@ ] }, { - "@timestamp": "2024-03-08T07:46:54.000-02:00", + "@timestamp": "2025-03-08T07:46:54.000-02:00", "cyberarkpas.audit.action": "Security warning - The Signature Hash Algorithm of the Vault certificate is SHA1.", "cyberarkpas.audit.desc": "Security warning - The Signature Hash Algorithm of the Vault certificate is SHA1.", "cyberarkpas.audit.issuer": "Builtin", diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/59_clear_safe_history.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/59_clear_safe_history.log-expected.json index ef8f8d42bb26..78401fbbc56b 100644 --- a/x-pack/filebeat/module/cyberarkpas/audit/test/59_clear_safe_history.log-expected.json +++ b/x-pack/filebeat/module/cyberarkpas/audit/test/59_clear_safe_history.log-expected.json @@ -39,7 +39,7 @@ ] }, { - "@timestamp": "2024-03-08T03:10:31.000-02:00", + "@timestamp": "2025-03-08T03:10:31.000-02:00", "cyberarkpas.audit.action": "Clear Safe History", "cyberarkpas.audit.desc": "Clear Safe History", "cyberarkpas.audit.issuer": "PasswordManager", diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/88_set_password.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/88_set_password.log-expected.json index 65ec1710d275..d7bb8fce24bc 100644 --- a/x-pack/filebeat/module/cyberarkpas/audit/test/88_set_password.log-expected.json +++ b/x-pack/filebeat/module/cyberarkpas/audit/test/88_set_password.log-expected.json @@ -76,7 +76,7 @@ ] }, { - "@timestamp": "2024-03-08T02:54:46.000-02:00", + "@timestamp": "2025-03-08T02:54:46.000-02:00", "cyberarkpas.audit.action": "Set Password", "cyberarkpas.audit.desc": "Set Password", "cyberarkpas.audit.issuer": "PVWAGWUser", diff --git a/x-pack/filebeat/module/cyberarkpas/audit/test/legacysyslog.log-expected.json b/x-pack/filebeat/module/cyberarkpas/audit/test/legacysyslog.log-expected.json index 439a5355e95b..69238d2b69a9 100644 --- a/x-pack/filebeat/module/cyberarkpas/audit/test/legacysyslog.log-expected.json +++ b/x-pack/filebeat/module/cyberarkpas/audit/test/legacysyslog.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2024-03-08T03:41:01.000-02:00", + "@timestamp": "2025-03-08T03:41:01.000-02:00", "cyberarkpas.audit.action": "Retrieve File", "cyberarkpas.audit.desc": "Retrieve File", "cyberarkpas.audit.file": "Root\\Policies\\Policy-BusinessWebsite.ini", diff --git a/x-pack/filebeat/module/microsoft/m365_defender/test/m365_defender-test.ndjson.log-expected.json b/x-pack/filebeat/module/microsoft/m365_defender/test/m365_defender-test.ndjson.log-expected.json index f08a15e75c4b..ef069239d23b 100644 --- a/x-pack/filebeat/module/microsoft/m365_defender/test/m365_defender-test.ndjson.log-expected.json +++ b/x-pack/filebeat/module/microsoft/m365_defender/test/m365_defender-test.ndjson.log-expected.json @@ -674,7 +674,7 @@ "microsoft.m365_defender.alerts.detectionSource": "WindowsDefenderAv", "microsoft.m365_defender.alerts.devices": [ { - "deviceDnsName": "TestServer4", + "deviceDnsName": "TestServer5", "firstSeen": "2020-06-30T08:55:08.8320449Z", "healthStatus": "Inactive", "mdatpDeviceId": "75a63a39f9bc5a964f417c11f6277d5bf9489f0d", @@ -686,7 +686,7 @@ "version": "Other" }, { - "deviceDnsName": "TestServer5", + "deviceDnsName": "TestServer4", "firstSeen": "2020-06-30T08:55:08.8320449Z", "healthStatus": "Inactive", "mdatpDeviceId": "75a63a39f9bc5a964f417c11f6277d5bf9489f0d", diff --git a/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log-expected.json b/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log-expected.json index e8fbe0e1d659..d6873710c143 100644 --- a/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log-expected.json +++ b/x-pack/filebeat/module/mysqlenterprise/audit/test/mysql_audit_test.log-expected.json @@ -19,11 +19,11 @@ "mysqlenterprise.audit.connection_id": 0, "mysqlenterprise.audit.id": 0, "process.args": [ - "--log-error=log.err", + "/usr/local/mysql/bin/mysqld", "--loose-audit-log-format=JSON", + "--log-error=log.err", "--pid-file=mysqld.pid", - "--port=3306", - "/usr/local/mysql/bin/mysqld" + "--port=3306" ], "process.args_count": 5, "process.command_line": "/usr/local/mysql/bin/mysqld --loose-audit-log-format=JSON --log-error=log.err --pid-file=mysqld.pid --port=3306", From 580f0f6d74c55aafb056eb263b23c1047701fa22 Mon Sep 17 00:00:00 2001 From: Lee E Hinman <57081003+leehinman@users.noreply.github.com> Date: Fri, 3 Jan 2025 03:20:29 -0600 Subject: [PATCH 5/5] fix templates and docs to use correct `--` command line args (#42060) * fix templates and docs to use correct `--` command line args Co-authored-by: Tiago Queiroz --- CHANGELOG.next.asciidoc | 1 + deploy/kubernetes/metricbeat-kubernetes.yaml | 2 +- .../metricbeat/metricbeat-daemonset.yaml | 2 +- .../metricbeat/manifest.debug.multi.yaml | 4 +- .../kubernetes/metricbeat/manifest.debug.yaml | 2 +- .../kubernetes/metricbeat/manifest.run.yaml | 2 +- dev-tools/mage/pkg.go | 7 +- dev-tools/packaging/package_test.go | 129 ++++++++++++++++-- .../templates/docker/Dockerfile.tmpl | 2 +- .../templates/ironbank/auditbeat/Dockerfile | 2 +- .../templates/ironbank/filebeat/Dockerfile | 2 +- .../templates/ironbank/heartbeat/Dockerfile | 2 +- .../templates/ironbank/metricbeat/Dockerfile | 2 +- .../templates/ironbank/packetbeat/Dockerfile | 2 +- filebeat/tests/open-file-handlers/run.sh | 2 +- libbeat/docs/command-reference.asciidoc | 2 +- metricbeat/docs/running-on-docker.asciidoc | 2 +- .../_meta/remote-debugger/README.md | 2 +- 18 files changed, 138 insertions(+), 31 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 6c40c89f874e..9408add3158c 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -17,6 +17,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - Drop support for Debian 10 and upgrade statically linked glibc from 2.28 to 2.31 {pull}41402[41402] - Fix metrics not being ingested, due to "Limit of total fields [10000] has been exceeded while adding new fields [...]". The total fields limit has been increased to 12500. No significant performance impact on Elasticsearch is anticipated. {pull}41640[41640] - Set default kafka version to 2.1.0 in kafka output and filebeat. {pull}41662[41662] +- Fix templates and docs to use correct `--` version of command line arguments. {issue}42038[42038] {pull}42060[42060] *Auditbeat* diff --git a/deploy/kubernetes/metricbeat-kubernetes.yaml b/deploy/kubernetes/metricbeat-kubernetes.yaml index 418c902bffc0..0afc6438b65e 100644 --- a/deploy/kubernetes/metricbeat-kubernetes.yaml +++ b/deploy/kubernetes/metricbeat-kubernetes.yaml @@ -295,7 +295,7 @@ spec: args: [ "-c", "/etc/metricbeat.yml", "-e", - "-system.hostfs=/hostfs", + "--system.hostfs=/hostfs", ] env: - name: ELASTICSEARCH_HOST diff --git a/deploy/kubernetes/metricbeat/metricbeat-daemonset.yaml b/deploy/kubernetes/metricbeat/metricbeat-daemonset.yaml index e8c0074be6de..c89dd2b21d39 100644 --- a/deploy/kubernetes/metricbeat/metricbeat-daemonset.yaml +++ b/deploy/kubernetes/metricbeat/metricbeat-daemonset.yaml @@ -25,7 +25,7 @@ spec: args: [ "-c", "/etc/metricbeat.yml", "-e", - "-system.hostfs=/hostfs", + "--system.hostfs=/hostfs", ] env: - name: ELASTICSEARCH_HOST diff --git a/dev-tools/kubernetes/metricbeat/manifest.debug.multi.yaml b/dev-tools/kubernetes/metricbeat/manifest.debug.multi.yaml index 6dd492804c8b..c266335babad 100644 --- a/dev-tools/kubernetes/metricbeat/manifest.debug.multi.yaml +++ b/dev-tools/kubernetes/metricbeat/manifest.debug.multi.yaml @@ -298,7 +298,7 @@ spec: args: [ "-c", "/etc/metricbeat.yml", "-e", - "-system.hostfs=/hostfs", + "--system.hostfs=/hostfs", ] env: - name: ELASTICSEARCH_HOST @@ -403,7 +403,7 @@ spec: args: [ "-c", "/etc/metricbeat.yml", "-e", - "-system.hostfs=/hostfs", + "--system.hostfs=/hostfs", ] ports: - containerPort: 56268 diff --git a/dev-tools/kubernetes/metricbeat/manifest.debug.yaml b/dev-tools/kubernetes/metricbeat/manifest.debug.yaml index 398d7fa85606..7bb9dd963366 100644 --- a/dev-tools/kubernetes/metricbeat/manifest.debug.yaml +++ b/dev-tools/kubernetes/metricbeat/manifest.debug.yaml @@ -298,7 +298,7 @@ spec: args: [ "-c", "/etc/metricbeat.yml", "-e", - "-system.hostfs=/hostfs", + "--system.hostfs=/hostfs", ] ports: - containerPort: 56268 diff --git a/dev-tools/kubernetes/metricbeat/manifest.run.yaml b/dev-tools/kubernetes/metricbeat/manifest.run.yaml index 21c9727d45ef..6b42510754e8 100644 --- a/dev-tools/kubernetes/metricbeat/manifest.run.yaml +++ b/dev-tools/kubernetes/metricbeat/manifest.run.yaml @@ -298,7 +298,7 @@ spec: args: [ "-c", "/etc/metricbeat.yml", "-e", - "-system.hostfs=/hostfs", + "--system.hostfs=/hostfs", ] env: - name: ELASTICSEARCH_HOST diff --git a/dev-tools/mage/pkg.go b/dev-tools/mage/pkg.go index 53783b29553a..757f857265f4 100644 --- a/dev-tools/mage/pkg.go +++ b/dev-tools/mage/pkg.go @@ -172,7 +172,6 @@ func prepareIronbankBuild() error { } return nil }) - if err != nil { return fmt.Errorf("cannot create templates for the IronBank: %w", err) } @@ -206,7 +205,7 @@ func saveIronbank() error { distributionsDir := "build/distributions" if _, err := os.Stat(distributionsDir); os.IsNotExist(err) { - err := os.MkdirAll(distributionsDir, 0750) + err := os.MkdirAll(distributionsDir, 0o750) if err != nil { return fmt.Errorf("cannot create folder for docker artifacts: %w", err) } @@ -348,9 +347,7 @@ func TestPackages(options ...TestPackagesOption) error { args = append(args, "-files", MustExpand("{{.PWD}}/build/distributions/*")) if out, err := goTest(args...); err != nil { - if !mg.Verbose() { - fmt.Println(out) - } + fmt.Println(out) return err } diff --git a/dev-tools/packaging/package_test.go b/dev-tools/packaging/package_test.go index cad23aec9e87..6a9a72a8facd 100644 --- a/dev-tools/packaging/package_test.go +++ b/dev-tools/packaging/package_test.go @@ -26,7 +26,9 @@ import ( "bufio" "bytes" "compress/gzip" + "context" "encoding/json" + "errors" "flag" "fmt" "io" @@ -36,18 +38,20 @@ import ( "slices" "strings" "testing" - - "errors" + "time" "github.com/blakesmith/ar" rpm "github.com/cavaliergopher/rpm" + "github.com/docker/docker/api/types/container" + "github.com/docker/docker/api/types/strslice" + "github.com/docker/docker/client" ) const ( - expectedConfigMode = os.FileMode(0600) - expectedManifestMode = os.FileMode(0644) + expectedConfigMode = os.FileMode(0o600) + expectedManifestMode = os.FileMode(0o644) expectedModuleFileMode = expectedManifestMode - expectedModuleDirMode = os.FileMode(0755) + expectedModuleDirMode = os.FileMode(0o755) ) var ( @@ -234,15 +238,15 @@ func checkDocker(t *testing.T, file string) { t.Errorf("error reading file %v: %v", file, err) return } - checkDockerEntryPoint(t, p, info) checkDockerLabels(t, p, info, file) checkDockerUser(t, p, info, *rootUserContainer) - checkConfigPermissionsWithMode(t, p, os.FileMode(0644)) - checkManifestPermissionsWithMode(t, p, os.FileMode(0644)) + checkConfigPermissionsWithMode(t, p, os.FileMode(0o644)) + checkManifestPermissionsWithMode(t, p, os.FileMode(0o644)) checkModulesPresent(t, "", p) checkModulesDPresent(t, "", p) checkLicensesPresent(t, "licenses/", p) + checkDockerImageRun(t, p, file) } // Verify that the main configuration file is installed with a 0600 file mode. @@ -356,7 +360,7 @@ func checkModulesOwner(t *testing.T, p *packageFile, expectRoot bool) { // Verify that the systemd unit file has a mode of 0644. It should not be // executable. func checkSystemdUnitPermissions(t *testing.T, p *packageFile) { - const expectedMode = os.FileMode(0644) + const expectedMode = os.FileMode(0o644) t.Run(p.Name+" systemd unit file permissions", func(t *testing.T) { for _, entry := range p.Contents { if systemdUnitFilePattern.MatchString(entry.File) { @@ -443,7 +447,7 @@ func checkLicensesPresent(t *testing.T, prefix string, p *packageFile) { } func checkDockerEntryPoint(t *testing.T, p *packageFile, info *dockerInfo) { - expectedMode := os.FileMode(0755) + expectedMode := os.FileMode(0o755) t.Run(fmt.Sprintf("%s entrypoint", p.Name), func(t *testing.T) { if len(info.Config.Entrypoint) == 0 { @@ -511,6 +515,111 @@ func checkDockerUser(t *testing.T, p *packageFile, info *dockerInfo, expectRoot }) } +func checkDockerImageRun(t *testing.T, p *packageFile, imagePath string) { + t.Run(fmt.Sprintf("%s check docker images runs", p.Name), func(t *testing.T) { + var ctx context.Context + dl, ok := t.Deadline() + if !ok { + ctx = context.Background() + } else { + c, cancel := context.WithDeadline(context.Background(), dl) + ctx = c + defer cancel() + } + f, err := os.Open(imagePath) + if err != nil { + t.Fatalf("failed to open docker image %q: %s", imagePath, err) + } + defer f.Close() + + c, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation()) + if err != nil { + t.Fatalf("failed to get a Docker client: %s", err) + } + + loadResp, err := c.ImageLoad(ctx, f, true) + if err != nil { + t.Fatalf("error loading docker image: %s", err) + } + + loadRespBody, err := io.ReadAll(loadResp.Body) + if err != nil { + t.Fatalf("failed to read image load response: %s", err) + } + loadResp.Body.Close() + + _, after, found := strings.Cut(string(loadRespBody), "Loaded image: ") + if !found { + t.Fatalf("image load response was unexpected: %s", string(loadRespBody)) + } + imageId := strings.TrimRight(after, "\\n\"}\r\n") + + var caps strslice.StrSlice + if strings.Contains(imageId, "packetbeat") { + caps = append(caps, "NET_ADMIN") + } + + createResp, err := c.ContainerCreate(ctx, + &container.Config{ + Image: imageId, + }, + &container.HostConfig{ + CapAdd: caps, + }, + nil, + nil, + "") + if err != nil { + t.Fatalf("error creating container from image: %s", err) + } + defer func() { + err := c.ContainerRemove(ctx, createResp.ID, container.RemoveOptions{Force: true}) + if err != nil { + t.Errorf("error removing container: %s", err) + } + }() + + err = c.ContainerStart(ctx, createResp.ID, container.StartOptions{}) + if err != nil { + t.Fatalf("failed to start container: %s", err) + } + defer func() { + err := c.ContainerStop(ctx, createResp.ID, container.StopOptions{}) + if err != nil { + t.Errorf("error stopping container: %s", err) + } + }() + + timer := time.NewTimer(15 * time.Second) + defer timer.Stop() + ticker := time.NewTicker(2 * time.Second) + defer ticker.Stop() + + var logs []byte + sentinelLog := "Beat ID: " + for { + select { + case <-timer.C: + t.Fatalf("never saw %q within timeout\nlogs:\n%s", sentinelLog, string(logs)) + return + case <-ticker.C: + out, err := c.ContainerLogs(ctx, createResp.ID, container.LogsOptions{ShowStdout: true, ShowStderr: true}) + if err != nil { + t.Logf("could not get logs: %s", err) + } + logs, err = io.ReadAll(out) + out.Close() + if err != nil { + t.Logf("error reading logs: %s", err) + } + if bytes.Contains(logs, []byte(sentinelLog)) { + return + } + } + } + }) +} + // ensureNoBuildIDLinks checks for regressions related to // https://github.com/elastic/beats/issues/12956. func ensureNoBuildIDLinks(t *testing.T, p *packageFile) { diff --git a/dev-tools/packaging/templates/docker/Dockerfile.tmpl b/dev-tools/packaging/templates/docker/Dockerfile.tmpl index d5696e9fa0e1..1643e308c9a3 100644 --- a/dev-tools/packaging/templates/docker/Dockerfile.tmpl +++ b/dev-tools/packaging/templates/docker/Dockerfile.tmpl @@ -244,4 +244,4 @@ ENV LIBBEAT_MONITORING_CGROUPS_HIERARCHY_OVERRIDE=/ WORKDIR {{ $beatHome }} ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-entrypoint"] -CMD ["-environment", "container"] +CMD ["--environment", "container"] diff --git a/dev-tools/packaging/templates/ironbank/auditbeat/Dockerfile b/dev-tools/packaging/templates/ironbank/auditbeat/Dockerfile index 893e84d57e36..387b1c4f4f14 100644 --- a/dev-tools/packaging/templates/ironbank/auditbeat/Dockerfile +++ b/dev-tools/packaging/templates/ironbank/auditbeat/Dockerfile @@ -80,7 +80,7 @@ ENV ELASTIC_PRODUCT=${ELASTIC_PRODUCT} # TODO: eventually /tinit will be replaced by /usr/bin/tini ENTRYPOINT ["/tinit", "--", "/usr/share/auditbeat/auditbeat", "-E", "http.enabled=true", "-E", "http.host=unix:///usr/share/auditbeat/data/auditbeat.sock"] -CMD ["-environment", "container"] +CMD ["--environment", "container"] # see https://www.elastic.co/guide/en/beats/auditbeat/current/http-endpoint.html HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD curl -I -f --max-time 5 --unix-socket '/usr/share/auditbeat/data/auditbeat.sock' 'http:/stats?pretty' diff --git a/dev-tools/packaging/templates/ironbank/filebeat/Dockerfile b/dev-tools/packaging/templates/ironbank/filebeat/Dockerfile index dc4f7bb49ea9..5f8b5fafb652 100644 --- a/dev-tools/packaging/templates/ironbank/filebeat/Dockerfile +++ b/dev-tools/packaging/templates/ironbank/filebeat/Dockerfile @@ -80,7 +80,7 @@ ENV ELASTIC_PRODUCT=${ELASTIC_PRODUCT} # TODO: eventually /tinit will be replaced by /usr/bin/tini ENTRYPOINT ["/tinit", "--", "/usr/share/filebeat/filebeat", "-E", "http.enabled=true", "-E", "http.host=unix:///usr/share/filebeat/data/filebeat.sock"] -CMD ["-environment", "container"] +CMD ["--environment", "container"] # see https://www.elastic.co/guide/en/beats/filebeat/current/http-endpoint.html HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD curl -I -f --max-time 5 --unix-socket '/usr/share/filebeat/data/filebeat.sock' 'http:/stats/?pretty' diff --git a/dev-tools/packaging/templates/ironbank/heartbeat/Dockerfile b/dev-tools/packaging/templates/ironbank/heartbeat/Dockerfile index c71357b8478e..b24ce932c3cf 100644 --- a/dev-tools/packaging/templates/ironbank/heartbeat/Dockerfile +++ b/dev-tools/packaging/templates/ironbank/heartbeat/Dockerfile @@ -80,7 +80,7 @@ ENV ELASTIC_PRODUCT=${ELASTIC_PRODUCT} # TODO: eventually /tinit will be replaced by /usr/bin/tini ENTRYPOINT ["/tinit", "--", "/usr/share/heartbeat/heartbeat", "-E", "http.enabled=true", "-E", "http.host=unix:///usr/share/heartbeat/data/heartbeat.sock"] -CMD ["-environment", "container"] +CMD ["--environment", "container"] # see https://www.elastic.co/guide/en/beats/heartbeat/current/http-endpoint.html HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD curl -I -f --max-time 5 --unix-socket '/usr/share/heartbeat/data/heartbeat.sock' 'http:/stats/?pretty' diff --git a/dev-tools/packaging/templates/ironbank/metricbeat/Dockerfile b/dev-tools/packaging/templates/ironbank/metricbeat/Dockerfile index cee8fe1fe6fa..e0f832d1ef57 100644 --- a/dev-tools/packaging/templates/ironbank/metricbeat/Dockerfile +++ b/dev-tools/packaging/templates/ironbank/metricbeat/Dockerfile @@ -81,7 +81,7 @@ ENV ELASTIC_PRODUCT=${ELASTIC_PRODUCT} # TODO: eventually /tinit will be replaced by /usr/bin/tini ENTRYPOINT ["/tinit", "--", "/usr/share/metricbeat/metricbeat", "-E", "http.enabled=true", "-E", "http.host=unix:///usr/share/metricbeat/data/metricbeat.sock"] -CMD ["-environment", "container"] +CMD ["--environment", "container"] # see https://www.elastic.co/guide/en/beats/metricbeat/current/http-endpoint.html HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD curl -I -f --max-time 5 --unix-socket '/usr/share/metricbeat/data/metricbeat.sock' 'http:/stats/?pretty' diff --git a/dev-tools/packaging/templates/ironbank/packetbeat/Dockerfile b/dev-tools/packaging/templates/ironbank/packetbeat/Dockerfile index e7a025ef6aa0..6d7155c80c06 100644 --- a/dev-tools/packaging/templates/ironbank/packetbeat/Dockerfile +++ b/dev-tools/packaging/templates/ironbank/packetbeat/Dockerfile @@ -82,7 +82,7 @@ ENV ELASTIC_PRODUCT=${ELASTIC_PRODUCT} # TODO: eventually /tinit will be replaced by /usr/bin/tini ENTRYPOINT ["/tinit", "--", "/usr/share/packetbeat/packetbeat", "-E", "http.enabled=true", "-E", "http.host=unix:///usr/share/packetbeat/data/packetbeat.sock"] -CMD ["-environment", "container"] +CMD ["--environment", "container"] # see https://www.elastic.co/guide/en/beats/packetbeat/current/http-endpoint.html HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD curl -I -f --max-time 5 --unix-socket '/usr/share/packetbeat/data/packetbeat.sock' 'http:/stats/?pretty' diff --git a/filebeat/tests/open-file-handlers/run.sh b/filebeat/tests/open-file-handlers/run.sh index 4554660ab2f8..1bcc545391d0 100644 --- a/filebeat/tests/open-file-handlers/run.sh +++ b/filebeat/tests/open-file-handlers/run.sh @@ -1,3 +1,3 @@ /etc/init.d/metricbeat start cd /filebeat -./filebeat -httpprof :6060 +./filebeat --httpprof :6060 diff --git a/libbeat/docs/command-reference.asciidoc b/libbeat/docs/command-reference.asciidoc index 4766152f39fd..b869d7e4956c 100644 --- a/libbeat/docs/command-reference.asciidoc +++ b/libbeat/docs/command-reference.asciidoc @@ -926,7 +926,7 @@ messages. *`-e, --e`*:: Logs to stderr and disables syslog/file output. -*`-environment`*:: +*`--environment`*:: For logging purposes, specifies the environment that {beatname_uc} is running in. This setting is used to select a default log output when no log output is configured. Supported values are: `systemd`, `container`, `macos_service`, and `windows_service`. diff --git a/metricbeat/docs/running-on-docker.asciidoc b/metricbeat/docs/running-on-docker.asciidoc index 26ba27658b8f..da012b2eb556 100644 --- a/metricbeat/docs/running-on-docker.asciidoc +++ b/metricbeat/docs/running-on-docker.asciidoc @@ -22,7 +22,7 @@ docker run \ --env DBUS_SYSTEM_BUS_ADDRESS='unix:path=/hostfs/var/run/dbus/system_bus_socket' \ <4> --net=host \ <5> --cgroupns=host \ <6> - {dockerimage} -e -system.hostfs=/hostfs + {dockerimage} -e --system.hostfs=/hostfs ---- <1> Metricbeat's <> collects much of its data through the Linux proc diff --git a/metricbeat/module/kubernetes/_meta/remote-debugger/README.md b/metricbeat/module/kubernetes/_meta/remote-debugger/README.md index cdebbe225c2a..a62eca2a051b 100644 --- a/metricbeat/module/kubernetes/_meta/remote-debugger/README.md +++ b/metricbeat/module/kubernetes/_meta/remote-debugger/README.md @@ -72,7 +72,7 @@ containers: args: [ "-c", "/etc/metricbeat.yml", "-e", - "-system.hostfs=/hostfs", + "--system.hostfs=/hostfs", ] ports: - containerPort: 56268