Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

filebeat.conf file is not updated if file already exists in /etc/filebeat/filebeat.yml #1563

Open
mattjamesaus opened this issue Oct 8, 2024 · 0 comments
Open

filebeat.conf file is not updated if file already exists in /etc/filebeat/filebeat.yml #1563

mattjamesaus opened this issue Oct 8, 2024 · 0 comments

Comments

@mattjamesaus
Copy link

We came across an issue with the filebeat.yml file not getting updated when bumping the wazuh manager version. In our case we had a version of https://github.com/wazuh/wazuh-docker/blob/master/build-docker-images/wazuh-manager/config/filebeat.yml#L26 that didn't have the seccomp updates (4.6) and when the container booted up to 4.9.x it didn't update the filebeat.yml in our persistent volume.

My thinking is that

wazuh-docker/build-docker-images/wazuh-manager/config/permanent_data.env

Line 18 in 2059833

PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/internal_options.conf"
should probably contain /etc/filebeat/filebeat.yml so that in the event the docker container has an update to filebeat.yml the volume mount (kube or compose) would have it's filebeat.yml file updated to match the newer version in the container.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mattjamesaus