diff --git a/x-pack/auditbeat/docs/modules/system.asciidoc b/x-pack/auditbeat/docs/modules/system.asciidoc index abbd8844b86c..9447da5cc2c6 100644 --- a/x-pack/auditbeat/docs/modules/system.asciidoc +++ b/x-pack/auditbeat/docs/modules/system.asciidoc @@ -14,8 +14,8 @@ a system. All metricsets send both periodic state information (e.g. all currentl running processes) and real-time changes (e.g. when a new process starts or stops). -The module is fully implemented for Linux, and partially implemented -for macOS (Darwin). +The module is fully implemented for Linux. Some metricsets are also available +for macOS (Darwin) and Windows. [float] === How it works diff --git a/x-pack/auditbeat/module/system/_meta/docs.asciidoc b/x-pack/auditbeat/module/system/_meta/docs.asciidoc index e402da99d2ed..02e163f78483 100644 --- a/x-pack/auditbeat/module/system/_meta/docs.asciidoc +++ b/x-pack/auditbeat/module/system/_meta/docs.asciidoc @@ -9,8 +9,8 @@ a system. All metricsets send both periodic state information (e.g. all currentl running processes) and real-time changes (e.g. when a new process starts or stops). -The module is fully implemented for Linux, and partially implemented -for macOS (Darwin). +The module is fully implemented for Linux. Some metricsets are also available +for macOS (Darwin) and Windows. [float] === How it works diff --git a/x-pack/auditbeat/module/system/process/_meta/docs.asciidoc b/x-pack/auditbeat/module/system/process/_meta/docs.asciidoc index 8aea28521556..bf702544c3e8 100644 --- a/x-pack/auditbeat/module/system/process/_meta/docs.asciidoc +++ b/x-pack/auditbeat/module/system/process/_meta/docs.asciidoc @@ -4,4 +4,4 @@ experimental[] This is the `process` metricset of the system module. -It is implemented for Linux and macOS (Darwin). +It is implemented for Linux, macOS (Darwin), and Windows. diff --git a/x-pack/auditbeat/module/system/process/process.go b/x-pack/auditbeat/module/system/process/process.go index be83e597403e..87db7efab0e8 100644 --- a/x-pack/auditbeat/module/system/process/process.go +++ b/x-pack/auditbeat/module/system/process/process.go @@ -329,6 +329,13 @@ func (ms *MetricSet) getProcesses() ([]*Process, error) { continue } + if runtime.GOOS == "windows" && (pid == 0 || os.IsPermission(err)) { + // On Windows, the call to Process() can fail if Auditbeat does not have + // the necessary access rights, while trying to open the System Process (PID: 0) + // will always fail. + continue + } + // Record what we can and continue process = &Process{ Info: types.ProcessInfo{ diff --git a/x-pack/auditbeat/module/system/process/process_test.go b/x-pack/auditbeat/module/system/process/process_test.go index bd7f4c83b9b6..8ca58bb5f241 100644 --- a/x-pack/auditbeat/module/system/process/process_test.go +++ b/x-pack/auditbeat/module/system/process/process_test.go @@ -5,7 +5,6 @@ package process import ( - "runtime" "testing" "github.com/elastic/beats/auditbeat/core" @@ -13,9 +12,6 @@ import ( ) func TestData(t *testing.T) { - if runtime.GOOS == "windows" { - t.Skip("Fails on Windows - https://github.com/elastic/beats/issues/9748") - } f := mbtest.NewReportingMetricSetV2(t, getConfig()) events, errs := mbtest.ReportingFetchV2(f) if len(errs) > 0 { diff --git a/x-pack/auditbeat/tests/system/test_metricsets.py b/x-pack/auditbeat/tests/system/test_metricsets.py index 7fa038ce4a7c..5ff1a9f6ee5b 100644 --- a/x-pack/auditbeat/tests/system/test_metricsets.py +++ b/x-pack/auditbeat/tests/system/test_metricsets.py @@ -22,7 +22,6 @@ def test_metricset_host(self): self.check_metricset("system", "host", COMMON_FIELDS + fields, warnings_allowed=True) @unittest.skipIf(sys.platform == "darwin" and os.geteuid != 0, "Requires root on macOS") - @unittest.skipIf(sys.platform == "win32", "Fails on Windows - https://github.com/elastic/beats/issues/9748") def test_metricset_process(self): """ process metricset collects information about processes running on a system.