From 1a716f86cd165bb29758b428b368ec29d6340a99 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Fri, 18 Jan 2019 10:20:54 -0800 Subject: [PATCH 1/2] Teach elasticsearch/audit fileset to parse out some more fields (#10137) * Be more lenient in parsing node name * Parse out elasticsearch.audit.realm * Adding CHANGELOG entry * Parse out elasticsearch.audit.roles * Parse out elasticsearch.audit.indices * Parse out optional sub-action * Regenerating generated files * Regenerating generated files (cherry picked from commit 210460eccec73a20defab2a540c06a00a80e1197) --- CHANGELOG.next.asciidoc | 13 ++ filebeat/docs/fields.asciidoc | 31 +++ filebeat/include/fields.go | 2 +- .../elasticsearch/audit/_meta/fields.yml | 12 + .../elasticsearch/audit/ingest/pipeline.json | 96 ++++++-- .../audit/test/test.log-expected.json | 210 +++++++++--------- 6 files changed, 236 insertions(+), 128 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 0ef118d6802..5cebdf5d42c 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -60,6 +60,19 @@ https://github.com/elastic/beats/compare/1035569addc4a3b29ffa14f8a08c27c1ace16ef *Filebeat* +- Added module for parsing Google Santa logs. {pull}9540[9540] +- Added netflow input type that supports NetFlow v1, v5, v6, v7, v8, v9 and IPFIX. {issue}9399[9399] +- Add option to modules.yml file to indicate that a module has been moved {pull}9432[9432]. +- Fix parsing of GC entries in elasticsearch server log. {issue}9513[9513] {pull}9810[9810] +- Support mysql 5.7.22 slowlog starting with time information. {issue}7892[7892] {pull}9647[9647] +- Add support for ssl_request_log in apache2 module. {issue}8088[8088] {pull}9833[9833] +- Add support for iis 7.5 log format. {issue}9753[9753] {pull}9967[9967] +- Add service.type field to all Modules. By default the field is set with the module name. It can be overwritten with `service.type` config. {pull}10042[10042] +- Add support for MariaDB in the `slowlog` fileset of `mysql` module. {pull}9731[9731] +- Elasticsearch module's slowlog now populates `event.duration` (ECS). {pull}9293[9293] +- HAProxy module now populates `event.duration` and `http.response.bytes` (ECS). {pull}10143[10143] +- Teach elasticsearch/audit fileset to parse out some more fields. {issue}10134[10134] {pull}10137[10137] + *Heartbeat* *Journalbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 9e7430c6e8c..dc194db77d6 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -1054,6 +1054,26 @@ The principal (username) that failed authentication -- +*`elasticsearch.audit.realm`*:: ++ +-- +type: keyword + +The authentication realm + +-- + +*`elasticsearch.audit.roles`*:: ++ +-- +type: array + +example: ['kibana_user', 'beats_admin'] + +Roles to which the principal belongs + +-- + *`elasticsearch.audit.action`*:: + -- @@ -1076,6 +1096,17 @@ The REST endpoint URI -- +*`elasticsearch.audit.indices`*:: ++ +-- +type: array + +example: ['foo-2019.01.04', 'foo-2019.01.03', 'foo-2019.01.06'] + +Indices accessed by action + +-- + *`elasticsearch.audit.request`*:: + -- diff --git a/filebeat/include/fields.go b/filebeat/include/fields.go index 12c1b64610f..f9370ae9b0e 100644 --- a/filebeat/include/fields.go +++ b/filebeat/include/fields.go @@ -31,5 +31,5 @@ func init() { // Asset returns asset data func Asset() string { - return "eJzsfW+T27iR9/v9FKi5F7GvZK3/rZP46rk6Z2yvJ7HXE3ucPDlnSwORkIQdEuAC4Iy1V/nuT6EBkCAJUKTE8ew+J7/yUGT3Dw2g0Wh0Nx6gK7J9jjK+/gYhRVVGnqO3fI1WNCMo4UwRpr5BKCUyEbRQlLPn6D+/QQihU84Upkzqb83rGWVEzr9BaEVJlsrn8NoDxHBOniPJS5EQeISQ2hbkueZ8w0Vqnwnyc0kFSZ8jJUr3YoCv/nexIYblSvAc3WxoskFqYxCgGyyRIDido4sNlQYMNAXQ6tfwUvKsVAQVWG2Q4vBQ05tXHF5zgcgXnBdaIJffXmPxbcbX38qtVCSfZ3x9Of+m0T6+WkmiGu3LOFt3GrfCmRzaOkMT0AlScKFIapooFRZKIqxaIHIiJV43pazIFweLrhkXZIGX/Jo8Rw/3FLwdFYivaplreZvOgEd2RLTQSSUIzgcNgQFS0qPUUEQ3G8IAAmVr19NEaBhyhhLM0JKg30mV8lL9DnEB/ydC/K4JrxBcFiRRXMw1uH7pFIIkWOnHz+ZPdsuMsqJU0Ob2kCXXWpZ6zK4JI0LTbAxcKhGMATNIr3FWEqRh0hUlacVjxQX8fqlZXCIOIBBl8NAwlySBh7bbXtOMLAlWWl4ravsL3Xv56vzDq9MXF69ePkeSEHQJH4NALu835VX/sudA+o0IpdlqPcwWiuZEKpwX/Y08YyjBklh+ayIVKmhBYMYUWEhi1FFFrTmD7DyTM0QVkooLIivK+h0u6JoynKHL/6ooXKJ7Qo9NSZjSk8GRN1PEUW6oyftGIrQmDjJuNVtLQhI1z3laZgP6tpKk+QCpDVZ1ZwI/08sRPvqvEVzsZ4PZmGcpVrhW2kP42C8G85FbmfH1fIUTmlG1nW55sAQR+aIETjSGauwUgnJB1TYMxf06GRRH0M0hw6dPGpJcE/3FIsNLkk21HmgsmzLHZiXAy4wgx6i/U24dhmM076w3CZFyXgi+FtOtixqAZuD6w5KPMafpdCOBph5TIB+ada5XJuPrCDrmwaFHxDVNiK9XQpKOcPlovgZaLcJ6JGXkuncAxS2YtVbS8HmA7CrDa7mr+WELFz7tkwfMQzDJ5zhNBZFyL/zWrEeWRqgRegnVdvZB9DWB4GBKBNEauEE8xWrHqGl825Sc/hhxFjRG7AfzamHnq4pkpfOkWQ2o7Flz0XJbrSmGGs8LLKjkrCJYL+qaljep9HoTthg0jzk6W6ElVxuEBUE01YZAgrOKLGfZ1qctN7zMUm0hl5K0V30jJ8/EG9F7L4xlt6bXWgrcSOWKMtARVqYgY2uga/Zgsq0FLwvK1i0sG6WKuSCy4EySuVRYlXKR8JTE9EgE15uLi3Pk6CCPjtv8Vdu+pw+f9kEgGS4kMcbgSAyvzKfGNFsSdUNgA/NzqU1EzNIaH2Uop1lGtaXKWdqeYU1E1mJcZIStWxNuN6ZTu60zHzvd0ZTWkqftVcwiAOjznKgNT8ePlQ+26eb7tuoGFbAgSVNFwTCxT3yHg7dBKWp7GT7xHkSAIHR27pRZZdAYNfmN99KpGbKcaSsc5WWmaJERdHZ+/VQ/ODu/fuaoEFl9Wa29XKgWMq97erCdc6EiqBztNeEt0r6cmrQ9yt8TnvEEw15Iz0FH3f3eFHDNTo84yvSY8xbWWOf3tg2hHzyjpaLrib3mWTIltgsquT//9+R6aqihs4/vkdECHYZOMh1Ga8IXBadMDWP1lrM1VWVKYIpnWMEfAYaCrClnE4j0AxDyzZaGILXxeziTU216RVjYlkzTVbY1rZ5yrFIiFWV+R+3SE0FNEdAVvaC6+sID0lAa+6qNiOIIqo5eqL76CIMMaZGwHolqkq4uabCqX2v3xQClEh81ve3erVoGKZe9ufeomF4l06dmdrDcqWp2KZu9GxtWOf1KZ3/JBlTPEOVzaOsiKqiURCzwmlQ9ZQ9UPkkikP+8ZzNb07AzBDEucpxlW71JsJ5SjJaC32iqzvLS3+oNsCL1CJIbfoPKQtuQN2TptsDgFte09NazdhphoQ3SskKKpBJghPvyGqJLnVvSkxxscJ8j8kURlpL0sFXgE7NYr4mQnu+2FlxAoaVEN/22IPnqpdhspd5wWZYBLBb3bYH5W1Msu/Hk+CcuRqAZvuC805RD/YRi/ZRTdltYNOVRWAqsks1t9dK5Jj4KTktnjkdT7WtPN4I3aA0c2r3wuJwfjHAgDl4QgeF4wx7HBtGsyixrLzSTQnpdZlnD09rGhe5RlmRlSqTr6PthqF9XIwwT31fWCgNBfV31EAFVLfci61/PP3146xbxQvBrqs0xcPVlRBH96wzdULVBMtmQnMzQhks1A4sN/J1gD3z68Laix5c/kUQ5h5kg4DKjDHG1IQIVgqzoFyJnSJbJBmGJLjXBeSmy+b9falO8ImRVwRz9hZDCuBOUKBNVCrCPJZXK+OcII9dEoC0v9ez3GlT1z1BnjIbSmI3hgRztojf2e9c31vCpG3tCMiwVTeYJP/H3GWcMSW04JVgSiTC0IcdbJMiKCKQ4wgw2cSz9lgvYYqGUCpKobGu6h5cKYX8U8RxTa+Fq6uDY1NRnAMzbEN6Aa3XN3UH1pRPCZfSMtX9AvYaYl+aISonCNJMILzVQgpONf2w9xnLzvPRDJtcOHXTeia3pMJT0l65LoG/OQvv1V3rUL7eKSHSviggAzzZOU5Iaz7s99vcOtvW/S43l0inif0MvMoql8b8rujSHqkZAjb4xnvDG6beBi/X39okWYOeo/BsbYrUkWNUxVn8yf/XFVSU8zzlD9nwb+hxfY5rBmSJlCGeZ9aNrJI3AqwZ0OGQYdp7uTzCNEEnCUhdHkPG1CzCScMpQvQWfeXKWRLkwCxNIUQrrDqCZmSXMnKCbyA0qzdmDpkmV/pNx5RMzE8tNnvr9C45cfFSFYwaKCmYbzLRaeTbCP7q45l2htXRW34mvwwYHPKoUjMAhT9AsaJwuAXBPdqJkrNp3NdAompNfOBuAxr15m2iaNksPmNaaCsN5aPjESX1QddKYdd4RXzDqaKX3zKrxXmX+vijXpVTo8TO1QY8fPno2Q48eP3/y3fPvnsyfPHk8TLrm7Kw64DPTUE8QQRIu0lboUrNRauep7guxpEpgsYV3jbTsoq/He0GE6SiwFPQiJjCTOGm4j7ScOutLpdacHI1FYR+ZPxYjzm0qXQVbg2pOLatVqn2eKERlhXTXpdhhmf7IaUB7VqvHL05Tqt/FGaJsxfXMtoeyho+c71jvmtGSKBQx2QOrhmbpzDsMgi7v4Tapoe4fTXqDqD6TRfvtCgx1O0zsGuUWM7tIvbB/BqiYZdN2ygpg+isomLW/n39pRwP/Gzo1q5oevzK00ILJ2lK8sZW2q6RbB9dNjdlLpnrX4cx4mboj92r8NZgk+pW5tcPEDiY5UXge+KJJjDKpMEvIvBWW00vPfbSwH0VIDhBoiGhHtub3HCcbykg3OKCXqv1qUX3VJGrtGxOWNaDnPMrhTztdpTXcKOHab8KyNR7m4cTs+3aIveTJFezb+saYi2beDToFcvPOF11SA0ZCh1h3GNR8cq399iEKXzrlAyKqlU81AWGugBRTrHBYHb2zvxqHdtL4VNpNgTWAcJou4IWFI1n3QNSGjs1ez6wgyQ7boXEI1UA4R+dcSqqXTbCIJcTukOTxDK0TMkNcoJSuqcIZTwhmnaD/qCboiUw2L6Kzlw6S1qPIzerdHHbbxRUPf1cxjEtHTXhyVo/nOUlpmfdzf2dImCCkUcxjSqhCUMoHBEv14FGyw4zzCCGwx2lta1Np4FBZG9k9Q87XQR4U+8uDL8OHnv1EY/me83VGzEyLc28ouWgAz9purvraZye6UQP1TH/p/g4QtzpSKm0uJDzLSB3sbH7Tc1ZuuFALY3/WYaOYJRsuHL8H1SyPZChVsNAor0lAQ6N9T7bozyXxElhoGrIpm8rzII7+uABy1Qm5AaC3McuSZgr5Z/e9C8qeSE4rnuY4N84LorVlh1tjJ4P6dzM7sJyBJAyfatDqwVwP2TfmrwCRM70V8QaqzUFpqp56bOrnO0em5T1uXB7eJ87l2u2NiUa6URCBQY5FsqGKgEP68DY0yKF7ZL6eoy9/eLZ49nSGsMhnqCiSGcppIe93oXA5LzKsVlzkhyF5/xE5QhZDQpjicobKZclUOUM3lKX8JgKie0a0HwZLJ8hjhXOabQ9mYcjYRgqSbrCaoZQsKWYztBKELGXa19oDorHeUgkhTmfnD7xAqjaDHCeHNdKx2WCR3mBBamYzVMoSojXevTj1MTg9clUuiWBEEW+f/Rf/WYBt/XtlBjdt2poo8nVJ/7JYf7RTATVAo3GHCjydYHnwJFDw1Oi2IKvyUNXkcTrnKfp09jJ8FC8LnEzXqJpilxlPybQS1BQjIhy6uA5jZKihHBddTpgxrsD7Phk7j2SY55QGi8c3adgufWwnMNmCfBv7aFzgZEMe1+rl5IV5chJx5Zlf0Tt3uNVUG9arHlILNSc0xqHrGDoXsXkaUyA4SerspDCfHSKrvNSeu1JrTYfjzcXF+UvLB6Lj+sNU/QDDnCuyaCxOfd26AydgzShhyjtEngc5Q7BbJ4ryIM4u+NBs1yG0AM43lljSBOFSbUwqkTlFs0dwQXCNLJAhyKrt7PevLsaDdnkzkKriMkiCQhPZtOJqcP704W2Y7UapYtE13ybgD3w7Bh1qjFCTudMNgI0cR4zhXKUFNY8ofP5Lnm4XkjA1h9P6oQjc8V3oowHoWJkvidAGmokRcCkzRFxDyGwjmyksthURgohb6C5HOszYDxJucm0dSg1geeqnNZbsQTTEF71n2RbZqgGI1sF+HZLms1cm0EYSva9CRVauKbOn9l6EAhfwIK4mOtHSzQa3FfzYFtvm1rHXNuZmqtbWLcUsDTQzvHSgvqDkpgDC42yAGFAoC7wdBhwD1Y77a2IKzNURgPJd8cBRUK24v0lB7QoMjoFqxwc3QR3ce8WuCOEYroBZMARWPDx4JHAWCRmO4eVtDT8E7R5YutGccUSLrz4NxqH72vNhFLo9B+Dtdmk3K6WJK7C+6n+UpeRLsxLFSMzvXZkeb+E1cW9LsuLCLFS6CcutLRL0QL/5wLxp1pvwAromPLL1OGTt/J7ws3OIqNE2mB4Da6w2RJBUbwVIijizAbh28+NiWTsND6yzhvigJbVDb58ltieV0JfXpIPSSzCMw+rJMpwMWDfvMIYnmHzo4winII4SURZJSYxhiuUlTiYes4PzshVjSMIpi5PiSOpExh3yuN0h08lvbKPwI/jQPs6Y19YH4xIPjRPG0B3lfPGL7gyRwIANWlVICGi7+dwJ70ONOCAa28DsDaObUm64dMNmrdxibph2eCM6YDdppvB6TdJ+gRQ07PnZz89gDybQ2cswNzUpN7WB4jwxZo3o/ya/vfvalscrBE/LxIu0b8jZOXbLlKrU9+vCg4hb17hzwdnpLAxDoJplw/28jjEa4+Ztz/QWd9Tj8zXlaJsiPkDHvKWs/GL4Q00q9ANXkD7h0ioEQSlPypwwPa+0sYOWJMFly+ZTG7I1L28ZzmkCK9k1FlttuxnydULGcCdywkW6aAX0Dhw+fUw94zdLF7jsTJUd9F8bhUxZu64VWN5ZapmfvaxLN1VbPigKiBTvEAUaQDUMlZGbqaEyclNBnXtSO3vZKD0VAitwQtCqhLgBR5nXrdSPrGVLha21pbYo2WBtx6N7Gb3qrtNLYnPvBefqfrzD5FjP587+kkTCnm76HpsWq+6wGuscnalWRyFFSSMlz/yDdije6rDl1icWbIIkP5eEdVxxhywl/sR05K1fOuL5TZI9VmSzp0xgP2E2IVhKnlCwDyAI3ysAGGLbXa6HGCgvO3Ueg7RvkzhVJD/oaAAIQB4d6xOQfm08G/2Vq1XMUppgRaQNjYSfeFlV4lFc4ayNq7sNgEqP9i0q0S9E8AewH/8PhK0/ga/QQ5QTzKRNozOpl0IqIBoZdw/Ht87QxGINK6ZTiTafLMFZFj2MGs9LEFlmyisu63ige7I0R7ZcoBWmWSlIRJ3eraPk0hg+c215aLv+skOy52Di6DD5WlvwBiKo1hsD81U8E6yR677unPCioztpH3fSV3af2J0b8eevt4FrPI/s4xrv1EE6oX1amw0avl2LRhEHos8aBE78GHL99on3ZnWmdHL99x/+LP/7yUlnW9eWd7XuspR86ed8pl+B18M8V7bC7gNFpHoABf/H8qfRqCzLnaZh3vj99+uXN8tPH1anf/vu9y8+Jj8vT9c3w9nLDRZpL/uq1ja8GkbxcDhDWKT233T3eurwtnO63mwMTGj9VvMiCJcV7k5v4L4NAVU/IOUZinVwgWixWNFMEXHS4lJLQn/V/jU+4RtppDu35gDf5RnZvfgGK8STpBSQmY4ZZ9ucl3JhoswWKWGUpLNWWNVCmzHwuPWW+XMtMFP674QzZi6uCD5znymcF9ocWVS1UkTJFtgjZP82H8SF1+Q/Xoym+3bL8e/gefGqu3Q6Ht3r/uJK4n149fECvTg/cx/f90dJ9Z0pwZ0Qel1baPVreuvOSHZ/BmtYtoBQ2XvGJ5doM13/TaUsrfvVsYrLrqazt9yaBdrjQ9DzG7fuU+kKLQ740R8fzx89+8P80fzp4zDkli1dbfcEZQktOmesXaDVm+ie3sDqz++bKWMmQGtaxLEuqok1XritegkxrL4dZj4xSPU4Il9IUvYKM8lKqYh4nnNGFRff5ph2mrMbainoTpww+glLwaxCnz6cRUF9u/hS4OTqW0mSUlC1/XbhiXu4e7s2rGBsDVaQbiyOkOJpRrD4mAieZbZS+HgZWraLJU+3O7HqlzqFpugKEaY3Wz1I9YdhbI0TlzoCzNwjFSwuve/SW+16u0kuI3zo359Wl+o047RDLH22xQZ3QiX23mxbT7692ylBimtgwGLszvb2tmu+Bfz9qUv+05oiCNTrflt/aCFJEoW2yjjec5902kJSMQSXoTCVnYzz5s/4GqNrKlSJMz9PMQxcJqJcLuQ2X/JsofScgFsQbqsd6BxDUSeaQwq1vQoBJRnBUAmmLJDBggBLwHvWAg5xr18B+ADcAGUn7huCrxaCrOTCOkUB/y0iv9CYZQEhSBVHgGEimAlLiPQa1RcmKXCWkWwhiEww+1qoPXnnWFzBPTv0mtjcInDGZgThosi8nAapeFF0nWb+cT+WclGyjNtb4L5CSww3GC8MDkAAxEDpJ0XpX1DSxRhSygMxntvD+dPzT2aM2/FCxIqL3NzF6BRQAGJcZaN2lHhYyGinoAc2RP9rNYKXStLUbEauiGAkCzXAUyxbeQcoKWuDRL0oBcHZ14B5AWca9oKcNmjF6xqoxv1brVKwbYHLTeEcjzIqN2GX/k/X+UKULDIF4w0ZEgVCXZn1P//tnUVjqqjb2TZDWCJsyOtRbkzuvsM9E1giF3DWs9BaJqY89kb+PRZLvG5I03K1J0yaq+2GkNKoBrJWgbC6OMxTi1hDUJxf6S42oCzOXlxe1bwmhL1Cb74/hSAbs/SuIyw3BE92avSG4ALhrLoYA7PU9Qv9ZbQtq79ZXC2jSp0yRdaBjJZhSw/A0o2vSq1e0YxDKlV8odEr061B+iQhLAcXPWD82Ik1CWfa7dFx77PUhdxBPHySlAVmyfbX34PQeXwFoR9eC34F3RmV6e7e3fKSrafs339ogr/xHt622/Ar6OMeuYbR1cE44rrBtOme+WiSON0V490DjvYY6LtnKC84a4fvNtm9hYuY7XtNz07t9eFzMk/m+fwdUfglVvgU7omEAyJ7c2jzy9jCFfTctBGZpStEsDv6+/w0MGj65sqJ6cLvT+PurrCrKzQLw7Ol0tmsu0FpYmlz6kPRE7lVWRM33UC3yRnW3bng10RsCO65aegkNrhCPd1gVE2cjN80A2dbM8f87uLiwMJ91T6A7vL//Pjhoz88ePjsweM/Xjx6+Pzhs+ePns7++OTJj5/Pfnj9Hv342ZyUGhJzC2L+c0nE9kf0+Xrxtz9vfvrbj+hzTpSgCZzHPps/mT98oOnOHz6bP3724+eHP4JJ+Pnp/Ltc/jiDPxZw8aX8/BT+1obzhir5+dEfnz75Tj/aFkR+/nFmasPBfwACHDN9/uunVx/+sbh48+qHxetXF6dvKhpwWio/P9LvwyWHn//nnyeA9p8nz//nnyc5VslmgbPM/LnkXKp/njx/NH/4r3/968fZIfoGwrpFv7JZ2wIMsdEQFPaKqGbv7VYxWsA9SMBIp6qy062PHvZrIKwYvicPH+YyBKWVcVDh0L3YB0T/PmZqxJsM46SH1UeFFYXZMIZfpF3eWOxjaYI69Fsxnu2BPLLN5u5U6LI+HBm/6e/XEZNkhJTg9vqFAdkD75V+zV0F7QXcTdBPnqLZNR1gLrj7eO1eNYLg6eORk9Fptz4MZltG1aRMjTrcyVb3PSWpiTWJAXg8DoDgpaKtFbrJ+4N5I9bN8uGjN//9+K9/uvrjTzdP12qNXys2bnrQngX5LJ1E6+zQABc9Uz/lSR8vV5gSF4J/2XpRZfZJJJ7M/tqJJDOew8r3UVFF44PIOqZJ927WDo2X9Sv+FD9guW3dltriF7kM1a+16bMFiys0goqeEXQeZdCRkD1kaQeVNui1qvhCWawuoXjM2HkntL4j3WYzo0mOzWZ6EdDmEiIvZTHlLqmtGycwtkN3yDqcM2mD7hlVtEqavDg99+KltH1jh3vwGtH+caRpFd5Y6mFbs5zvHGGO+UrAtezp4IHhPkD3uEAZXORFxH2Lpwp8gptDzBgIgOugWOLkagwI+34Qww2WSBJbHldxlGPmFR72+qQu2RS6Ogp+GAxIb3Nc/SfFvcgoj6UBFrzc0KyVN5iq6ty1kXzSHBGwYrpDX99asAcglo67iugaC8pLqdfYkgyeknW4nyY3GSaXE9bsCiIVXmZUehd6MZx1XTV9iMHdsxDNTXAAZLt4FwTn5VTZ4dKYY/b6Hb2rpRIR89Z8ICAQGQj9dnpyFA43w6zc76IfZ8hcVwm5iXqzPrwJdjYOEGbdu3Y9cGlRN0QQTyXZ2igQA2wr53sl3IDRUHBOtLePznL6nUTrjC+N2TwCJx2hYY1WtdcgmcsGmxp+p06HygGLbpGABsvGBUcuL325RW9enIMR2b5zqdvW1r6rO3Tam7/gZ82+2pAKgN0UOql47q8Op3YW2OiQuNGZX0ZPzcMlcqbM9mpnevX5fXszvAYfqUZu1A8z7M1OGsyyP/9oR+5Rf95Rg88HYntFIqy/MMf7VTLtkMSj3Zliewm6cRNHS8iRBLnh0g1XoBmWPjWYi+u7Vou6ayIRud0wLaRqhiW3BgUzt8DZ5cEkemtTDu4iIc3ncJFpQBfWijJqQVWT3y3yMKxht+F9DSHi19WCEMhgHrrpaQaqX/cmTrQXr4QzyDxhqoGNN0B1paOlZlR8+8wwvAfu7lKmA1ltYyZEaZfnCUBuMEuzuvy+2+5MiLVjWu8LVSqaZW5Y8oYVNSFcay/2KjIfqbNJ7XeIfCmIoIQlTqhU1qgAptjaaGX7dXuHGMXbhpqHLmXsMzf0ByZboTEwtelXlR+8d3F6jriAEr/3Oyw3SkVNjPOMaAMKp6n/fKjCQF1zp5FvD4WO484LG14vSIa97VWjuHPAUzHunFmr71KGVo0GFGBq3jUrRHVxbWPTN6Cjw+sjLlQpiN5g8Ss6stLOe/gFZ+hEE/s/UG3hBBGwRmx5B+Plwg3f1wbbq20NT7coOMnOByLeEJwSMbJ0QnVDifm4otYGgdKSOAkbs6e2pk/sR/XLhtoJ9BPJbZi1PyvC3dOYXcGB2k0hGj5Ou9/uM0y/6gCxCnjj38+M3TABS5Mq6Zp2x+PEZGsNGybm3YlHiTdO8I3LZV1ktBMz0rLXbIixP0qQ/sr3c5j6fmrD01n1jjbr/cr6rkz6btA90MHJY1bhRX/dGnPW6IlekBxTGCGVbWnd1TPnZpZeJZmgc8iFYi+JuiF21TdVXJZbRVqpbs0cWYiCcy5U93alEWqnaUg6u/UyyAU8mHrY81ItUqzwLhGN9YLVnl+pl26MVmWWNde5GVSrB6Nef6lRHN6mCZvRxGz6qSpwZxece40mLHm6vY/wShHR7m+/g8e0smphErVntCEEwXngG9lj49M6EQs73KMhXkMFHJoQOElIoZoDPsl4wwaK+N9/FSjtgTBNKFtj7zz4DB5EjoPNj/11RSqK4X4cVVAkJcvyoOKOsdt8bEOA/qhCsiucwBWt+/o0uovqR5OuCiW/sKrjR+FmOgPTulJ31pd1JWmnAxe6avgEpHYyQyeMK5oQ/T8/zmaGTm6wYJStT1Cg8PxJIqiiCc5O7roSbcUR0wMyqncOMk3+OMb+l48xyAwrpzlRCA8zy+E40v6XjTS3kFPpr+JnH4dXej47+1ilSMDQCS7rNH6dZwS1X1m5wwN99Vv8NIQ97u2zx9VT3tt3Ue8ydt3dd7wer8EWwoptSYbb4Q8c7C4eyrhgFrn3rRPq1ZNKMgIAxIf15Qf/qq9zvIVbLi/qPeuu2XJnV/Hd9dWJEgqVYFUOvjVxKHNZLj1He5j7DWVPHk/P/+/m0m+0k79z84U21dNMytCGO9ITVJFbmJ2arJmdei9PmVR4V5HwcNTjBFiYF2VglzE4eXNhkm6dtz7tGyzre0giyfN3eOtp0IV/qLoC13Ud5mt89dJUp6ycaf3Ly4ZLNX3faarW5w58+jH8Rm9kBdiVy/LXBN1okzjy45Wuh6Tnh650LY9Xuqrjla7HK113wjpe6eohOl7perzSFf4dr3Q9Xuk6clAer3QNiuh4pevxStcez/z4O13v2tUI3Cd2AlvmO33Ad3soYblP3HbLfGfb79JZdDyOabC9a7e3IFhytig2IlZG/lCnv6aPDP3oiVR5Gw5fOK30Ck4XnGc9KVdHW/BoCx5twaMtOCGW2P10V3h15UeM/kX/HYk2gd/qu9BDgSWOHDo8XPTAm8AN2IyvIfJ/sB2qaE6kwvlIJeuqh8OndXS2Yx9JWCbXpL3S1zWg/v7iww/tcpPDIooM4bsOlkMNtRiqt3rQsnpaBaN5dUDs/dpa/hEgGe5cp7Vv4+HiFCA4CgJcLT7V4o7QBdxUTlnPeBuwmgbEgqZRPC0pmYvV++SEdo5WtMvPNwAWQu9saYsC1yWcAF0czqrMRvscB2GBq5XLLHPiafemU9Z0iZmvrc2DiLo2P/bH91cU0W9WYU96O8BfjMx23xDQLk1wIN9Tm78NZPVoNECi+9b2FfiGtbnhpvWTebgIVhDM+FoqLP2Lad2jyKByP/cPK48umnxgWaBvPaBNMYwYdH5Uq55yjugo39W0a2rkpF9PjBCjPmPiwF1rZUo49Wj5z1xuszC7ekjLfcvXT38yr8eiX92ImRCioYm4sEvMTXWPaOv62L7bWSbquHA1RFEyZvJNNSsPoJbuDngZXy+gHcNn+w6MV8RcbmDOrCBafm3KmFXYA0nHldLr1BkfPeG6JI4z6zizvvrMis+q8eg+4BuUlnlRnWO7M+IukyraBDxjEzsaG0VigUEfb9W9kvmQEWOveK15P0dnrCiVnKHXcEG3nKH3pdJP9Jg65SlJYvc9cX61oCxUm3t/R/QrKGMP1aLgki+bbuVclEOCgR0uhlknyuXWYAGzPlS2OwsscCRYevyI/miupjSLRKNXUcLZiq7tZaK7AS2Ci9Rh69eD/2wia0Ay+Q62OlM73mLQf6xpnHO25unSs4ztk+GpWO/0By//tDsdq+aFxqRkNc1Xj9vOnKwDF/HAwW8MQQjFjqzAXYPTflMvoKHFu/KjnTUex1Rcv6NqB6LXJYN6ADhDCVZkzQX9xd58tAPc6ft371788HIkRNaZ0QMMH/JF7YRDGVWYpabC6ChQIbJDjAzrg+l1X3lazM3Nrfw582bmu+3Hv74dPi81K/ikOTPlhgu1MNrkOVKijO1uHXu0b/5kBADqmbHTh2o0gYyP2PiannJj4i1o2KAcv+y+gGB+0/Lv5r+fP7aGtyunYyxKms7Ray7sezaUQKJCUA4VZbwvOxxAcjBX6xh2W32RRo79dxwH2Lzlnob2bzXu+jxgwk3kjrGsOYwayoGEgQENNcwgEBTKeyVw95vJhYfE03gq0HhmkOoD7az3OT2sXS/Eok074QVDghjqixamA2JygLVCmE99mW9dXKdGo2342UEX+mY8uboVvDjnpc0ya2K+wVSL1O0NNACtfZakDquYawodqsZKpvKg9gp+IyFrbCLV20ys0tTrQnjWbO+ZPIBGK0XKyFSLQQCRTDAbBii2Ch4CpmT0i7dGKnxFWK3jLj++uqh/vewD1738a1jsXnUnWER5TCl5ryTs2ctqkFvu1t5ja8q+ePbeD/rvcfYefLKnvefYo0PsvQAA9NWrZtRA9qidUcWFLfQGITgEsBB45IB7wcxXprag5uAtNETO0ZmCCDK49wAtSYJLCRcUmjPk3FxvYeo6khlaEklTIr3aeB2ONflZg5XpK1cOM6NXBF3+3wevubjBIiWp/t/lHH0kBOFMmoKYl5VMLkPBcrcY3HzaCWw2h8hQ6a8olxlNOgt2EzH04qUR/hydrRDj9YcdfrWUsHCFQJW1mgO2rsUh6DVWXcshBKTLEYBF7bVfbdGMY1Rxg+1dBnjfdUTzbzTj/s4KrxwT5qdOmP90TJg/JswfE+aPCfPHhPljwvwxYf6YJBWS1zFJ6pgkdUySurOE+dopN/4QduLYRHPppwmsuEfm67mBNEOuMPL9SBDSZC7h8+qQlDBFV5QIdO/87GWEr5rQFW2PfB3bWCJTdfnDZKxPaw/4LvbTn9YS/5pX52/n0p0cOI/7e/Mk4nO3vm7ypeBC1ccml5bOZX/OYM0NHZ4rIIgss92Xj/ROUXAqr8JtMvRRTpTQS7gaOlGn91b6i6493NxgVRfnNL5ZiEGNeFuSwKJ3AKjXXCDKEgEXP+m9NlZ4hnIsriB6WFtRJn64KiSK07RziodMUc2cX5MUnP8JZmhJ4LJlvkIn8M3JDJ3Yd05m+oMTyXAhN1xFKrdvuFSLenZN2xOernL6HI7rG3VU7Si3JjCVLny5u+T9oE3PLNtWhLorY+VEYvQLHEZPpIo+NU8e7eiCMeSfmiNJWWKDwQuebObok7Qn1AnPi1K5U7fL//IOKhOelXmsbivOCEuxCDam3Lt3bCCrcPf6VlF5xlLNMndBOs0JHI0bs9/Od9tl1TFkwaVaC9KMPTs3D0cHoNXf7Xkq2UCD9o8bbQK57dDR9rFoTAzu368mAo3m5Bfef/FcnNUvVntVbL9OmFttTEWMGUGmNGMEiXEKOJjryDac5pSNimtzmQ4dspVvGSu87FaRqXnmWxPIPZplkPKwCL7XLy5evJ06fi8NheL3RSLVeJ48nD8cBeeli7HnK4THxp3UfD++evvq9AL9O3r94f076EP5H6Nw/NXe6mDvmLyrwEa7KgiSNm5r+aD/jqwF8Ft/6qwjh+48IduArbTyQKU83VbwwouZPXvpVm2DKnT3cx0jNnUunKbY5O9q9s/RacM8vcyxVERcztClzPA10f9JNjRLL9E9bQF8ePn62xfvX6MbYe53hN/uz0I28KU2WCgj2eXwcOGp0hI7zYJMUd2YayKWXEK7zBVLl2B/X9prlSJYb2UydqhOGGH80YUQQ7iLuav8Wpu42lowQ+CaYoQRI+qGiyvPMTDUeknyMUEigyLp8hyzFBHIKYudO7sFYz7Z7R5vQFRsjaiC+FqkuMNg7WyDC5LsEtGfzjap9qi1Rs9idUUmvJRMc70i2+bWzwlAb3n7OweLKYtZQFSxWJd6kZTmcukwqARnmYZkVzRzmuQtaR/hwfD9jSGw576m4o4OCbcMQUB98Zal2ky5r3lLWfkFqNbZYF89uwbu+sVpjUrj6a/UFLmoZGCGAvik9uBaCL4WON/fPtib8aT65rxWOA4Y+OSkK1O1G9D0K+WgHLvDMmHAbVQngdSORxPvJZHigSRcn6+U7ViSvY9y7UyU5u7KRK9GHz++0e2mzKCSw85R+2oFDDhO0oJpMW6bVScv4EZn4898jWlWuTPP2DXOaHoy994J8MgJZhJhJEsI516VmWE3rynYd2zH2JgUG67mMqerY+0ACxtaUOFr06ubiJUieaHQBku0gpfbcu4NkR0h0lY4ro16bQu3wFLqRfMEJGpCm6/I9iSGqhNN4AZh4IdBUOvi0618qaa89Aqc4+5hcGWxCV4UJO2Gj0+MT0u2NmNtF2vzlxeEmZvK8pykFCuSbR2qGOhAOeneAJ0xgKGo9EEilXTNsCpFd8APwlF9XrmSLTATPn9FtjHGoaCVPl03ANDo0JVLO6X1LJpHMhfMv6ljWMJRLPE4lhGRLLvP/wdFAIyKZxkWI3F7yKjqjDM0OITk1mAZtr3S2h3/Mxm63VFAg+KAhkQCjZDX0GigMfEvk4ksGgXj45Flym/RYjN2WpVO7AIKNNdLt3UdacW1QnfMv8orDWbRD+8v4JSzTDkR3bjcQWtDI6BCU0uwNEuUJlttu/sNJNW5KH0g94uLf3iLYoMjjTkfvEX7Zk+jLLHlK1MqSKK42B4AIpiMUPWT4HxPW1xhsSbKblO45wlpA5Q3VCWbwNG8VyQmDy1vw0TV8tKBH1FD2LFD0rhxGt6t3uqcs4z3nHbB1WeQoOpsvCWhbG2CRaKDprOPH2xt9rE/exk15CZnCJ3Yw3ETSksYQFd/h1Y8S73wFEZuoIFR+3hDApWOBzBLyQqXmTIEetgFhzhI4E7GuOP81Qe5bzhpKQGQWxhzUQC1xyrA3nPJ3lbFFkPac9fesYfU4vnqPtIhfG/JSzqIdWfoTeEOHcL5KzpE7fGHEpis6JV3/nFhnowL8LIf7a7+V/NDh5x4BPmhOykx4aAcUmQi2OETlUoIcu6NpBl/HuAHy4Dr38gCgl9/g1UNANxtBNCemXzlD69P0aOnj57YYFq1bbrWIqrhWGnhWGnhWGkhIrRjpQV2rLTwq620sCxpFuI5ESYgP6rIwrHyw7Hyw7Hyw7Hyw7HyAzpWfug5Pj9WfrD/jpUfjpUf/r+v/NBEAtvwBYziCTe5XvFhw0EG2a8EZ4qwNO4j2s8f6s9hxwOUTninjZMrDSLm5NiBIYigFNVFWJa8PT92jg8KvkVTh/Wb/xcAAP//dk1YzA==" + return "eJzsfe1z2ziS9/f5K1C6D5tcKRrnZbI7uXquLmvnxbt58SbO7LOXTckQCUkYkwAHAG1rrvZ/fwoNgARJkCIl2p55TvkUU2T3Dw2g0Wh0Nx6hS7J5gRK++g4hRVVCXqB3fIWWNCEo4kwRpr5DKCYyEjRTlLMX6D+/QwihY84Upkzqb83rCWVEzr5DaElJEssX8NojxHBKXiDJcxEReISQ2mTkheZ8zUVsnwnyS04FiV8gJXL3YoCv/ne+JoblUvAUXa9ptEZqbRCgayyRIDieofM1lQYMNAXQ6tfwQvIkVwRlWK2R4vBQ05sVHF5zgcgNTjMtkIvvr7D4PuGr7+VGKpLOEr66mH1XaR9fLiVRlfYlnK0ajVviRPZtnaEJ6ATJuFAkNk2UCgslEVY1ECmREq+qUlbkxsGiK8YFmeMFvyIv0NGOgrejAvFlKXMtb9MZ8MiOiBo6qQTBaa8h0ENKepQaiuh6TRhAoGzlepoIDUNOUYQZWhD0B6linqs/IC7g/0SIP1ThZYLLjESKi5kG1y2dTJAIK/34+ezpdplRluUK2lwfsuRKy1KP2RVhRGialYFLJYIxYAbpFU5ygjRMuqQkLngsuYDfLzSLC8QBBKIMHhrmkkTw0Hbba5qQBcFKy2tJbX+hByevzj69On55/urkBZKEoAv4GARy8bAqr/KXHQfS70Qo1VbrYTZXNCVS4TTrbuQpQxGWxPJbEalQRjMCMybDQhKjjgpq1Rlk55mcIqqQVFwQWVDW73BBV5ThBF38V0HhAj0QemxKwpSeDI68mSKOckVNPjQSoSVxkHGt2VoSkqhZyuM86dG3hSTNB0itsSo7E/iZXm7ho/8awMV+1puNeRZjhUul3YeP/aI3H7mRCV/NljiiCVWb8ZYHSxCRGyVwpDEUYycTlAuqNmEo7tfRoDiCbg4ZPl3SkOSK6C/mCV6QZKz1QGNZ5yk2KwFeJAQ5Rt2dcuswHKNZY72JiJSzTPCVGG9d1AA0A9cflnwbcxqPNxJo7DEF8qFZ53plNL6OoGMeHHpEXNGI+HolJOkWLp/N10CrRliPpIRcdQ6gdgtmpZU0fB4gu0zwSm5rftjChU+75AHzEEzyGY5jQaTcCb8165GlEWqEXkK1nb0XfU0gOJgiQbQGrhCPsdoyairfViWnP0acBY0R+8GsWNj5siBZ6DxpVgMqO9ZctNgUa4qhxtMMCyo5KwiWi7qm5U0qvd6ELQbNY4ZOl2jB1RphQRCNtSEQ4aQgy1my8WnLNc+TWFvIuST1Vd/IyTPxBvTeS2PZreiVlgI3UrmkDHSElSnI2Bromj2YbCvB84yyVQ3LWqlsJojMOJNkJhVWuZxHPCZteqQF19vz8zPk6CCPjtv8Fdu+Z0fPuiCQBGeSGGNwIIZX5lNjmi2Iuiawgfkl1yYiZnGJjzKU0iSh2lLlLK7PsCoiazHOE8JWtQm3HdOx3daZj53uqEprweP6KmYRAPRZStSax8PHyifbdPN9XXWDCpiTqKqiYJjYJ77DwdugZKW9DJ94D1qAIHR65pRZYdAYNfmd99KxGbKcaSscpXmiaJYQdHp29Uw/OD27eu6oEFl8Way9XKgaMq97OrCdcaFaUDnaK8JrpH05VWl7lN8QnvAIw15Iz0FH3f1eFXDJTo84yvSY8xbWts7vbBtCHzyjpaDrib3kmTMlNnMquT//d+R6bKih088fkdECDYZOMg1GK8LnGadM9WP1jrMVVXlMYIonWMEfAYaCrChnI4j0ExDyzZaKILXxuz+TY216tbCwLRmnq2xraj3lWMVEKsr8jtqmJ4KaIqArOkE19YUHpKI0dlUbLYojqDo6ofrqIwwypEXCeqRVkzR1SYVV+Vq9L3oolfZR09nu7aqll3LZmXuHiulUMl1qZgvLrapmm7LZubFhldOtdHaXbED19FE++7auRQXlkog5XpGip+yByhdJBPKfd2xmSxp2hiDGRYqTZKM3CdZTitFC8GtN1Vle+lu9AVakHEFyza9Rnmkb8pos3BYY3OKalt56lk4jLLRBmhdIkVQCjHBfXn10qXNLepKDDe4LRG4UYTGJ91sFvjCL9YoI6fluS8EFFFpMdNNvC5KvXrL1RuoNl2UZwGJx3xaYn6pi2Y4nxT9zMQBN/wXnvaYc6ifU1k8pZbeFRVMehCXDKlrfVi+daeKD4NR05nA0xb72eC14hVbPod0Jj8vZ3gh74uAZERiON+xxbBDNMk+S+kIzKqTXeZJUPK11XOgBZVGSx0S6jn4Yhnq3GqGf+O5YK/QEdbfqoQVUsdyLpHs9//LpnVvEM8GvqDbHwNWXEEX0r1N0TdUayWhNUjJFay7VFCw28HeCPfDl07uCHl/8TCLlHGaCgMuMMsTVmgiUCbKkN0ROkcyjNcISXWiCs1wks3+/0KZ4Qciqghn6KyGZcScokUcqF2AfSyqV8c8RRq6IQBue69nvNajon77OGA2lMhvDA7m1i97a713fWMOnbOyEJFgqGs0iPvH3GacMSW04RVgSiTC0IcUbJMiSCKQ4wgw2cSz+ngvYYqGYChKpZGO6h+cKYX8U8RRTa+Fq6uDY1NSnAMzbEF6Da3XF3UH1hRPCResZa/eAeg0xL9URFROFaSIRXmigBEdr/9h6iOXmeen7TK4tOuisEVvTYCjpr02XQNechfbrr/SoX2wUkehBEREAnm0cxyQ2nnd77O8dbOt/FxrLhVPE/4ZeJhRL439XdGEOVY2AKn1jPOGV028DF+vv7RMtwMZR+Xc2xGpBsCpjrP5s/uqKq4p4mnKG7Pk29Dm+wjSBM0XKEE4S60fXSCqBVxXocMjQ7zzdn2AaIZKExS6OIOErF2Ak4ZSheAs+8+QsiXJhFiaQIhfWHUATM0uYOUE3kRtUmrMHTZMq/SfjyidmJpabPOX75xy5+KgCxxQUFcw2mGml8qyEfzRxzZpCq+msrhNfhw0OeFQuGIFDnqBZUDldAuCe7ETOWLHvqqBRNCW/ctYDjXvzNtFUbZYOMLU1FYZz3/CJSXlQNanMOu+ILxh1tNR7ZlV5rzB/X+arXCr05LlaoydHj59P0eMnL57+8OKHp7OnT5/0k645OysO+Mw01BNEkIiLuBa6VG2U2nqq+1IsqBJYbOBdIy276OvxnhFhOgosBb2ICcwkjiruIy2nxvpSqDUnR2NR2Efmj/mAc5tCV8HWoJhTi2KVqp8nClFYIc11qe2wTH/kNKA9q9XjF8cx1e/iBFG25Hpm20NZw0fOtqx31WhJFIqY7IBVQrN0Zg0GQZd3f5vUUPePJr1BVJ7Jot12BYa6HSZ2jXKLmV2kXto/A1TMsmk7ZQkw/RUUzNo/zm7q0cD/ho7NqqbHrwwttGCy1hRv20rbVNK1g+uqxuwkU7zrcCY8j92RezH+Kkwi/crM2mFiC5OUKDwLfFElRplUmEVkVgvL6aTnPprbj1pI9hBoiGhDtub3FEdrykgzOKCTqv1qXnxVJWrtGxOW1aPnPMrhTxtdpTXcIOHab8KyNR7m/sTs+3aInfDoEvZtXWPMRTNvBx0DuVnjiyapHiOhQaw5DEo+qdZ+uxCFL53yARGVyqeYgDBXQIoxVjisjt7bX41DO6p8Ku2mwBpAOI7n8MLckSx7oNWGbpu9nllBoi22Q+UQqoJwhs64lFQvm2ARS4jdIdGTKVpFZIq4QDFdUYUTHhHMGkH/rZqgIzLZvIhOTxwkrUeRm9XbOWy3iwse/q6iH5eGmvDkrJ7MUhLTPO3m/t6QMEFIg5i3KaECQS4fESzVo8fRFjPOI4TAHqelrU2lgUNlaWR3DDlfB3lQ7C+PbvoPPfuJxvKG81VCzExr515Rcq0BPCu7uepqn53oRg2UM/3E/R0gbnWkVNpciHiSkDLY2fym56xcc6Hmxv4sw0Yxi9ZcOH6PilnekqFUwEKDvCYBDY12Pdmiv+TES2ChccimrCrPvTj64wLIFSfkBoDexixymijkn913Lig7IjkueJrj3HZeEK0tG9wqOxnUvZvZguUUJGH4FINWD+ZyyL41fwWInOqtiDdQbQ5KVfWUY1M/3zoyLe9h43L/PnEu12ZvjDTSjYIIDHIsojVVBBzS+7ehQg49ILPVDN386fn8+bMpwiKdoiyLpiilmXzYhMLlLEuwWnKR7ofk42fkCFkMEWGKyynKFzlT+RRdUxbz6xYQzTOi3TBYOkEeS5zSZLM3C0PGNlKQeI3VFMVkQTGboqUgZCHjrtbuEY31jkoIcTo9e+QFUtUZpDjar5GOzRqL+BoLUjKbolzmEK3x/uWxj8Hpkct8QQQjinj77L/6zwJsy98LM7hq05ZEka9LupfF8qOtCqgCGg07VODxCMuDJ4GMx0a3BVnl+6omj9MZj9GX05PwUbzMcDReo0qKTWY8JuNKUFNsEWHfxbUfI0MNpThrcsKMcQXe99HYeSTDPMc0WDy+UcV26WI7gskW5FvZR+MMR2vypFQvk5fmyaTFlWd+Re/d4VZVbVivekgtlJzQEIeuY+hcxOZpmwLBUVRmJ4X5bBFZ4aX23JVaazocb8/Pz04sH4iO6w5T9QMMU67IvLI4dXXrFpyANaGEKe8QeRbkDMFujSjKvTi74EOzXYfQAjjfWGBJI4RztTapROYUzR7BBcFVskD6ICu2s29enQ8H7fJmIFXFZZAEhSaSccVV4fzl07sw27VS2bxpvo3AH/g2DDpUGaEmc6cZANtyHDGEc5EWVD2i8PkveLyZS8LUDE7r+yJwx3ehj3qgY3m6IEIbaCZGwKXMEHEFIbOVbKaw2JZECCJuobsc6TBjP0i4yrV2KNWD5bGf1pizR60hvugjSzbIVg1AtAz2a5A0n70ygTaS6H0VypJ8RZk9tfciFLiAB+1qohEtXW1wXcEPbbFtbhl7bWNuxmpt2VLM4kAzw0sH6gpKrgogPM56iAGFssDrYcBtoOpxf1VMgbk6AFC6LR64FVQt7m9UUNsCg9tA1eODq6D27r1sW4RwG66AWdAHVnt48EDgrCVkuA0vr2v4Pmh3wNKM5mxHNL/zaTAM3V3Ph0HodhyAt9ulzayUKq7A+qr/URaTm2olioGYP7oyPd7Ca+LeFmTJhVmodBMWG1sk6JF+85F506w34QV0RXjL1mOftfMN4adnEFGjbTA9BlZYrYkgsd4KkBhxZgNw7ebHxbI2Gh5YZw3xXktqg94uS2xHKqEvr1EHpZdg2A6rI8twNGDNvMM2PMHkQx9HOAVxkIiSlpTENkxteYmjicfs4LxsxTYk4ZTFUXFEZSLjFnnc7pBp5DfWUfgRfGgXZ8xr64NxiYfGCWPoDnK++EV3+kigxwatKCQEtN18boT3oUocEG3bwOwMo5lSbrg0w2at3NrcMPXwRrTHbtJM4dWKxN0CyWjY87Obn8EeTKDTkzA3NSo3tYbiPG3MKtH/VX4797Utj5cJHueRF2lfkbNz7OYxVbHv14UHLW5d484FZ6ezMAyBYpb19/M6xmiIm7c+02vcUYfP15SjrYp4Dx3zjrL8xvCHmlToA1eQPuHSKgRBMY/ylDA9r7SxgxYkwnnN5lNrsjEvbxhOaQQr2RUWG227GfJlQkZ/J3LERTyvBfT2HD5dTD3jN4nnOG9MlS30XxuFTFm9rhVY3klsmZ+elKWbii0fFAVEijeIAg2gGobKyPXYUBm5LqDOPKmdnlRKT4XAChwRtMwhbsBR5mUr9SNr2VJha22pDYrWWNvx6EFCL5vr9ILY3HvBuXrY3mFyqOdza39JImFPN36PjYtVd1iJdYZOVa2jkKKkkpJn/kE7FK912GLjEws2QZJfcsIarrh9lhJ/Yjry1i/d4vmNoh1WZLOnjGA/YTYhWEoeUbAPIAjfKwAYYttcrvsYKCeNOo9B2rdJnCqS7nU0AAQgj451CUi/NpyN/srVKmYxjbAi0oZGwk88LyrxKK5wUsfV3AZApUf7FpXoVyL4I9iP/wfC1p/Al+gIpQQzadPoTOqlkAqItoy7o+GtMzSxWMGK6VSizSeLcJK0HkYN5yWIzBPlFZd1PNADmZsjWy7QEtMkF6RFnd6vo+TCGD4zbXlou/6iQbLjYOLgMLmrLXgFEVTrbQNzJ54JVsl1XzVOeNHBnbSLO+mO3Sd250b8+ett4CrPW/ZxlXfKIJ3QPq3OBvXfrrVGEQeizyoEJn4MuX574r1ZnClNrv7+4S/yv59OGtu6uryLdZfF5Kab86l+BV4P81zaCruPFJHqERT8H8qftkZlWe40DvPGH9+sTq4XXz4tj3/64Y8vP0e/LI5X1/3ZyzUWcSf7otY2vBpGcdSfISxSu2+6Oz11eNM4Xa82Bia0fqt6EYTLCnenN3DfhoCqH5DyDMU6uEA0my9pooiY1LiUktBf1X9tn/CVNNKtW3OA7/KM7F58jRXiUZQLyEzHjLNNynM5N1Fm85gwSuJpLaxqrs0YeFx7y/y5Epgp/XfEGTMXVwSfuc8UTjNtjsyLWikiZ3PsEbJ/mw/ahVflP1yMpvu2y/Hv4Hnxqrs0Oh49aP7iSuJ9evX5HL08O3UfP/RHSfGdKcEdEXpVWmjla3rrzkjycAprWDKHUNkHxicXaTNd/02lzK371bFql11JZ2e5VQu0tw9Bz29cu0+lKbR2wI9/fDJ7/PxPs8ezZ0/CkGu2dLHdE5RFNGucsTaBFm+iB3oDqz9/aKaMmQC1adGOdV5MrOHCFQQnnTu7idnHV+Ie4aMWPBOYKYpekbkpIMTFZgdYPOneJk0+6Tf0pqvs31KgC6INo4Y4CpF9RZNLusAMz7XkJ1M00SuknOM4pWyCvgXxYiHwpsVrEbDzmlL0jVnzieluPRnJDYnyzhEZJblURLxIOaOKi+9TTBtjYrtgc0G34gQVQlgMtin68um0FdT385sMR5ffSxLlgqrN93NvpPQ/I/CsDRpt6fdT845dDUzyhxFmV28vOX/05Ojxj7Ojx7OjZ7rDK0+eNp48Hz4KrHrpvUY6dTRgDBwnBIvPkeBJYovF7zLj4cP5gsebrVj1S41aY3SJCNP77Q6k+sMwtsqhWxkEaK4SC9YX39X6KhwfzTynAccob46Le5Wqofohlj7bbI0b0TI7+1vsYY693ivSiu/NsWEx1Llxezt2fxP05tjlf2o9FwTqdb8tQTWXJGqFtkw43nGrfFxDUjAEr7Ewxb2M/+4v+AqjKypUjhM/VTUMXEYiX8zlJl3wZK70nICLMG6rHegMQ10vmkIWvb0NA0UJwVAMKM+QwYIAS8CBWgMOoc93ALwHboCyFfc1wZdzQZZybv3igP8WkZ9rzDKDKLSCI8AwQeyE6dWobFRXpKzASUKSuSAywuyuUHvyTrG4hKuW6BWx6WXgj08IwlmWeGktUvEsa/pN/YgPLOU8Zwm3FwHeQUsMNxgvDM7AAERP6UdZ7t9R08QYUso9MZ7Z+Izjsy9mjNvxQsSSi9Rcx+kUUABiu8pG9USBsJDRVkH3bIj+V2sEz5WksdmPXhLBSBJqgKdYNvIeUFJWB4k6UeodzF3APIdjLXtHUh204mUZXHMCUKxSsHOF+23hKJcyKtfhU52fr9K5yFnLFGxvSJ9AIOoq7f/lp/cWjSmkb2fbFGGJsCGvR7nZMHSd75rYIjmH47651jJtymNn5G+wWOBVRZqWqz1k1FxtN4SURjGQtQqE1cVhHlvEGoLi/FJ3sQFlcXbi8gonViHsFH315hjirMzSu2phuSZ4tIPDtwRnCCfF3SiYxa5f6K+DbVn9zfxy0arUKVNkFUhq6rf0ACzd+KLa7iVNOGTTtS80emW6NUhfJERm4awDjB8+syLhZMsdOu5jEruoS0iJiKI8wyza/PZ7EDqPLyH6x2vBb6A7W2W6vXc3PGerMfv3H5rg77yHN/U2/Ab6uEOuYXRlPJa4qjCtumc+mzxed8t884yrPga6rppKM87qEdxVdu/gLm77XtWzU3p9+IzMolk6e08UPsEKH8NVoXBGaC+PrX7ZtnAFPTd1RGbpChFsjv4uPw0Mmq65MjFd+Oa43d0VdnWFZmF4thQ6mzU3KFUsdU5dKDqC9wpr4roZ6zg6w7I75/yKiDXBHZdNTdoGV6inK4yKiZPw62rsdG3mmN9daCRYuK/qMQhN/l+fHD3+06Oj54+e/Hj++OjF0fMXj59Nf3z69NvX0w+vP6JvX81huSExsyBmv+REbL6hr1fzn/6y/vmnb+hrSpSgERzJP589nR090nRnR89nT55/+3r0DUzCr89mP6Ty2xT+mMPdp/LrM/hbG85rquTXxz8+e/qDfrTJiPz6bWrKA8J/AAKcNH7925dXn/4xP3/76sP89avz47cFDTgwl18f6/fhnsuv//PPCaD95+TF//xzkmIVrec4ScyfC86l+ufkxePZ0b/+9a9v0330DUT2i25ls7I1ONpGQ1DYS6KqvbddxWgBdyABI52qwk63PnrYr4Gw2vA9PTpKZQhKLemkwKF7sQuI/n3I1GhvMoyTDlafFVYUZsMQfi3t8sZiF0sT16PfauNZH8gD22yuz4Uu68KR8Ovufh0wSQZIidwogecGZAe8V/o1dxu4F3M5Qj95imbbdIC54K5ktnvVFgTPngycjE67dWEw2zKqRmVq1OFWtrrvKYlNuFEbgCfDAAieK1pboeuH3fBGWzfLo8dv//vJ3/58+ePP189WaoVfKzZsetCOBfk0HkXrbNEA5x1TP+ZRFy9XmxRngt9svMBC+6QlpND+2ggmNJ7DwvdRUEXD4wgbpknzet4GjZPyFX+K77Hc1i7MrfFruQ/XL7fqswWLKzSCso4RdNbKoCEhe8hSjyuu0KsVcobKaE1C7WGDZ43sioZ0q81szXOtNtMLgjf3UHlZqzF3eY3NOIGhHbpF1uG0WZt3waiiRd7s+fGZFzKn7Rs73IM3yXaPI00r88ZSB9uS5WzrCHPMlwJu5o97Dwz3AXrABUrgLjciHlo8RewbXB5jxkAAXAPFAkeXQ0DY94MYrrFEktgKyYqjFDOv9rTXJ2XVrtDtYfBDb0B6m+NKgFWCpzyWBljwfkuzVl5jqopz10r+UXVEwIrpDn19a8EegFg67jaqKywoz6VeY3PSe0qWEZ+a3GiYXFpgtSuIVHiRUOnd6cZw0nTVdCEGd89cVDfBAZD1+m0Qn5lSZYdLZY7ZG5j0rpZKRMxbs56AQGQg9NvpyUE43Ayzcr+Pfpwic2MppKfqzXr/JtjZ2EOYZe/a9cBlxl0TQTyVZMvjQBi4vTzBq+IHjPqCc6K9fXSW0x8kWiV8YczmATjpAA1rtKq9CcvcN1nV8Ft1OhSPmDfrRFRYVu64cqUJFhv09uUZGJH1a7eaba3tu5pDp775C35W7as1KQDYTaGTiuf+anCqJwIODokbnPxn9NQsXCVpzIS/erJfl9+3M8mv95Hqh+0pfD0T1Hqz7E5B25J+1p16VuHzidhekQjrL8zxfpFP3Sf3bHuy4E6CrlzGUhNyS45kf+mGixD1y6DrzcX1Xa1FzTWRiNRumOZSVYOqa4OCmYsA7fJgcv21KQfX0ZDqc7jLNqALS0XZakEVk98t8jCsYbfhfY1MDoBbEAJJ7H03PdUw+6vO3Jn64hVxBslHTFWw8QqopnS01IyKr58ZhvfAzV3KeCCLbcyIKO3yPALINWZxUt7A4LY7I2JtmNa7QpWKJokblrxiRY0I19qLnYrMR+psUvsdIjcZEZSwyAmVyhIVwBQbG61sv67vEFvx1qGmoXs5u8wN/YHJVqgMTG36FRUoH5wfnyEuoMrzwwbLtVKtJsZZQrQBhePYf95XYaCmuVMpuQC1rtudFza8XpAEe9urSn3vgKdi2DmzVt+5DK0aFSjA1LxrVoji7uLKpq9HR4fXR5ypXBC9weKXdGCxpY/wC07QRBP7P1BwY4IIWCO2wofxcuGK72uN7e3GhqdbFJxkZz0RrwmOiRhYPaO4pMZ8XFCrg0BxTpyEjdlTWtMT+1H5sqE2gX4iqQ2z9mdFuHsqsys4UJspRP3HafPbXYbpnQ4Qq4DX/hXd2A0TsDSpkq5p9zxOTLZWv2Fi3h15lHjjBF+7dOZ5QhsxIzV7zYYY+6ME6a98P4cp8ajWPJ4W72iz3r9cwVXK3w66Azo4eWyCaHfpInPW6IlekBRTGCGFbWnd1VPnZpZeMaGgc8iFYi+IuiZ21TeFfBYbRWqpbtU0aYiCcy5U93ahEUqnaUg62/UyyAU8mHrY81zNY6zwNhEN9YKVnl+pl26MlnmSVNe5KVxYAEa9/lKj2L9NIzajitn0U1Hj0C44DypNWPB48xDhpSKi3t9+Bw9pZdHCqNWe0YYQBOeBb2SHjU/tRCzscG8N8eor4NCEwFFEMlUd8FHCKzZQi//9N4HSHgjTiLIV9s6DT+FBy3Gw+bG7tExBMdyPg2rKxGSR71Xfs+1CJ9sQoD+olvASR3BL764+jeai+tmkq0LVN6zK+FG4nNDAtK7UrSWGXVXi8cCFbpuegNQmUzRhXNGI6P/5cTZTNLnGglG2mqDA3QOTSFBFI5xM7rsYccER0z0yqrcOMk3+MMb+l48xyAzLxzlRCA8zy+Ew0v6XjTS3kFPpr+Knn/sX+z49/VykSMDQCS7rtP1G1xbUfnHtBg905xc5agg7XN1oj6vHvLrxvNxlbLu+8XBDYoUthBXbkgy3wx842F08lHHBrOXqv0aoV0cqyQAAEB/WlR/8m77R8xYuOj0v96zbZsu93cZ437dnSihUglXe++LMvsxlvvAc7WHu15Q9fTI+/7+be9/RVv7OzRfaVI8zKUMb7paeoIrcwuzUZM3s1Ht5yqTC2+rEh6MeR8DCvCgDu4zByZsLk3TrvPVpX2NZXkXTkjx/jxffBl34+6orcF2XYb7GVy9NgdLCmda9vKy5VOP3naZqfe7ApxvD7/RSXoBduCx/S9CNNmlHfrjVd5/0/NCtvvnhVl91uNX3cKvvVliHW309RIdbfQ+3+sK/w62+h1t9Bw7Kw62+QREdbvU93Orb4Zkffq3vfbsagfvITmDLfKsP+H4PJSz3kdtumW9t+306iw7HMRW29+32FgRLzubZWrSVkd/X6a/pI0O/9UQqvw2HL5xWegWnM86TjpSrgy14sAUPtuDBFhwRS9sVhZd4eelHjP5V/90SbQK/ldfhhwJLHDm0f7jonpfBG7AJX0Hkf287VNGUSIXTgUrWVQ+HT8vobMe+JWGZXJH6Sl/WgPr7y08f6uUm+0UUGcL3HSyHKmoxVG91r2X1uAhG8+qA2CvWtfxbgCS4caParo2Hi1OA4CAIcLv8WIs7QudwWT1lHeOtx2oaEAsaR/HUpGTu1u+SE9o6WtE2P18PWAi9t6UtMlyWcAJ07XCWeTLY59gLC9yunSeJE0+9N52yhivcPG1tHrSoa/Njd3x/QRH9bhX2qLcD/NXIbPsNAfXSBHvyPbb520BWj0YDpHXfioOszQ03tZ/Mw3mwgmDCV1Jh6d9N7B61DCr3c/ew8uii0QeWBfrOA1oVw4BB50e16inniA7yXY27prac9OuJEWLUZUzsuWstTAmnHi3/qcttFmZXD2m57/jq2c/m9bboVzdiRoRoaCIu7BJzXVwlW7tBuOt2lpE6LlwNUeSMmXxTzcoDqKW7BV7CV3NoR//ZvgXjJTGXG5gzK4iWX5kyZgX2QNJxofQadcYHT7gmicPMOsysO59Z7bNqOLpP+BrFeZoV59jujLjJpIg2Ac/YyI7GSpFYYNDFWzVv5d5nxNgrXkveL9Apy3Ilp+g13NEup+hjrvQTPaaOeUyitvueOL+cUxaqzb27I/oVlLGHalFwyZdNt3Iuyj7BwA4Xw6wR5XJrsIBZFyrbnRkWuCVYeviI/myupjSLRKVXUcTZkq7sZaLbAc2Di9R+69ej/6wiq0Ay+Q62OlM93qLXf6xpnHK24vHCs4ztk/6pWO/1Byd/3p6OVfJCQ1Kyquarx21rTtaei3jg4LcNQQjFlqzAbYPTflMuoKHFu/CjnVYet6m4bkfVFkSvcwb1AHCCIqzIigv6q735aAu444/v37/8cDIQImvM6B6GD7lRW+FQRhVmsakwOghUiGwfI8P6YDrdV54Wc3NzI39JvJn5fvP5b+/6z0vNCj6pzky55kLNjTZ5gZTI23a3jj3aNX+yBQDqmLHjh2pUgQyP2LhLT7kx8eY0bFAOX3ZfQjC/afkPsz/OnljD25XTMRYljWfoNRf2PRtKIFEmKIeKMt6XDQ4gOZirZQy7rb5IW479txwH2LzljoZ2bzXu+zxgxE3klrGsOQwayoGEgR4NNcwgEBTKe0Vw95vJhYfE0/ZUoOHMINUH2lnuczpYu15oizZthBf0CWIoL1oYD4jJAdYKYTb2Zb5lcZ0Sjbbhp3td6Jvw6PJW8OKU5zbLrIr5GlMtUrc30AC09lmQMqxipik0qBormcq92iv4tYSssZFUbzWxSlMvC+FZs71j8gAarRQpI2MtBgFEMsKsH6C2VXAfMDmjN94aqfAlYaWOu/j86rz89aILXPPyr36xe8WdYC3KY0zJeyVhT0+KQW65W3uPrSi78ey9D/rvYfYefLKjvefYo33svQAAdOdVM0ogO9TOKOLC5nqDEBwCWAg8cMC9ZOYrU1tQc/AWGiJn6FRBBBnce4AWJMK5hAsKzRlyaq63MHUdyRQtiKQxkV5tvAbHkvy0wsr0lSuHmdBLgi7+76PXXFxjEZNY/+9ihj4TgnAiTUHMi0ImF6FguVsMbj5uBDabQ2So9Jfli4RGjQW7ihh68cIIf4ZOl4jx8sMGv1JKWLhCoMpazQFb1+IQ9AqrpuUQAtLkCMBa7bXfbNGMQ1Rxhe19Bnjfd0Tz7zTj/t4KrxwS5sdOmP9ySJg/JMwfEuYPCfOHhPlDwvwhYf6QJBWS1yFJ6pAkdUiSureE+dIpN/wQduTYRHPppwmseEBmq5mBNEWuMPLDliCk0VzCZ8UhKWGKLikR6MHZ6UkLXzWiK9oe+Tq2bYlMxeUPo7E+Lj3g29iPf1pL/Gtenb+dS3dy4DzuH82TFp+79XWTm4wLVR6bXFg6F905gyU3tH+ugCAyT7ZfPtI5RcGpvAy3ydBHKVFCL+Gq70Qd31vpL7r2cHONVVmc0/hmIQa1xdsSBRa9PUC95gJRFgm4+EnvtbHCU5RicQnRw9qKMvHDRSFRHMeNUzxkimqm/IrE4PyPMEMLApct8yWawDeTKZrYdyZT/cFEMpzJNVctldvXXKp5ObvG7QlPVzl9Dsf1lTqqdpRbE5hKF77cXPI+aNMzSTYFoebKWDiRGL2Bw+iRVNGX6smjHV0whvxTcyQpi2wweMaj9Qx9kfaEOuJplit36nbxX95BZcSTPG2r24oTwmIsgo3Jd+4dG8gq3L2+RVSesVSTxF2QTlMCR+PG7Lfz3XZZcQyZcalWglRjz87Mw8EBaOV3O55KVtCg3eNGq0BuO3S0fizaJgb37zcTgUZT8ivvvniundWvVnsVbO8mzK00plqMGUHGNGMEaeMUcDCXkW04TikbFNfmMh0aZAvfMlZ40awiU/JMNyaQezDLIOV+EXyvX56/fDd2/F4cCsXvikQq8Tw9mh0NgnPiYuz5EuGhcScl38+v3r06Pkf/jl5/+vge+lD+xyAcf7O3Otg7Ju8rsNGuCoLEldtaPum/W9YC+K07ddaRQ/eekG3AFlq5p1Iebyt47sXMnp64VdugCt39XMaIjZ0LpylW+bua/TN0XDFPL1IsFREXU3QhE3xF9H+iNU3iC/RAWwCfTl5///Lja3QtzP2O8NvDacgGvtAGC2UkuegfLjxWWmKjWZApqhtzRcSCS2iXuWLpAuzvC3utUgvWW5mMDaojRhh/diHEEO5i7iq/0iauthbMELiiGGHEiLrm4tJzDPS1XqJ0SJBIr0i6NMUsRgRyytrOnd2CMRvtdo+3ICq2QlRBfC1S3GGwdrbBBUl2kehOZxtVe5Rao2OxuiQjXkqmuV6STXXr5wSgt7zdnYPFmMUsIKpYrHK9SEpzuXQYVISTREOyK5o5TfKWtM/woP/+xhDYcV9TcEf7hFuGIKCueMtcrcfc17yjLL8BqmU22J1n18BdvzguUWk83ZWaWi4q6ZmhAD6pHbhmgq8ETne3D3ZmPKq+OSsVjgMGPjnpylRtBzT+Stkrx26/TBhwG5VJIKXj0cR7SaR4IAnX5ytlPZZk56NcOxOlubsy0qvR589vdbspM6hkv3PUrloBPY6TtGBqjOtm1eQl3Ohs/JmvMU0Kd+Ypu8IJjScz750Aj5RgJhFGModw7mWeGHazkoJ9x3aMjUmx4Wouc7o41g6wsKEFBb46vbKJWCmSZgqtsURLeLku584Q2QEirYXj2qjXunAzLKVeNCcgURPafEk2kzZUjWgCNwgDP/SCWhafruVLVeWlV+AUNw+DC4tN8CwjcTN8fGR8WrKlGWu7WJu/PCPM3FSWpiSmWJFk41C1gQ6Uk+4M0BkCGIpK7yVSSVcMq1w0B3wvHMXnhSvZAjPh85dk08Y4FLTSpet6ABocunJhp7SeRbOWzAXzb+wYlnAUS3scy4BIlu3n/70iAAbFs/SLkbg9ZFQ1xhnqHUJya7AM205pbY//GQ3d9iigXnFAfSKBBsirbzTQkPiX0UTWGgXj45F5zG/RYjN2WpFO7AIKNNcLt3UdaMXVQnfMv8IrDWbRh4/ncMqZx5yIZlxur7WhElChqUVYmiVKky223d0GkmpclN6T+/n5P7xFscKRtjkfvEX7ekejLLLlK2MqSKS42OwBIpiMUPST4HxHW1xhsSLKblO45wmpA5TXVEXrwNG8VyQmDS1v/URV89KBH1FD2LJD0rhxHN6t3uqcs4x3nHbB1aeXoMpsvAWhbGWCRVoHTWMf39va7GJ/etJqyI3OEDqxg+M6lJbQg67+Di15EnvhKYxcQwNb7eM1CVQ67sEsJkucJ8oQ6GAXHOIggXsZ447znQ9y33DSUgIgtzDmWgGUHqsAe88le1sVWwxpz117zx5Si+fOfaR9+N6Sl7QX68bQG8Md2ofzHTpE7fGHEpgs6aV3/nFungwL8LIfba/+V/JD+5x4BPmheykx4aDsU2Qi2OEjlUoIcu6MpBl+HuAHy4Dr38gCgl9/h1UNANxtBNCemnzlT6+P0eNnj5/aYFq1qbrWWlTDodLCodLCodJCi9AOlRbYodLCb7bSwiKnSYjnSJiA/KAiC4fKD4fKD4fKD4fKD4fKD+hQ+aHj+PxQ+cH+O1R+OFR++P++8kMVCWzD5zCKR9zkesWHDQcZZL8UnCnC4nYf0W7+UH8OOx6gdMI7bRxdahBtTo4tGIIIclFchGXJ2/Nj5/ig4Fs0dVi/+38BAAD//zfz4YE=" } diff --git a/filebeat/module/elasticsearch/audit/_meta/fields.yml b/filebeat/module/elasticsearch/audit/_meta/fields.yml index 96c7e69e280..d90a918822d 100644 --- a/filebeat/module/elasticsearch/audit/_meta/fields.yml +++ b/filebeat/module/elasticsearch/audit/_meta/fields.yml @@ -22,6 +22,14 @@ description: "The principal (username) that failed authentication" example: "_anonymous" type: keyword + - name: realm + description: "The authentication realm" + example": "active_directory" + type: keyword + - name: roles + description: "Roles to which the principal belongs" + example: [ "kibana_user", "beats_admin" ] + type: array - name: action description: "The name of the action that was executed" example: "cluster:monitor/main" @@ -30,6 +38,10 @@ description: "The REST endpoint URI" example: /_xpack/security/_authenticate type: keyword + - name: indices + description: "Indices accessed by action" + example: [ "foo-2019.01.04", "foo-2019.01.03", "foo-2019.01.06" ] + type: array - name: request description: "The type of request that was executed" example: "ClearScrollRequest" diff --git a/filebeat/module/elasticsearch/audit/ingest/pipeline.json b/filebeat/module/elasticsearch/audit/ingest/pipeline.json index 9c832362401..947b8c04cb6 100644 --- a/filebeat/module/elasticsearch/audit/ingest/pipeline.json +++ b/filebeat/module/elasticsearch/audit/ingest/pipeline.json @@ -1,26 +1,78 @@ { - "description": "Pipeline for parsing elasticsearch audit logs", - "processors": [ - { - "rename": { - "field": "@timestamp", - "target_field": "event.created" - } - }, - { - "grok": { - "field": "message", - "patterns": [ - "\\[%{TIMESTAMP_ISO8601:elasticsearch.audit.timestamp}\\]\\s*(\\[%{WORD:elasticsearch.node.name}\\])?\\s*\\[%{WORD:elasticsearch.audit.layer}\\]\\s*\\[%{WORD:elasticsearch.audit.event_type}\\]\\s*(origin_type\\=\\[%{WORD:elasticsearch.audit.origin_type}\\])?,?\\s*(origin_address\\=\\[%{IPORHOST:elasticsearch.audit.origin_address}\\])?,?\\s*(principal\\=\\[%{WORD:elasticsearch.audit.principal}\\])?,?\\s*(action\\=\\[%{DATA:elasticsearch.audit.action}\\])?,?\\s*?(uri=\\[%{DATA:elasticsearch.audit.uri}\\])?,?\\s*(request\\=\\[%{WORD:elasticsearch.audit.request}\\])?,?\\s*(request_body\\=\\[%{DATA:elasticsearch.audit.request_body}\\])?,?" - ] - } - }, - { - "rename": { - "field": "elasticsearch.audit.timestamp", - "target_field": "@timestamp" - } - } + "description": "Pipeline for parsing elasticsearch audit logs", + "processors": [ + { + "rename": { + "field": "@timestamp", + "target_field": "event.created" + } + }, + { + "grok": { + "field": "message", + "pattern_definitions": { + "ES_TIMESTAMP": "\\[%{TIMESTAMP_ISO8601:elasticsearch.audit.@timestamp}\\]", + "ES_NODE_NAME": "(\\[%{DATA:elasticsearch.node.name}\\])?", + "ES_AUDIT_LAYER": "\\[%{WORD:elasticsearch.audit.layer}\\]", + "ES_AUDIT_EVENT_TYPE": "\\[%{WORD:elasticsearch.audit.event_type}\\]", + "ES_AUDIT_ORIGIN_TYPE": "(origin_type\\=\\[%{WORD:elasticsearch.audit.origin_type}\\])?", + "ES_AUDIT_ORIGIN_ADDRESS": "(origin_address\\=\\[%{IPORHOST:elasticsearch.audit.origin_address}\\])?", + "ES_AUDIT_PRINCIPAL": "(principal\\=\\[%{DATA:elasticsearch.audit.principal}\\])?", + "ES_AUDIT_REALM": "(realm\\=\\[%{WORD:elasticsearch.audit.realm}\\])?", + "ES_AUDIT_ROLES": "(roles\\=\\[%{DATA:elasticsearch.audit.roles}\\])?", + "ES_AUDIT_ACTION": "(action\\=\\[%{DATA:elasticsearch.audit.action}(\\[%{DATA:elasticsearch.audit.sub_action}\\])?\\])?", + "ES_AUDIT_URI": "(uri=\\[%{DATA:elasticsearch.audit.uri}\\])?", + "ES_AUDIT_INDICES": "(indices\\=\\[%{DATA:elasticsearch.audit.indices}\\])?", + "ES_AUDIT_REQUEST": "(request\\=\\[%{WORD:elasticsearch.audit.request}\\])?", + "ES_AUDIT_REQUEST_BODY": "(request_body\\=\\[%{DATA:elasticsearch.audit.request_body}\\])?" + }, + "patterns": [ + "%{ES_TIMESTAMP}\\s*%{ES_NODE_NAME}\\s*%{ES_AUDIT_LAYER}\\s*%{ES_AUDIT_EVENT_TYPE}\\s*%{ES_AUDIT_ORIGIN_TYPE},?\\s*%{ES_AUDIT_ORIGIN_ADDRESS},?\\s*%{ES_AUDIT_PRINCIPAL},?\\s*%{ES_AUDIT_REALM},?\\s*%{ES_AUDIT_ROLES},?\\s*%{ES_AUDIT_ACTION},?\\s*%{ES_AUDIT_INDICES},?\\s*%{ES_AUDIT_URI},?\\s*%{ES_AUDIT_REQUEST},?\\s*%{ES_AUDIT_REQUEST_BODY},?" + ] + } + }, + { + "split": { + "field": "elasticsearch.audit.roles", + "separator": ",", + "ignore_missing": true + } + }, + { + "split": { + "field": "elasticsearch.audit.indices", + "separator": ",", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "source": "if (ctx.elasticsearch.audit.sub_action != null) { ctx.elasticsearch.audit.action += '[' + ctx.elasticsearch.audit.sub_action + ']' }" + } + }, + { + "remove": { + "field": "elasticsearch.audit.sub_action", + "ignore_missing": true + } + }, + { + "date": { + "field": "elasticsearch.audit.timestamp", + "target_field": "@timestamp", + "formats": [ + "ISO8601" + ], + {< if .convert_timezone >}"timezone": "{{ event.timezone }}",{< end >} + "ignore_failure": true + } + }, + { + "remove": { + "field": "elasticsearch.audit.timestamp" + } + } ], "on_failure" : [{ "set" : { diff --git a/filebeat/module/elasticsearch/audit/test/test.log-expected.json b/filebeat/module/elasticsearch/audit/test/test.log-expected.json index dea44171f3a..396ba0d1d55 100644 --- a/filebeat/module/elasticsearch/audit/test/test.log-expected.json +++ b/filebeat/module/elasticsearch/audit/test/test.log-expected.json @@ -1,121 +1,121 @@ [ { - "@timestamp": "2018-06-19T05:16:15,549", - "elasticsearch.audit.event_type": "authentication_failed", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "147.107.128.77", - "elasticsearch.audit.principal": "i030648", - "elasticsearch.audit.uri": "/_xpack/security/_authenticate", - "event.dataset": "elasticsearch.audit", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:16:15,549] [rest] [authentication_failed] origin_address=[147.107.128.77], principal=[i030648], uri=[/_xpack/security/_authenticate]", - "offset": 0, - "prospector.type": "log", + "@timestamp": "2018-06-19T05:16:15,549", + "elasticsearch.audit.event_type": "authentication_failed", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "147.107.128.77", + "elasticsearch.audit.principal": "i030648", + "elasticsearch.audit.uri": "/_xpack/security/_authenticate", + "event.dataset": "elasticsearch.audit", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:16:15,549] [rest] [authentication_failed] origin_address=[147.107.128.77], principal=[i030648], uri=[/_xpack/security/_authenticate]", + "offset": 0, + "prospector.type": "log", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:07:52,304", - "elasticsearch.audit.event_type": "authentication_failed", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "172.22.0.3", - "elasticsearch.audit.principal": "rado", - "elasticsearch.audit.uri": "/_xpack/security/_authenticate", - "elasticsearch.node.name": "v_VJhjV", - "event.dataset": "elasticsearch.audit", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:07:52,304] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.22.0.3], principal=[rado], uri=[/_xpack/security/_authenticate]", - "offset": 155, - "prospector.type": "log", + "@timestamp": "2018-06-19T05:07:52,304", + "elasticsearch.audit.event_type": "authentication_failed", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "172.22.0.3", + "elasticsearch.audit.principal": "rado", + "elasticsearch.audit.uri": "/_xpack/security/_authenticate", + "elasticsearch.node.name": "v_VJhjV", + "event.dataset": "elasticsearch.audit", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:07:52,304] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.22.0.3], principal=[rado], uri=[/_xpack/security/_authenticate]", + "offset": 155, + "prospector.type": "log", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:00:15,778", - "elasticsearch.audit.action": "indices:data/read/scroll/clear", - "elasticsearch.audit.event_type": "access_granted", - "elasticsearch.audit.layer": "transport", - "elasticsearch.audit.origin_address": "192.168.1.165", - "elasticsearch.audit.origin_type": "local_node", - "elasticsearch.audit.principal": "_xpack_security", - "elasticsearch.audit.request": "ClearScrollRequest", - "event.dataset": "elasticsearch.audit", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:00:15,778] [transport] [access_granted] origin_type=[local_node], origin_address=[192.168.1.165], principal=[_xpack_security], action=[indices:data/read/scroll/clear], request=[ClearScrollRequest]", - "offset": 306, - "prospector.type": "log", + "@timestamp": "2018-06-19T05:00:15,778", + "elasticsearch.audit.action": "indices:data/read/scroll/clear", + "elasticsearch.audit.event_type": "access_granted", + "elasticsearch.audit.layer": "transport", + "elasticsearch.audit.origin_address": "192.168.1.165", + "elasticsearch.audit.origin_type": "local_node", + "elasticsearch.audit.principal": "_xpack_security", + "elasticsearch.audit.request": "ClearScrollRequest", + "event.dataset": "elasticsearch.audit", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:00:15,778] [transport] [access_granted] origin_type=[local_node], origin_address=[192.168.1.165], principal=[_xpack_security], action=[indices:data/read/scroll/clear], request=[ClearScrollRequest]", + "offset": 306, + "prospector.type": "log", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:07:45,544", - "elasticsearch.audit.event_type": "anonymous_access_denied", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "172.22.0.3", - "elasticsearch.audit.uri": "/_xpack/security/_authenticate", - "elasticsearch.node.name": "v_VJhjV", - "event.dataset": "elasticsearch.audit", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:07:45,544] [v_VJhjV] [rest] [anonymous_access_denied]\torigin_address=[172.22.0.3], uri=[/_xpack/security/_authenticate]", - "offset": 519, - "prospector.type": "log", + "@timestamp": "2018-06-19T05:07:45,544", + "elasticsearch.audit.event_type": "anonymous_access_denied", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "172.22.0.3", + "elasticsearch.audit.uri": "/_xpack/security/_authenticate", + "elasticsearch.node.name": "v_VJhjV", + "event.dataset": "elasticsearch.audit", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:07:45,544] [v_VJhjV] [rest] [anonymous_access_denied]\torigin_address=[172.22.0.3], uri=[/_xpack/security/_authenticate]", + "offset": 519, + "prospector.type": "log", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:26:27,268", - "elasticsearch.audit.event_type": "authentication_failed", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "147.107.128.77", - "elasticsearch.audit.principal": "N078801", - "elasticsearch.audit.uri": "/_xpack/security/_authenticate", - "event.dataset": "elasticsearch.audit", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:26:27,268] [rest] [authentication_failed]\torigin_address=[147.107.128.77], principal=[N078801], uri=[/_xpack/security/_authenticate]", - "offset": 654, - "prospector.type": "log", + "@timestamp": "2018-06-19T05:26:27,268", + "elasticsearch.audit.event_type": "authentication_failed", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "147.107.128.77", + "elasticsearch.audit.principal": "N078801", + "elasticsearch.audit.uri": "/_xpack/security/_authenticate", + "event.dataset": "elasticsearch.audit", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:26:27,268] [rest] [authentication_failed]\torigin_address=[147.107.128.77], principal=[N078801], uri=[/_xpack/security/_authenticate]", + "offset": 654, + "prospector.type": "log", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:55:26,898", - "elasticsearch.audit.action": "cluster:monitor/main", - "elasticsearch.audit.event_type": "access_denied", - "elasticsearch.audit.layer": "transport", - "elasticsearch.audit.origin_address": "147.107.128.77", - "elasticsearch.audit.origin_type": "rest", - "elasticsearch.audit.principal": "_anonymous", - "elasticsearch.audit.request": "MainRequest", - "event.dataset": "elasticsearch.audit", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:55:26,898] [transport] [access_denied]\torigin_type=[rest], origin_address=[147.107.128.77], principal=[_anonymous], action=[cluster:monitor/main], request=[MainRequest]", - "offset": 802, - "prospector.type": "log", + "@timestamp": "2018-06-19T05:55:26,898", + "elasticsearch.audit.action": "cluster:monitor/main", + "elasticsearch.audit.event_type": "access_denied", + "elasticsearch.audit.layer": "transport", + "elasticsearch.audit.origin_address": "147.107.128.77", + "elasticsearch.audit.origin_type": "rest", + "elasticsearch.audit.principal": "_anonymous", + "elasticsearch.audit.request": "MainRequest", + "event.dataset": "elasticsearch.audit", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:55:26,898] [transport] [access_denied]\torigin_type=[rest], origin_address=[147.107.128.77], principal=[_anonymous], action=[cluster:monitor/main], request=[MainRequest]", + "offset": 802, + "prospector.type": "log", "service.name": "elasticsearch" - }, + }, { - "@timestamp": "2018-06-19T05:24:15,190", - "elasticsearch.audit.event_type": "authentication_failed", - "elasticsearch.audit.layer": "rest", - "elasticsearch.audit.origin_address": "172.18.0.3", - "elasticsearch.audit.principal": "elastic", - "elasticsearch.audit.request_body": "body", - "elasticsearch.audit.uri": "/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip", - "elasticsearch.node.name": "v_VJhjV", - "event.dataset": "elasticsearch.audit", - "fileset.module": "elasticsearch", - "fileset.name": "audit", - "input.type": "log", - "message": "[2018-06-19T05:24:15,190] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.18.0.3], principal=[elastic], uri=[/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip], request_body=[body]", - "offset": 986, - "prospector.type": "log", + "@timestamp": "2018-06-19T05:24:15,190", + "elasticsearch.audit.event_type": "authentication_failed", + "elasticsearch.audit.layer": "rest", + "elasticsearch.audit.origin_address": "172.18.0.3", + "elasticsearch.audit.principal": "elastic", + "elasticsearch.audit.request_body": "body", + "elasticsearch.audit.uri": "/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip", + "elasticsearch.node.name": "v_VJhjV", + "event.dataset": "elasticsearch.audit", + "fileset.module": "elasticsearch", + "fileset.name": "audit", + "input.type": "log", + "message": "[2018-06-19T05:24:15,190] [v_VJhjV] [rest] [authentication_failed]\torigin_address=[172.18.0.3], principal=[elastic], uri=[/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip], request_body=[body]", + "offset": 986, + "prospector.type": "log", "service.name": "elasticsearch" } -] \ No newline at end of file +] From 49bfca810c1fbb1eee8900420215660c4db388d1 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Tue, 29 Jan 2019 09:27:50 -0800 Subject: [PATCH 2/2] Fixing CHANGELOG.next after messed up rebase --- CHANGELOG.next.asciidoc | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 5cebdf5d42c..b2b98704be4 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -60,17 +60,6 @@ https://github.com/elastic/beats/compare/1035569addc4a3b29ffa14f8a08c27c1ace16ef *Filebeat* -- Added module for parsing Google Santa logs. {pull}9540[9540] -- Added netflow input type that supports NetFlow v1, v5, v6, v7, v8, v9 and IPFIX. {issue}9399[9399] -- Add option to modules.yml file to indicate that a module has been moved {pull}9432[9432]. -- Fix parsing of GC entries in elasticsearch server log. {issue}9513[9513] {pull}9810[9810] -- Support mysql 5.7.22 slowlog starting with time information. {issue}7892[7892] {pull}9647[9647] -- Add support for ssl_request_log in apache2 module. {issue}8088[8088] {pull}9833[9833] -- Add support for iis 7.5 log format. {issue}9753[9753] {pull}9967[9967] -- Add service.type field to all Modules. By default the field is set with the module name. It can be overwritten with `service.type` config. {pull}10042[10042] -- Add support for MariaDB in the `slowlog` fileset of `mysql` module. {pull}9731[9731] -- Elasticsearch module's slowlog now populates `event.duration` (ECS). {pull}9293[9293] -- HAProxy module now populates `event.duration` and `http.response.bytes` (ECS). {pull}10143[10143] - Teach elasticsearch/audit fileset to parse out some more fields. {issue}10134[10134] {pull}10137[10137] *Heartbeat*