[Auditbeat] Update to go-libaudit v2.3.0 #31519

andrewkroh · 2022-05-04T16:34:48Z

What does this PR do?

Updated the go-libaudit library version to v2.3.0. This refreshes the syscall
names for Linux and adds ECS categorizations for more audit anomaly events.

https://github.com/elastic/go-libaudit/releases/tag/v2.3.0

Why is it important?

This refreshes the lookup tables to handle new syscalls in Linux.

Checklist

My code follows the style guidelines of this project
I have commented my code, particularly in hard-to-understand areas
I have made corresponding changes to the documentation
I have made corresponding change to the default configuration files
I have added tests that prove my fix is effective or that my feature works
I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Updated the go-libaudit library version to v2.3.0. This refreshes the syscall names for Linux and adds ECS categorizations for more audit anomaly events. https://github.com/elastic/go-libaudit/releases/tag/v2.3.0

elasticmachine · 2022-05-04T19:15:04Z

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

/test : Re-trigger the build.
/package : Generate the packages and run the E2E tests.
/beats-tester : Run the installation tests with beats-tester.
run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

andrewkroh · 2022-05-04T19:20:06Z

E2E tests failure appears unrelated and similar failures can be found in test runs from main (example).

   Scenario Outline: Adding diskio system/metrics Integration to a Policy # features/system_integration.feature:5
     When the policy is updated to have "system/metrics" set to "diskio" # features/system_integration.feature:8
       Error: Unable to find package system in policy 3d51cc50-cbdb-11ec-b3fe-81c6dae1214b

elasticmachine · 2022-05-04T19:20:14Z

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

Now that go-libaudit support backlog_wait_time_actual this field can be output from the show-status command on Linux 5.9+ kernels. There were no tests for this code so I did a quick manual smoke test on 5.10. Relates elastic#31519

* auditbeat - Add backlog_wait_time_actual to show-status Now that go-libaudit support backlog_wait_time_actual this field can be output from the show-status command on Linux 5.9+ kernels. There were no tests for this code so I did a quick manual smoke test on 5.10. Relates #31519 * satisfy the linter gods Fixes: use of `fmt.Println` forbidden by pattern `fmt.Print.*` (forbidigo)

Updated the go-libaudit library version to v2.3.0. This refreshes the syscall names for Linux and adds ECS categorizations for more audit anomaly events. https://github.com/elastic/go-libaudit/releases/tag/v2.3.0

* auditbeat - Add backlog_wait_time_actual to show-status Now that go-libaudit support backlog_wait_time_actual this field can be output from the show-status command on Linux 5.9+ kernels. There were no tests for this code so I did a quick manual smoke test on 5.10. Relates #31519 * satisfy the linter gods Fixes: use of `fmt.Println` forbidden by pattern `fmt.Print.*` (forbidigo)

andrewkroh added enhancement Auditbeat Team:Security-External Integrations labels May 4, 2022

botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels May 4, 2022

Update to go-libaudit v2.3.0

c4fe1b8

Updated the go-libaudit library version to v2.3.0. This refreshes the syscall names for Linux and adds ECS categorizations for more audit anomaly events. https://github.com/elastic/go-libaudit/releases/tag/v2.3.0

andrewkroh force-pushed the enhancement/ab/go-libaudit-v2-3-0 branch from b5771a8 to c4fe1b8 Compare May 4, 2022 16:35

mergify bot assigned andrewkroh May 4, 2022

andrewkroh marked this pull request as ready for review May 4, 2022 19:20

andrewkroh requested a review from a team as a code owner May 4, 2022 19:20

andrewkroh requested review from rdner and fearful-symmetry and removed request for a team May 4, 2022 19:20

andrewkroh requested a review from a team May 4, 2022 19:24

efd6 approved these changes May 4, 2022

View reviewed changes

andrewkroh added the backport-v8.3.0 Automated backport with mergify label May 5, 2022

andrewkroh merged commit f2f85e6 into elastic:main May 5, 2022

andrewkroh mentioned this pull request May 5, 2022

[auditbeat] Add backlog_wait_time_actual to show-status output #31535

Merged

6 tasks

barkbay mentioned this pull request May 12, 2022

Auditbeat 8.3.0-SNAPSHOT is failing on GKE: "failed to get audit status" #31616

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Auditbeat] Update to go-libaudit v2.3.0 #31519

[Auditbeat] Update to go-libaudit v2.3.0 #31519

andrewkroh commented May 4, 2022 •

edited

Loading

elasticmachine commented May 4, 2022

andrewkroh commented May 4, 2022 •

edited

Loading

elasticmachine commented May 4, 2022

[Auditbeat] Update to go-libaudit v2.3.0 #31519

[Auditbeat] Update to go-libaudit v2.3.0 #31519

Conversation

andrewkroh commented May 4, 2022 • edited Loading

What does this PR do?

Why is it important?

Checklist

elasticmachine commented May 4, 2022

💚 Flaky test report

🤖 GitHub comments

andrewkroh commented May 4, 2022 • edited Loading

elasticmachine commented May 4, 2022

andrewkroh commented May 4, 2022 •

edited

Loading

andrewkroh commented May 4, 2022 •

edited

Loading