Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Suricata module to Filebeat #8693

Merged
merged 28 commits into from
Oct 24, 2018
Merged

Add Suricata module to Filebeat #8693

merged 28 commits into from
Oct 24, 2018

Commits on Oct 2, 2018

  1. Import suricata module from temp repo 

    This is the code as of commit #c346ff7 over [there](https://github.com/elastic/filebeat-module-suricata/pull/1)
    @adriansr
    Mathieu Martin authored and adriansr committed Oct 2, 2018
    Configuration menu
    Copy the full SHA
    33e7c59 View commit details
    Browse the repository at this point in the history

  2. Generated doc (no actual documentation for it the module yet)

    @adriansr
    Mathieu Martin authored and adriansr committed Oct 2, 2018
    Configuration menu
    Copy the full SHA
    a4da08b View commit details
    Browse the repository at this point in the history

  3. Update the kibana objects to the new format. 

    See #7251 and #7224 for more details.
    @adriansr
    Mathieu Martin authored and adriansr committed Oct 2, 2018
    Configuration menu
    Copy the full SHA
    3cfcc11 View commit details
    Browse the repository at this point in the history

  4. Remove symlink to Suricata module and re-generate the doc

    @adriansr
    Mathieu Martin authored and adriansr committed Oct 2, 2018
    Configuration menu
    Copy the full SHA
    9652a66 View commit details
    Browse the repository at this point in the history

  5. Add a simple compatibility comment in the doc.

    @adriansr
    Mathieu Martin authored and adriansr committed Oct 2, 2018
    Configuration menu
    Copy the full SHA
    167aacf View commit details
    Browse the repository at this point in the history

  6. Ooops, off by 3 error. Version 4.0.4 :-)

    @adriansr
    Mathieu Martin authored and adriansr committed Oct 2, 2018
    Configuration menu
    Copy the full SHA
    a1d05e0 View commit details
    Browse the repository at this point in the history

  7. Package filebeat x-pack modules in the non-oss distribution 

    This patch updates the packaging scripts to copy modules from
x-pack/filebeat into Elastic-licensed packages.
    @adriansr
    adriansr committed Oct 2, 2018
    Configuration menu
    Copy the full SHA
    2ba9706 View commit details
    Browse the repository at this point in the history

  8. Add modules.d to filebeat's x-pack tree

    @adriansr
    adriansr committed Oct 2, 2018
    Configuration menu
    Copy the full SHA
    3ab125f View commit details
    Browse the repository at this point in the history

Commits on Oct 16, 2018

  1. Fix build in feature-suricata branch (#8625) 

    * Vendorize goimports (#8619)

* Fix make fmt after vendoring goimports (#8623)
    @adriansr
    adriansr authored Oct 16, 2018
    Configuration menu
    Copy the full SHA
    0211eda View commit details
    Browse the repository at this point in the history

  2. [Suricata] Update fields and paths (#8550) 

    This updates the suricata module:

- Added fields from eve.json
- Copy fields of interest into ECS equivalent
- Updated dashboards
    @adriansr
    adriansr authored Oct 16, 2018
    Configuration menu
    Copy the full SHA
    4d60173 View commit details
    Browse the repository at this point in the history

Commits on Oct 17, 2018

  1. Filebeat X-Pack Module Packaging (#8615) 

    This PR adds an intermediate solution for packaging X-Pack modules with Filebeat. In this PR the dashboards, configuration files, and fields are generated in x-pack/filebeat. Packaging is still done entirely from the OSS filebeat directory by making the build run `mage update` in x-pack/filebeat then customizing the packaging configuration to point to different dashboards, config, and fields.yml for the Elastic licensed packages.

Long term we will build, test, and package the OSS and Elastic licensed Beats from their respective directories, but this gives us a smaller step in order to be able to release the X-Pack content before the build system is fully transitioned.

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
    @andrewkroh @adriansr
    andrewkroh and adriansr committed Oct 17, 2018
    Configuration menu
    Copy the full SHA
    69cce4c View commit details
    Browse the repository at this point in the history

Commits on Oct 22, 2018

  1. Use naming conventions for the Suricata dashboards (#8675) 

    Mostly making all vis and searches end in [Suricata].

Part of #8153.
    @tsg
    tsg authored Oct 22, 2018
    Configuration menu
    Copy the full SHA
    2430239 View commit details
    Browse the repository at this point in the history

  2. Add ingest-user-agent to the required plugins list (#8674) 

    The ingest pipeline for suricata's eve fileset uses the user-agent
plugin. This updates the manifest to include this requirement.
    @adriansr
    adriansr authored Oct 22, 2018
    Configuration menu
    Copy the full SHA
    c8d1ab7 View commit details
    Browse the repository at this point in the history

Commits on Oct 23, 2018

  1. Add integration tests for suricata module (#8650) 

    Added Filebeat module test cases for suricata/eve.

To support to running Filebeat module tests from x-pack/filebeat an env var MODULES_PATH was added to allow the existing tests to run against a different module directory than the OSS module dir.

Added some missing fields to pass validation.

Added sample eve.json files for validation.
    @adriansr @andrewkroh
    adriansr authored and andrewkroh committed Oct 23, 2018
    Configuration menu
    Copy the full SHA
    a4fbb4d View commit details
    Browse the repository at this point in the history

  2. Merge branch 'master' of github.com:elastic/beats into feature-suricata

    @andrewkroh
    andrewkroh committed Oct 23, 2018
    Configuration menu
    Copy the full SHA
    3e2f40b View commit details
    Browse the repository at this point in the history

  3. Format magefile.go for x-pack/filebeat

    @andrewkroh
    andrewkroh committed Oct 23, 2018
    Configuration menu
    Copy the full SHA
    576bb2d View commit details
    Browse the repository at this point in the history

  4. rely on go to resolve beats repo for goimports install

    @andrewkroh
    andrewkroh committed Oct 23, 2018
    Configuration menu
    Copy the full SHA
    563a289 View commit details
    Browse the repository at this point in the history

  5. Update CHANGELOG files

    @andrewkroh
    andrewkroh committed Oct 23, 2018
    Configuration menu
    Copy the full SHA
    8033e99 View commit details
    Browse the repository at this point in the history

  6. Merge branch 'master' of github.com:elastic/beats into feature-suricata

    @andrewkroh
    andrewkroh committed Oct 23, 2018
    Configuration menu
    Copy the full SHA
    3a5ef22 View commit details
    Browse the repository at this point in the history

  7. Clean-up module documentation

    @andrewkroh
    andrewkroh committed Oct 23, 2018
    Configuration menu
    Copy the full SHA
    0f33ff3 View commit details
    Browse the repository at this point in the history

  8. Update config file

    @andrewkroh
    andrewkroh committed Oct 23, 2018
    Configuration menu
    Copy the full SHA
    ed53c42 View commit details
    Browse the repository at this point in the history

  9. Fix xpack role on docs

    @andrewkroh
    andrewkroh committed Oct 23, 2018
    Configuration menu
    Copy the full SHA
    96bc0f7 View commit details
    Browse the repository at this point in the history

  10. Merge branch 'master' of github.com:elastic/beats into feature-suricata

    @andrewkroh
    andrewkroh committed Oct 23, 2018
    Configuration menu
    Copy the full SHA
    73936dd View commit details
    Browse the repository at this point in the history

  11. Fix heartbeat test

    @andrewkroh
    andrewkroh committed Oct 23, 2018
    Configuration menu
    Copy the full SHA
    151572b View commit details
    Browse the repository at this point in the history

Commits on Oct 24, 2018

  1. Remove system-test symlinks 

    Jenkins is failing during artifact archival. This might fix it.
    @andrewkroh
    andrewkroh committed Oct 24, 2018
    Configuration menu
    Copy the full SHA
    c239c8d View commit details
    Browse the repository at this point in the history

  2. Remove system-test symlinks - take 2 

    Jenkins is failing during artifact archival. This might fix it.
    @andrewkroh
    andrewkroh committed Oct 24, 2018
    Configuration menu
    Copy the full SHA
    b808dc0 View commit details
    Browse the repository at this point in the history

  3. Fix permissions 

    Run make fix-permissions on the x-pack/filebeat after executing tests.
    @andrewkroh
    andrewkroh committed Oct 24, 2018
    Configuration menu
    Copy the full SHA
    ab7266c View commit details
    Browse the repository at this point in the history

  4. Undo symlink deletion 

    The problem was the ownership of files rather than the symlinks.
    @andrewkroh
    andrewkroh committed Oct 24, 2018
    Configuration menu
    Copy the full SHA
    9b4f8e8 View commit details
    Browse the repository at this point in the history