From owner-freebsd-ports-bugs@freebsd.org Mon Aug 24 21:19:03 2020 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E83E93CDD31 for ; Mon, 24 Aug 2020 21:19:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4Bb4kH60P9z4Hyk for ; Mon, 24 Aug 2020 21:19:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id CDC0A3CDEEA; Mon, 24 Aug 2020 21:19:03 +0000 (UTC) Delivered-To: ports-bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CD8833CDEE9 for ; Mon, 24 Aug 2020 21:19:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Bb4kH58sbz4Ht5 for ; Mon, 24 Aug 2020 21:19:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 94F351ED2A for ; Mon, 24 Aug 2020 21:19:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 07OLJ3p4043428 for ; Mon, 24 Aug 2020 21:19:03 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 07OLJ34U043427 for ports-bugs@FreeBSD.org; Mon, 24 Aug 2020 21:19:03 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 248892] sysutils/beats7: Update to 7.9.0 Date: Mon, 24 Aug 2020 21:19:03 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: juraj@lutter.sk X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: elastic@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform bug_file_loc op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2020 21:19:04 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248892 Bug ID: 248892 Summary: sysutils/beats7: Update to 7.9.0 Product: Ports & Packages Version: Latest Hardware: Any URL: https://www.elastic.co/guide/en/beats/libbeat/current/ release-notes-7.9.0.html OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: elastic@FreeBSD.org Reporter: juraj@lutter.sk Flags: maintainer-feedback?(elastic@FreeBSD.org) Assignee: elastic@FreeBSD.org Attachment #217508 maintainer-approval+ Flags: Created attachment 217508 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D217508&action= =3Dedit sysutils/beats7: Update to 7.9.0 Hi, please find the patch attached. Changelog: Breaking changes Affecting all Beats * Ensure dynamic template names are unique for the same field. Filebeat * With the default configuration the cloud modules (AWS, Azure, Googlecloud, o365, Okta) will no longer send the host field that contains information about the host Filebeat is running on. This is because the host field specifies the host on which the event happened. * With the default configuration the following modules will no longer send the host field. You can revert this change by configuring tags for the module and omitting forwarded from the list. + Cisco + CrowdStrike + Fortinet + Iptables + Checkpoint + Netflow + Zeek (forwarded tag is not included by default) + Suricata (forwarded tag is not included by default) + CoreDNS (forwarded tag is not included by default) + Envoy Proxy (forwarded tag is not included by default) + CEF module + Palo Alto Networks module * Okta module now requires objects instead of JSON strings for the http_headers, http_request_body, pagination, rate_limit, and ssl variables. * Adds oauth support for httpjson input. * Adds split_events_by option to httpjson input. * Adds date_cursor option to httpjson input. * Adds Gsuite module with SAML support. * Adds Gsuite User Accounts support. * Adds Gsuite Login audit support. * Adds Gsuite Admin support. * Adds Gsuite Drive support. * Adds Gsuite Groups support. * Disable the option of running --machine-learning on its own. Metricbeat * Move service config under metrics and simplify metric types. * Fix ECS compliance of user.id field in system/users metricset. * Rename googlecloud stackdriver metricset to metrics. Winlogbeat * Add PowerShell module. Support for event ID's: 400, 403, 600, 800, 4103, 4014, 4105, 4106. * Fix PowerShell processing of downgraded engine events. * Fix unprefixed fields in fields.yml for PowerShell module. Bugfixes Affecting all Beats * Fix potential race condition in fingerprint processor. * Add better handling for Kubernetes Update and Delete watcher events. * Fix config reload metrics (libbeat.config.module.start/stops/running). * Fix metrics hints builder to avoid wrong container metadata usage when port is not exposed. * Server-side TLS config now validates that certificate and key settings are both specified. * Fix terminating pod autodiscover issue. * Output errors when Kibana index pattern setup fails. * Fix issue in autodiscover that kept inputs stopped after config updates. * Add service resource in k8s cluster role. Auditbeat * system/socket: Fix issue with dataset using 100% CPU and becoming unresponsive in some scenarios. * system/socket: Fix kprobe grouping to allow running more than one instance. Filebeat * Fix Kubernetes Watcher goroutine leaks when input config is invalid and input.reload is enabled. * Okta module now sets the Elasticsearch _id field to the Okta UUID value contained in each system log to minimize the possibility of duplicating events. * Fix netflow module to support 7 bytepad for IPFIX template. * Fix improper nesting of session_issuer object in AWS cloudtrail fileset. * Fix Cisco ASA 3020** and 106023 messages. * Add missing default_field: false to AWS filesets fields.yml. * Fix memory leak in tcp and unix input sources. * Fix Cisco ASA dissect pattern for 313008 and 313009 messages. * Fix bug with empty filter values in system/service. * Update container name for the Azure filesets. * Fix S3 input to trim delimiter /n from each log line. * Fix Zeek module to ignore missing fields when attempting to drop unnecessary fields. * Fix s3 input parsing json file without expand_event_list_from_field. * Fix millisecond timestamp normalization issues in CrowdStrike module. * Fix support for message code 106100 in Cisco ASA and FTD. * Fix fortinet setting event.timezone to the system one when no tz field present. * Fix okta geoip lookup in pipeline for destination.ip. * Fix mapping exception in the googlecloud/audit dataset pipeline. * Fix cisco asa and ftd parsing of messages 106102 and 106103. Metricbeat * Fix SQL module mapping NULL values as string * Fix incorrect usage of hints builder when exposed port is a substring of the hint * Stop counterCache only when already started * Remove dedot for tag values in aws module. * Fix empty field name errors in the application pool metricset. * Fix mapping of service start type in the service metricset of the Windows module. * Fix config example in the perfmon configuration files. * Fix k8s scheduler compatibility issue. * Modify doc for app_insights metricset to contain example of config. * Add required option for metrics in app_insights. * Groups same timestamp metric values to one event in the app_insights metricset. Packetbeat * Fix process monitoring when ipv6 is disabled under Linux. Added Affecting all Beats * Add initial instrument of Beats with APM GO Agent. * Add optional regex based cid extractor to add_kubernetes_metadata processor. * Add k8s keystore backend. * Change ownership of files in docker images so they can be used in secured environments. * Upgrade k8s.io/client-go and k8s keystore tests. * Add support for multiple sets of hints on autodiscover. * Add a configurable delay between retries when app metadata cannot be retrieved by add_cloudfoundry_metadata. * Add data type conversion in dissect processor for converting string values to other basic data types. * Add the ignore_failure configuration option to the dissect processor. * Add the overwrite_keys configuration option to the dissect processor. * Add support to trim captured values in the dissect processor. * Add the max_cached_sessions option to the script processor. * Set index.max_docvalue_fields_search in index template to increase value to 200 fields. Auditbeat * Add ECS categorization info for Auditd module. Filebeat * Add http_endpoint input. * Add observer.vendor, observer.product, and observer.type to Palo Alto Networks module events. * The logstash module can now automatically detect the log file format (JSON or plaintext) and process it accordingly. * Improve ECS categorization field mappings in CoreDNS module. * Improve ECS categorization field mappings in Envoyproxy module. * Improve ECS categorization field mappings in Cisco module. * The s3 input can now automatically detect gzipped objects. * Add geoip AS lookup and improve ECS categorization in AWS cloudtrail fileset. * Add support for v1 consumer API in Cloud Foundry input and use it by default. * Add new mode to multiline reader to aggregate constant number of lines. * Explicitly set ECS version in all Filebeat modules. * Add awscloudwatch input. * Add automatic retries and exponential backoff to httpjson input. * Change the Palo Alto Networks module to pass through (rather than drop) message types other than threat and traffic. * Improve ECS categorization field mappings in Traefik module. * Improve ECS categorization field mappings in Azure module. * Add automatic retries and exponential backoff to httpjson input. * Add text and flattened versions of fields with unknown subfields in AWS cloudtrail fileset. * Add Microsoft Defender ATP Module. * Add initial support for configurable file identity tracking. * Add experimental dataset tomcat/log for Apache TomCat logs. * Add experimental dataset netscout/sightline for Netscout Arbor Sightline logs. * Add experimental dataset barracuda/waf for Barracuda Web Application Firewall logs. * Add experimental dataset f5/bigipapm for F5 Big-IP Access Policy Manager logs. * Add experimental dataset bluecoat/director for Bluecoat Director logs. * Add experimental dataset cisco/nexus for Cisco Nexus logs. * Add experimental dataset citrix/virtualapps for Citrix Virtual Apps logs. * Add experimental dataset cylance/protect for Cylance Protect logs. * Add experimental dataset fortinet/clientendpoint for Fortinet FortiClient Endpoint Protection logs. * Add experimental dataset imperva/securesphere for Imperva Secure Sphere logs. * Add experimental dataset infoblox/nios for Infoblox Network Identity Operating System logs. * Add experimental dataset juniper/junos for Juniper Junos OS logs. * Add experimental dataset kaspersky/av for Kaspersky Anti-Virus logs. * Add experimental dataset microsoft/dhcp for Microsoft DHCP Server logs. * Add experimental dataset tenable/nessus_security for Tenable Nessus Security Scanner logs. * Add experimental dataset rapid7/nexpose for Rapid7 Nexpose logs. * Add experimental dataset radware/defensepro for Radware DefensePro logs. * Add experimental dataset sonicwall/firewall for Sonicwall Firewalls logs. * Add experimental dataset squid/log for Squid Proxy Server logs. * Add experimental dataset zscaler/zia for Zscaler Internet Access logs. Heartbeat * Record HTTP response headers. Journalbeat * Added an id config option to inputs to allow running multiple inputs on the same journal. * Add basic ECS categorization and log.syslog fields. Metricbeat * Add client address to events from http server module. * Add new fields to HAProxy module. * Add Tomcat overview dashboard. * Accept prefix as metric_types config parameter in googlecloud stackdriver metricset. * Add dashboards for googlecloud load balancing metricset. * Add support for v1 consumer API in Cloud Foundry module and use it by default. * Add support for named ports in autodiscover. * Add param aws_partition to support aws-cn, aws-us-gov regions. * Add support for wildcard * in dimension value of AWS CloudWatch metrics config. * The elasticsearch/index metricset now collects metrics for hidden indices. * Added performance and query metricsets to mysql module. * The elasticsearch-xpack/index metricset now reports hidden indices as such. * Adds support for app insights metrics in the Azure module. * Added cache and connection_errors metrics to status metricset of MySQL module. * Update MySQL dashboard with connection errors and cache metrics. Packetbeat * Add ECS fields for x509 certs, event categorization, and related IP info. Functionbeat * Add basic ECS categorization and cloud fields. Elastic Log Driver * Add support for docker logs command Deprecated Metricbeat * Deprecate tags config parameter in cloudwatch metricset. * Deprecate tags.resource_type_filter config parameter and replace with resource_type. Testport on 12-STABLE: https://freebsd-stable.builder.wilbury.net/data/12_STABLE_GENERIC_amd64-def= ault/2020-08-23_09h23m38s/logs/beats7-7.9.0.log Testport on 13-CURRENT: https://freebsd-current.builder.wilbury.net/data/13_CURRENT_GENERIC_amd64-d= efault/2020-08-23_09h26m42s/logs/beats7-7.9.0.log --=20 You are receiving this mail because: You are the assignee for the bug.=