Date: Tue, 24 Nov 2020 20:59:51 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 251354] sysutils/beats7: Update to 7.10.0 Message-ID: <bug-251354-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D251354 Bug ID: 251354 Summary: sysutils/beats7: Update to 7.10.0 Product: Ports & Packages Version: Latest Hardware: Any URL: https://www.elastic.co/guide/en/beats/libbeat/7.10/rel ease-notes-7.10.0.html OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: elastic@FreeBSD.org Reporter: juraj@lutter.sk Flags: maintainer-feedback?(elastic@FreeBSD.org) Assignee: elastic@FreeBSD.org Attachment #219942 maintainer-approval+ Flags: Created attachment 219942 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D219942&action= =3Dedit sysutils/beats7: Update to 7.10.0 Hi, please find the patch attached. Breaking changes Affecting all Beats * Added certificate TLS verification mode to ignore server name mismatch. * Remove redundant cloudfoundry.*.timestamp fields. This value is set = in @timestamp. * Allow embedding of CAs, Certificate of private keys for anything that supports TLS in outputs and inputs * API address is a required setting in add_cloudfoundry_metadata. Auditbeat * Change network.direction values to ECS recommended values (inbound, outbound). * Docker container needs to be explicitly run as user root for auditin= g. * File integrity dataset no longer includes the leading dot in file.extension values (e.g. it will report "png" instead of ".png") = to comply with ECS. Filebeat * Cisco * CrowdStrike * Fortinet * iptables * Checkpoint * Netflow * Zeek (forwarded tag is not included by default) * Suricata (forwarded tag is not included by default) * CoreDNS (forwarded tag is not included by default) * Envoy Proxy (forwarded tag is not included by default) * Move file metrics to dataset endpoint * Fix PANW field spelling "veredict" to "verdict" on event.action * Tracking session end reason in panw module. * API address and shard ID are required settings in the Cloud Foundry input. Heartbeat Journalbeat Metricbeat * Remove "invalid zero" metrics on Windows and Darwin, don't report linux-only memory and disk I/O metrics when running under agent. * API address and shard ID are required settings in the Cloud Foundry module. Packetbeat Winlogbeat Functionbeat Bugfixes Affecting all Beats * Remove unnecessary restarts of metricsets while using Node autodiscover * [Metricbeat][Kubernetes] Change cluster_ip field from ip to keyword. * [Autodiscover] Handle input-not-finished errors in config reload. * Orderly close processors when processing pipelines are not needed anymore to release their resources. * Fix parsing of expired licences. Auditbeat * auditd: Fix spelling of anomaly in event.category. * auditd: Fix typo in event.action of removed-user-role-from. * auditd: Fix typo in event.action of used-suspicious-link. Filebeat * Fix mapping of fortinet.firewall.mem as integer. * Fix auditd module syscall table for ppc64 and ppc64le. * Fix Filebeat OOMs on very long lines, * Ignore missing in Zeek module when dropping unecessary fields. * Fix event.outcome logic for azure/siginlogs fileset * Improve validation checks for Azure configuration * Fix event.kind for system/syslog pipeline * Fix event.type for zeek/ssl and duplicate event.category for zeek/connection * Remove wrongly mapped tls.client.server_name from fortinet/firewall fileset. * Handle multiple upstreams in ingress-controller. * Provide backwards compatibility for the append processor when Elasticsearch is less than.10.0. * Fix checkpoint module when logs contain time field. * Fix syslog RFC parsing in the CheckPoint module. * Fix incorrect connection state mapping in zeek connection pipeline. * Fix for field [source] not present as part of path [source.ip] error in azure pipelines. * Fix handing missing eventtime and assignip field being set to N/A for fortinet module. Heartbeat * Add support for new service_name option to all monitors.. Journalbeat Metricbeat * Add support for azure light metricset app_stats. * Fix ec2 disk and network metrics to use Sum statistic method. * Fix ec2 disk and network metrics to use Sum statistic method. * Update fields.yml in the azure module, missing metrics field. * Disable Kafka metricsets based on Jolokia by default. They require a different configuration. * Fix timestamp handling in remote_write. * Visualization title fixes in aws, azure and googlecloud compute dashboards. * Fix retrieving resources by ID for the azure module. * Use timestamp from CloudWatch API when creating events. * Report the correct windows events for system/filesystem * Fix regular expression in windows/permfon. * Fix azure storage event format. * Fix panic in kubernetes autodiscover related to keystores * [Kubernetes] Remove redundant dockersock volume mount * Revert change to report process.memory.rss as process.memory.wss on Windows. * Add interval information to monitor metricset in azure. * Remove io.time from windows * Fix instance name in perfmon metricset. Packetbeat * Add "network" to event.category Winlogbeat * Fix invalid IP addresses in DNS query results from Sysmon data. * Fix event.outcome in the security module for non-English languages. * Fields from Winlogbeat modules were not being included in index templates and patterns. * Protect against accessing undefined variables in Sysmon module. Functionbeat * Fix catchall bucket config errors by adding more validation. * Fix Google Cloud Function configuration issue. Added Affecting all Beats * Add minimum cache TTL for successful DNS responses. * Add support for DNS over TLS for the dns processor. * Add leader election for Kubernetes autodiscover. * Add capability of enriching process metadata with container id also for non-privileged containers in add_process_metadata processor. * Add replace_fields config option in add_host_metadata for replacing host fields. * Add ingress controller dashboards. * Added experimental citrix module. * Added experimental cyberark module. * Added experimental proofpoint module. * Added experimental snort module. * Added experimental symantec module. * Added experimental dataset barracuda/spamfirewall. * Added experimental dataset cisco/meraki. * Added experimental dataset f5/bigipafm. * Added experimental dataset fortinet/fortimail. * Added experimental dataset fortinet/fortimanager. * Added experimental dataset juniper/netscreen. * Added experimental dataset sophos/utm. * Add Cloud Foundry tags in related events. * Cloud Foundry metadata is cached to disk. * Add option to select the type of index template to load: legacy, component, index. * Release add_cloudfoundry_metadata as GA. * Added Kafka version.2 to the list of supported versions. Auditbeat * Add enrichment of auditd seccomp events with name of the architectur= e, syscall, and signal. Filebeat * Add support for reading auditd logs that are prefixed with node=3D. * Add event.ingested to all Filebeat modules. * Add event.ingested for Suricata module * Add support for custom header and headersecret for filebeat http_endpoint input * Convert httpjson to v2 input * Add event.ingested to all Filebeat modules. * Return error when log harvester tries to open a named pipe. * Avoid goroutine leaks in Filebeat readers. * Improve Zeek x509 module with x509 ECS mappings * Improve Zeek SSL module with x509 ECS mappings * Added new properties field support for event.outcome in azure module * Improve Zeek Kerberos module with x509 ECS mappings * Improve Fortinet firewall module with x509 ECS mappings * Improve Santa module with x509 ECS mappings * Improve Suricata Eve module with x509 ECS mappings * Added new module for Zoom webhooks * Add type and sub_type to panw panos fileset * Always attempt community_id processor on zeek module * Add related.hosts ecs field to all modules * Keep cursor state between httpjson input restarts * Convert aws s3 to v2 input * Add support for additional fields from V2 ALB logs. * Release Cloud Foundry input as GA. * New Cisco Umbrella dataset * New juniper.srx dataset for Juniper SRX logs. * Adding support for Microsoft Defender (Microsoft Threat Protection) * Adding support for FIPS in s3 input * Update Okta documentation for new stateful restarts. Heartbeat * Add index and pipeline settings to monitor configurations. Journalbeat Metricbeat * Add state_statefulset metricset to Metricbeat recommended configuration for k8s. * Infer types in Prometheus remote_write. * Add cloud.instance.name into aws ec2 metricset. * Add host inventory metrics into aws ec2 metricset. * Add scope setting for Elasticsearch module, allowing it to monitor an Elasticsearch cluster behind a load-balancing proxy. * Add state_daemonset metricset for Kubernetes Metricbeat module * Add host inventory metrics to googlecloud compute metricset. * Add host inventory metrics to azure compute_vm metricset. * Add host inventory metrics to system module. * Add billing data collection from Cost Explorer into aws billing metricset. * Migrate compute_vm metricset to a light one, map cloud.instance.id field. * Request prometheus endpoints to be gzipped by default * Add latency config parameter into aws module. * Add billing metricset into googlecloud module. * Release all kubernetes state metricsets as GA * Move compute_vm_scaleset to light metricset. * Sanitize event.host. * Add support for different Azure Cloud environments in the metricbeat azure module. * Add overview and platform health dashboards to Cloud Foundry module. * Release lambda metricset in aws module as GA. * Add dashboard for pubsub metricset in googlecloud module. * Move Prometheus query & remote_write to GA. * Map cloud data filed cloud.account.id to azure subscription. * Expand unsupported option from namespace to metrics in the azure module. Packetbeat * Add an example to packetbeat.yml of using the forwarded tag to disab= le * Add-continue support * Add initial SIP protocol support Functionbeat Winlogbeat Elastic Log Driver - Add support to change beat name, and support for Kibana Logs. Deprecated * N/A Testport on 11.4, 12.1, 12.2, 13.0 OK --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-251354-7788>