Skip to content

Commit

Permalink
Backport elastic#11196 to 7.0: Import updated ECS 1.0.0 go library. (e…
Browse files Browse the repository at this point in the history 
…lastic#11196) (elastic#11206)

* Import updated ECS 1.0.0 go library.
* Adjust Packetbeat to use int64 for URL ports.
* Re-generate golden files for filebeat and x-pack/filebeat
  • Loading branch information
@webmat
webmat authored Mar 12, 2019
1 parent afbed99 commit 27b1eb7
Show file tree
Hide file tree
Showing 101 changed files with 599 additions and 582 deletions.
3 changes: 2 additions & 1 deletion NOTICE.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -568,7 +568,8 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
--------------------------------------------------------------------
Dependency: github.com/elastic/ecs
Revision: 337ddd4674d6a28da97e6d19010c04c43db09e58
Version: 1.0
Revision: b9f735dd33b0bbb95dbca4229397c9b7f81f8f53
License type (autodetected): Apache-2.0
./vendor/github.com/elastic/ecs/LICENSE.txt:
--------------------------------------------------------------------
Expand Down
2 changes: 1 addition & 1 deletion filebeat/module/apache/access/test/ssl-request.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"@timestamp": "2018-08-10T07:45:56.000Z",
"apache.access.ssl.cipher": "ECDHE-RSA-AES128-GCM-SHA256",
"apache.access.ssl.protocol": "TLSv1.2",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.dataset": "apache.access",
"event.module": "apache",
"fileset.name": "access",
Expand Down
10 changes: 5 additions & 5 deletions filebeat/module/apache/access/test/test.log-expected.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[
{
"@timestamp": "2016-12-26T14:16:29.000Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.dataset": "apache.access",
"event.module": "apache",
"fileset.name": "access",
Expand All @@ -19,7 +19,7 @@
},
{
"@timestamp": "2016-12-26T16:22:13.000Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.dataset": "apache.access",
"event.module": "apache",
"fileset.name": "access",
Expand All @@ -45,7 +45,7 @@
},
{
"@timestamp": "2016-12-26T14:16:48.000Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.dataset": "apache.access",
"event.module": "apache",
"fileset.name": "access",
Expand All @@ -59,7 +59,7 @@
},
{
"@timestamp": "2017-05-29T19:02:48.000Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.dataset": "apache.access",
"event.module": "apache",
"fileset.name": "access",
Expand All @@ -83,7 +83,7 @@
},
{
"@timestamp": "2017-05-29T19:02:48.000Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.dataset": "apache.access",
"event.module": "apache",
"fileset.name": "access",
Expand Down
6 changes: 3 additions & 3 deletions filebeat/module/apache/error/test/test.log-expected.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[
{
"@timestamp": "2016-12-26T16:22:08.000Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.dataset": "apache.error",
"event.module": "apache",
"fileset.name": "error",
Expand All @@ -16,7 +16,7 @@
{
"@timestamp": "2016-12-26T16:15:55.103Z",
"apache.error.module": "core",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.dataset": "apache.error",
"event.module": "apache",
"fileset.name": "error",
Expand All @@ -30,7 +30,7 @@
{
"@timestamp": "2011-09-09T10:42:29.902Z",
"apache.error.module": "core",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.dataset": "apache.error",
"event.module": "apache",
"fileset.name": "error",
Expand Down
24 changes: 12 additions & 12 deletions filebeat/module/auditd/log/test/audit-rhel6.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"@timestamp": "2017-03-14T19:20:30.178Z",
"auditd.log.sequence": 19600327,
"auditd.log.ses": "11988",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.action": "user_end",
"event.dataset": "auditd.log",
"event.module": "auditd",
Expand All @@ -23,7 +23,7 @@
"@timestamp": "2017-03-14T19:20:30.178Z",
"auditd.log.sequence": 19600328,
"auditd.log.ses": "11988",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.action": "cred_disp",
"event.dataset": "auditd.log",
"event.module": "auditd",
Expand All @@ -43,7 +43,7 @@
"@timestamp": "2017-03-14T19:20:56.192Z",
"auditd.log.sequence": 19600329,
"auditd.log.ses": "11988",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.action": "user_cmd",
"event.dataset": "auditd.log",
"event.module": "auditd",
Expand All @@ -66,7 +66,7 @@
"@timestamp": "2017-03-14T19:20:56.193Z",
"auditd.log.sequence": 19600330,
"auditd.log.ses": "11988",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.action": "cred_acq",
"event.dataset": "auditd.log",
"event.module": "auditd",
Expand All @@ -86,7 +86,7 @@
"@timestamp": "2017-03-14T19:20:56.193Z",
"auditd.log.sequence": 19600331,
"auditd.log.ses": "11988",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.action": "user_start",
"event.dataset": "auditd.log",
"event.module": "auditd",
Expand All @@ -110,7 +110,7 @@
"auditd.log.ses": "4294967295",
"auditd.log.src_prefixlen": "16",
"destination.address": "10.100.4.0",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.action": "mac_ipsec_event",
"event.dataset": "auditd.log",
"event.module": "auditd",
Expand All @@ -136,7 +136,7 @@
"auditd.log.success": "yes",
"auditd.log.syscall": "44",
"auditd.log.tty": "(none)",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.action": "syscall",
"event.dataset": "auditd.log",
"event.module": "auditd",
Expand Down Expand Up @@ -166,7 +166,7 @@
"auditd.log.old_auid": "700",
"auditd.log.old_ses": "6793",
"auditd.log.sequence": 19623791,
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.action": "login",
"event.dataset": "auditd.log",
"event.module": "auditd",
Expand All @@ -188,7 +188,7 @@
"auditd.log.sequence": 19623788,
"auditd.log.ses": "6793",
"auditd.log.spid": "28282",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.action": "crypto_key_user",
"event.dataset": "auditd.log",
"event.module": "auditd",
Expand All @@ -209,7 +209,7 @@
"auditd.log.addr": "96.241.146.97",
"auditd.log.sequence": 19623789,
"auditd.log.ses": "6793",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.action": "user_auth",
"event.dataset": "auditd.log",
"event.module": "auditd",
Expand All @@ -230,7 +230,7 @@
"@timestamp": "2017-03-16T04:02:57.804Z",
"auditd.log.sequence": 19623807,
"auditd.log.ses": "12286",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.action": "user_auth",
"event.dataset": "auditd.log",
"event.module": "auditd",
Expand All @@ -251,7 +251,7 @@
"@timestamp": "2017-03-16T04:02:57.805Z",
"auditd.log.sequence": 19623808,
"auditd.log.ses": "12286",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.action": "user_acct",
"event.dataset": "auditd.log",
"event.module": "auditd",
Expand Down
8 changes: 4 additions & 4 deletions filebeat/module/auditd/log/test/test.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
"auditd.log.ses": "4294967295",
"auditd.log.src_prefixlen": "24",
"destination.address": "192.168.0.0",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.action": "mac_ipsec_event",
"event.dataset": "auditd.log",
"event.module": "auditd",
Expand All @@ -33,7 +33,7 @@
"auditd.log.success": "yes",
"auditd.log.syscall": "44",
"auditd.log.tty": "(none)",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.action": "syscall",
"event.dataset": "auditd.log",
"event.module": "auditd",
Expand All @@ -60,7 +60,7 @@
"@timestamp": "2017-03-14T19:20:56.192Z",
"auditd.log.sequence": 19600329,
"auditd.log.ses": "11988",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.action": "user_cmd",
"event.dataset": "auditd.log",
"event.module": "auditd",
Expand Down Expand Up @@ -93,7 +93,7 @@
"auditd.log.ses": "4294967295",
"auditd.log.spid": "1299",
"auditd.log.subj": "system_u:system_r:sshd_t:s0-s0:c0.c1023",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"event.action": "crypto_session",
"event.dataset": "auditd.log",
"event.module": "auditd",
Expand Down
18 changes: 9 additions & 9 deletions filebeat/module/elasticsearch/audit/test/test-access.log-expected.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[
{
"@timestamp": "2018-06-19T05:16:15.549Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"elasticsearch.audit.layer": "rest",
"event.dataset": "elasticsearch.audit",
"event.module": "elasticsearch",
Expand All @@ -17,7 +17,7 @@
},
{
"@timestamp": "2018-06-19T05:07:52.304Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"elasticsearch.audit.layer": "rest",
"elasticsearch.node.name": "v_VJhjV",
"event.dataset": "elasticsearch.audit",
Expand All @@ -34,7 +34,7 @@
},
{
"@timestamp": "2018-06-19T05:00:15.778Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"elasticsearch.audit.action": "indices:data/read/scroll/clear",
"elasticsearch.audit.layer": "transport",
"elasticsearch.audit.origin.type": "local_node",
Expand All @@ -52,7 +52,7 @@
},
{
"@timestamp": "2018-06-19T05:07:45.544Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"elasticsearch.audit.layer": "rest",
"elasticsearch.node.name": "v_VJhjV",
"event.dataset": "elasticsearch.audit",
Expand All @@ -68,7 +68,7 @@
},
{
"@timestamp": "2018-06-19T05:26:27.268Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"elasticsearch.audit.layer": "rest",
"event.dataset": "elasticsearch.audit",
"event.module": "elasticsearch",
Expand All @@ -84,7 +84,7 @@
},
{
"@timestamp": "2018-06-19T05:55:26.898Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"elasticsearch.audit.action": "cluster:monitor/main",
"elasticsearch.audit.layer": "transport",
"elasticsearch.audit.origin.type": "rest",
Expand All @@ -102,7 +102,7 @@
},
{
"@timestamp": "2018-06-19T05:24:15.190Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"elasticsearch.audit.layer": "rest",
"elasticsearch.node.name": "v_VJhjV",
"event.dataset": "elasticsearch.audit",
Expand All @@ -120,7 +120,7 @@
},
{
"@timestamp": "2019-01-08T14:15:02.011Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"elasticsearch.audit.action": "indices:data/read/search[free_context]",
"elasticsearch.audit.indices": [
"foo-2019.01.04",
Expand Down Expand Up @@ -153,7 +153,7 @@
},
{
"@timestamp": "2019-01-27T20:04:27.244Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"elasticsearch.audit.layer": "rest",
"elasticsearch.audit.realm": "default_file",
"elasticsearch.audit.url.params": "{username=jacknich2}",
Expand Down
14 changes: 7 additions & 7 deletions filebeat/module/elasticsearch/audit/test/test-audit.log-expected.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[
{
"@timestamp": "2018-10-31T09:34:25.109Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"elasticsearch.audit.layer": "rest",
"elasticsearch.audit.origin.type": "rest",
"elasticsearch.node.id": "DSiWcTyeThWtUXLB9J0BMw",
Expand All @@ -21,7 +21,7 @@
},
{
"@timestamp": "2018-10-31T09:34:25.207Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"elasticsearch.audit.layer": "rest",
"elasticsearch.audit.origin.type": "rest",
"elasticsearch.node.id": "DSiWcTyeThWtUXLB9J0BMw",
Expand All @@ -41,7 +41,7 @@
},
{
"@timestamp": "2018-10-31T09:35:11.428Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"elasticsearch.audit.action": "cluster:admin/xpack/security/realm/cache/clear",
"elasticsearch.audit.layer": "transport",
"elasticsearch.audit.origin.type": "local_node",
Expand All @@ -66,7 +66,7 @@
},
{
"@timestamp": "2018-10-31T09:35:11.430Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"elasticsearch.audit.action": "cluster:admin/xpack/security/realm/cache/clear[n]",
"elasticsearch.audit.layer": "transport",
"elasticsearch.audit.origin.type": "local_node",
Expand All @@ -91,7 +91,7 @@
},
{
"@timestamp": "2018-10-31T09:35:12.303Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"elasticsearch.audit.action": "cluster:admin/xpack/security/user/change_password",
"elasticsearch.audit.layer": "transport",
"elasticsearch.audit.origin.type": "rest",
Expand All @@ -116,7 +116,7 @@
},
{
"@timestamp": "2018-10-31T09:35:12.314Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"elasticsearch.audit.action": "indices:admin/create",
"elasticsearch.audit.indices": [
".security-6"
Expand Down Expand Up @@ -144,7 +144,7 @@
},
{
"@timestamp": "2019-01-27T20:15:10.380Z",
"ecs.version": "1.0.0-beta2",
"ecs.version": "1.0.0",
"elasticsearch.audit.layer": "rest",
"elasticsearch.audit.origin.type": "rest",
"elasticsearch.audit.realm": "default_file",
Expand Down
Loading

0 comments on commit 27b1eb7

Please sign in to comment.