Skip to content

Update orignal osquery package description #825

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mtojek merged 6 commits into from
Apr 6, 2021
Merged

Update orignal osquery package description #825

mtojek merged 6 commits into from
Apr 6, 2021

Conversation

@james-elastic
Copy link
Contributor

@james-elastic james-elastic commented Apr 1, 2021
edited
Loading

What does this PR do?

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@elasticmachine
Copy link

elasticmachine commented Apr 1, 2021
edited
Loading

💔 Build Failed

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: Pull request #825 updated

  • Start Time: 2021-04-02T17:33:00.481+0000

  • Duration: 104 min 21 sec

  • Commit: 7daed60

Test stats 🧪

Test Results
Failed 0
Passed 1813
Skipped 3
Total 1816

Trends 🧪

Image of Build Times

Image of Tests

Steps errors 1

Expand to view the steps failures

Boot up the Elastic stack
  • Took 3 min 48 sec . View more details on here
  • Description: ../../build/elastic-package stack up -d -v

Log output

Expand to view the last 100 lines of log output 

[2021-04-02T19:15:11.253Z] Pulling kibana (docker.elastic.co/kibana/kibana:7.11.2-SNAPSHOT)...
[2021-04-02T19:15:11.253Z] 7.11.2-SNAPSHOT: Pulling from kibana/kibana
[2021-04-02T19:15:18.415Z] 
Stopping elastic-package-stack_elastic-agent_1    ... done

Stopping elastic-package-stack_kibana_1           ... done

Stopping elastic-package-stack_package-registry_1 ... done

Stopping elastic-package-stack_elasticsearch_1    ... done
Removing elastic-package-stack_elastic-agent_is_ready_1    ... 
[2021-04-02T19:15:18.415Z] Removing elastic-package-stack_elastic-agent_1             ... 
[2021-04-02T19:15:18.415Z] Removing elastic-package-stack_kibana_is_ready_1           ... 
[2021-04-02T19:15:18.415Z] Removing elastic-package-stack_kibana_1                    ... 
[2021-04-02T19:15:18.415Z] Removing elastic-package-stack_elasticsearch_is_ready_1    ... 
[2021-04-02T19:15:18.415Z] Removing elastic-package-stack_package-registry_is_ready_1 ... 
[2021-04-02T19:15:18.415Z] Removing elastic-package-stack_package-registry_1          ... 
[2021-04-02T19:15:18.415Z] Removing elastic-package-stack_elasticsearch_1             ... 
[2021-04-02T19:15:18.415Z] 
Removing elastic-package-stack_elastic-agent_is_ready_1    ... done

Removing elastic-package-stack_package-registry_1          ... done

Removing elastic-package-stack_kibana_1                    ... done

Removing elastic-package-stack_kibana_is_ready_1           ... done

Removing elastic-package-stack_package-registry_is_ready_1 ... done

Removing elastic-package-stack_elasticsearch_is_ready_1    ... done

Removing elastic-package-stack_elasticsearch_1             ... done

Removing elastic-package-stack_elastic-agent_1             ... done
Removing network elastic-package-stack_default
[2021-04-02T19:15:18.675Z] Done
[2021-04-02T19:15:43.374Z] Digest: sha256:fc3d0b879658c4689f5addb83646bcffff1478fccdacce63bbfcce0802f335ac
[2021-04-02T19:15:43.374Z] Status: Downloaded newer image for docker.elastic.co/kibana/kibana:7.11.2-SNAPSHOT
[2021-04-02T19:15:43.374Z] Pulling elastic-agent (docker.elastic.co/beats/elastic-agent:7.11.2-SNAPSHOT)...
[2021-04-02T19:15:43.374Z] 7.11.2-SNAPSHOT: Pulling from beats/elastic-agent
[2021-04-02T19:15:45.920Z] Digest: sha256:edd7ce7e7a6520faea4391f7a3c8c6a4e2dc18cf5d6f85d57cc0e36190fd3c54
[2021-04-02T19:15:45.920Z] Status: Downloaded newer image for docker.elastic.co/beats/elastic-agent:7.11.2-SNAPSHOT
[2021-04-02T19:15:45.920Z] Creating elastic-package-stack_elasticsearch_1 ... 
[2021-04-02T19:15:45.920Z] Creating elastic-package-stack_package-registry_1 ... 
[2021-04-02T19:15:56.608Z] 
Creating elastic-package-stack_package-registry_1 ... done

Creating elastic-package-stack_elasticsearch_1    ... done
Creating elastic-package-stack_package-registry_is_ready_1 ... 
[2021-04-02T19:16:19.161Z] 
Creating elastic-package-stack_package-registry_is_ready_1 ... done
Creating elastic-package-stack_elasticsearch_is_ready_1    ... 
[2021-04-02T19:16:19.161Z] Creating elastic-package-stack_kibana_1                    ... 
[2021-04-02T19:16:37.301Z] 
Creating elastic-package-stack_elasticsearch_is_ready_1    ... done

Creating elastic-package-stack_kibana_1                    ... done
Creating elastic-package-stack_kibana_is_ready_1           ... 
[2021-04-02T19:16:37.301Z] Creating elastic-package-stack_elastic-agent_1             ... 
[2021-04-02T19:16:55.422Z] 
Creating elastic-package-stack_kibana_is_ready_1           ... done

Creating elastic-package-stack_elastic-agent_1             ... done
Creating elastic-package-stack_elastic-agent_is_ready_1    ... 
[2021-04-02T19:16:56.255Z] 
Creating elastic-package-stack_elastic-agent_is_ready_1    ... done
Done
[2021-04-02T19:16:56.556Z] + ../../build/elastic-package stack shellinit
[2021-04-02T19:16:57.128Z] + eval export ELASTIC_PACKAGE_ELASTICSEARCH_HOST=http://127.0.0.1:9200
[2021-04-02T19:16:57.128Z] export ELASTIC_PACKAGE_ELASTICSEARCH_USERNAME=elastic
[2021-04-02T19:16:57.128Z] export ELASTIC_PACKAGE_ELASTICSEARCH_PASSWORD=changeme
[2021-04-02T19:16:57.128Z] export ELASTIC_PACKAGE_KIBANA_HOST=http://127.0.0.1:5601
[2021-04-02T19:16:57.128Z] + export ELASTIC_PACKAGE_ELASTICSEARCH_HOST=http://127.0.0.1:9200
[2021-04-02T19:16:57.128Z] + export ELASTIC_PACKAGE_ELASTICSEARCH_USERNAME=elastic
[2021-04-02T19:16:57.128Z] + export ELASTIC_PACKAGE_ELASTICSEARCH_PASSWORD=changeme
[2021-04-02T19:16:57.128Z] + export ELASTIC_PACKAGE_KIBANA_HOST=http://127.0.0.1:5601
[2021-04-02T19:16:57.128Z] + ../../build/elastic-package install -v
[2021-04-02T19:16:57.128Z] 2021/04/02 19:16:57 DEBUG Enable verbose logging
[2021-04-02T19:16:57.128Z] Install the package
[2021-04-02T19:16:57.128Z] 2021/04/02 19:16:57 DEBUG POST http://127.0.0.1:5601/api/fleet/epm/packages/sophos-0.2.0
[2021-04-02T19:17:05.268Z] Installed assets:
[2021-04-02T19:17:05.268Z] - logs-sophos.utm-0.2.0 (type: ingest_pipeline)
[2021-04-02T19:17:05.268Z] - logs-sophos.xg-0.2.0-antispam (type: ingest_pipeline)
[2021-04-02T19:17:05.268Z] - logs-sophos.xg-0.2.0-antivirus (type: ingest_pipeline)
[2021-04-02T19:17:05.268Z] - logs-sophos.xg-0.2.0-atp (type: ingest_pipeline)
[2021-04-02T19:17:05.268Z] - logs-sophos.xg-0.2.0-cfilter (type: ingest_pipeline)
[2021-04-02T19:17:05.268Z] - logs-sophos.xg-0.2.0 (type: ingest_pipeline)
[2021-04-02T19:17:05.268Z] - logs-sophos.xg-0.2.0-event (type: ingest_pipeline)
[2021-04-02T19:17:05.268Z] - logs-sophos.xg-0.2.0-firewall (type: ingest_pipeline)
[2021-04-02T19:17:05.268Z] - logs-sophos.xg-0.2.0-idp (type: ingest_pipeline)
[2021-04-02T19:17:05.268Z] - logs-sophos.xg-0.2.0-sandstorm (type: ingest_pipeline)
[2021-04-02T19:17:05.268Z] - logs-sophos.xg-0.2.0-waf (type: ingest_pipeline)
[2021-04-02T19:17:05.268Z] - logs-sophos.xg-0.2.0-wifi (type: ingest_pipeline)
[2021-04-02T19:17:05.268Z] - logs-sophos.utm (type: index_template)
[2021-04-02T19:17:05.268Z] - logs-sophos.xg (type: index_template)
[2021-04-02T19:17:05.268Z] Done
[2021-04-02T19:17:05.300Z] Running in /var/lib/jenkins/workspace/gest-manager_integrations_PR-825/src/github.com/elastic/integrations
[2021-04-02T19:17:05.595Z] + build/elastic-package stack dump -v --output build/elastic-stack-dump/7.11.2-SNAPSHOT/sophos
[2021-04-02T19:17:05.595Z] 2021/04/02 19:17:05 DEBUG Enable verbose logging
[2021-04-02T19:17:05.595Z] 2021/04/02 19:17:05 DEBUG Dump Elastic stack data
[2021-04-02T19:17:05.595Z] 2021/04/02 19:17:05 DEBUG Dump stack logs
[2021-04-02T19:17:05.595Z] 2021/04/02 19:17:05 DEBUG Recreate the output location (path: build/elastic-stack-dump/7.11.2-SNAPSHOT/sophos)
[2021-04-02T19:17:05.595Z] 2021/04/02 19:17:05 DEBUG Dump stack logs for elasticsearch
[2021-04-02T19:17:05.595Z] 2021/04/02 19:17:05 DEBUG running command: /usr/local/bin/docker-compose -f /var/lib/jenkins/workspace/gest-manager_integrations_PR-825/.elastic-package/stack/snapshot.yml -p elastic-package-stack logs elasticsearch
[2021-04-02T19:17:06.623Z] 2021/04/02 19:17:06 DEBUG Dump stack logs for elastic-agent
[2021-04-02T19:17:06.623Z] 2021/04/02 19:17:06 DEBUG running command: /usr/local/bin/docker-compose -f /var/lib/jenkins/workspace/gest-manager_integrations_PR-825/.elastic-package/stack/snapshot.yml -p elastic-package-stack logs elastic-agent
[2021-04-02T19:17:07.582Z] 2021/04/02 19:17:07 DEBUG Dump stack logs for kibana
[2021-04-02T19:17:07.582Z] 2021/04/02 19:17:07 DEBUG running command: /usr/local/bin/docker-compose -f /var/lib/jenkins/workspace/gest-manager_integrations_PR-825/.elastic-package/stack/snapshot.yml -p elastic-package-stack logs kibana
[2021-04-02T19:17:08.555Z] 2021/04/02 19:17:08 DEBUG Dump stack logs for package-registry
[2021-04-02T19:17:08.555Z] 2021/04/02 19:17:08 DEBUG running command: /usr/local/bin/docker-compose -f /var/lib/jenkins/workspace/gest-manager_integrations_PR-825/.elastic-package/stack/snapshot.yml -p elastic-package-stack logs package-registry
[2021-04-02T19:17:09.969Z] Path to stack dump: build/elastic-stack-dump/7.11.2-SNAPSHOT/sophos
[2021-04-02T19:17:09.969Z] Done
[2021-04-02T19:17:09.988Z] Archiving artifacts
[2021-04-02T19:17:10.307Z] + build/elastic-package stack down -v
[2021-04-02T19:17:10.307Z] 2021/04/02 19:17:10 DEBUG Enable verbose logging
[2021-04-02T19:17:10.307Z] Take down the Elastic stack
[2021-04-02T19:17:10.307Z] 2021/04/02 19:17:10 DEBUG running command: /usr/local/bin/docker-compose -f /var/lib/jenkins/workspace/gest-manager_integrations_PR-825/.elastic-package/stack/snapshot.yml -p elastic-package-stack down
[2021-04-02T19:17:11.265Z] The ELASTICSEARCH_IMAGE_REF variable is not set. Defaulting to a blank string.
[2021-04-02T19:17:11.265Z] The KIBANA_IMAGE_REF variable is not set. Defaulting to a blank string.
[2021-04-02T19:17:11.265Z] The ELASTIC_AGENT_IMAGE_REF variable is not set. Defaulting to a blank string.
[2021-04-02T19:17:11.265Z] Stopping elastic-package-stack_elastic-agent_1    ... 
[2021-04-02T19:17:11.265Z] Stopping elastic-package-stack_kibana_1           ... 
[2021-04-02T19:17:11.265Z] Stopping elastic-package-stack_package-registry_1 ... 
[2021-04-02T19:17:11.265Z] Stopping elastic-package-stack_elasticsearch_1    ... 
[2021-04-02T19:17:13.982Z] 
Stopping elastic-package-stack_elastic-agent_1    ... done

Stopping elastic-package-stack_kibana_1           ... done

Stopping elastic-package-stack_package-registry_1 ... done

Stopping elastic-package-stack_elasticsearch_1    ... done
Removing elastic-package-stack_elastic-agent_is_ready_1    ... 
[2021-04-02T19:17:13.982Z] Removing elastic-package-stack_elastic-agent_1             ... 
[2021-04-02T19:17:13.982Z] Removing elastic-package-stack_kibana_is_ready_1           ... 
[2021-04-02T19:17:13.982Z] Removing elastic-package-stack_kibana_1                    ... 
[2021-04-02T19:17:13.982Z] Removing elastic-package-stack_elasticsearch_is_ready_1    ... 
[2021-04-02T19:17:13.982Z] Removing elastic-package-stack_package-registry_is_ready_1 ... 
[2021-04-02T19:17:13.982Z] Removing elastic-package-stack_package-registry_1          ... 
[2021-04-02T19:17:13.982Z] Removing elastic-package-stack_elasticsearch_1             ... 
[2021-04-02T19:17:13.982Z] 
Removing elastic-package-stack_elasticsearch_is_ready_1    ... done

Removing elastic-package-stack_package-registry_is_ready_1 ... done

Removing elastic-package-stack_kibana_is_ready_1           ... done

Removing elastic-package-stack_package-registry_1          ... done

Removing elastic-package-stack_kibana_1                    ... done

Removing elastic-package-stack_elastic-agent_is_ready_1    ... done

Removing elastic-package-stack_elasticsearch_1             ... done

Removing elastic-package-stack_elastic-agent_1             ... done
Removing network elastic-package-stack_default
[2021-04-02T19:17:14.553Z] Done
[2021-04-02T19:17:21.431Z] Running on beats-ci-immutable-ubuntu-1804-1617389186068713177 in /var/lib/jenkins/workspace/gest-manager_integrations_PR-825
[2021-04-02T19:17:21.474Z] [INFO] getVaultSecret: Getting secrets
[2021-04-02T19:17:21.595Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2021-04-02T19:17:22.240Z] + chmod 755 generate-build-data.sh
[2021-04-02T19:17:22.240Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Ingest-manager/integrations/PR-825/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Ingest-manager/integrations/PR-825/runs/6 FAILURE 6261468
[2021-04-02T19:17:22.240Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Ingest-manager/integrations/PR-825/runs/6/steps/?limit=10000 -o steps-info.json

melissaburpo
melissaburpo reviewed Apr 1, 2021
View reviewed changes
Copy link
Contributor

@melissaburpo melissaburpo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. I just had one comment/question.

packages/osquery/manifest.yml Outdated
@@ -1,8 +1,8 @@
name: osquery
title: Osquery
Copy link
Contributor

@melissaburpo melissaburpo Apr 1, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should the title be updated to Osquery Log Collection too? Is that the field used for titles shown on the Integration list page, or is another field used for that?

image

melissaburpo
melissaburpo reviewed Apr 1, 2021
View reviewed changes
packages/osquery/docs/README.md

## Compatibility

The OSQuery integration was tested with logs from osquery version 2.10.2.
Copy link
Contributor

@melissaburpo melissaburpo Apr 1, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just noticed this one last reference to the original name. Should update here too:
OSQuery integration --> Osquery Log Collection integration

mtojek
mtojek reviewed Apr 1, 2021
View reviewed changes
Copy link
Contributor

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Conceptually this change looks absolutely valid. Please just address posted comments.

packages/osquery/docs/README.md Outdated
@@ -1,14 +1,16 @@
# OSQuery Integration
# Osquery Log Collection
Copy link
Contributor

@mtojek mtojek Apr 1, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please update the doc template file first https://github.com/elastic/integrations/blob/38a2b326c8b1c08294a5a59faa2c56e94e92194f/packages/osquery/_dev/build/docs/README.md and then build the integration? elastic-package build

packages/osquery/changelog.yml
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "0.1.2"
Copy link
Contributor

@mtojek mtojek Apr 1, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose this one may need formatting (elastic-package format).

@james-elastic
Copy link
Contributor Author

james-elastic commented Apr 2, 2021

Thanks @mtojek I used elastic-package to build / format. :)

mtojek
mtojek approved these changes Apr 2, 2021
View reviewed changes
Copy link
Contributor

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Errors are unrelated to this PR. You should be good to go.

@james-elastic
Copy link
Contributor Author

james-elastic commented Apr 6, 2021

Thanks @mtojek, I don't have the permission to merge this, could you do it for me? Thanks!

@mtojek mtojek merged commit fd450c1 into elastic:master Apr 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@melissaburpo melissaburpo melissaburpo approved these changes

+1 more reviewer

@mtojek mtojek mtojek approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@james-elastic @elasticmachine @melissaburpo @mtojek