Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update filebeat module for 4.x installations #1563

Closed
jnasselle opened this issue May 20, 2022 · 6 comments · May be fixed by #2142
Closed

Update filebeat module for 4.x installations #1563

jnasselle opened this issue May 20, 2022 · 6 comments · May be fixed by #2142
Assignees
@c-bordon
Labels
level/task Subtask issue type/change Change requested

Comments

@jnasselle
Copy link
Member

Wazuh version Install type Action performed Platform
4.3.0 - 4.3.1 Manager Install/Upgrade GNU/Linux

Related issue: wazuh/wazuh#13415

Description

Currently, filebeat module delivered via https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.1.tar.gz is not updated with the expected content located here https://github.com/wazuh/wazuh/tree/v4.3.0/extensions/filebeat/7.x/wazuh-module.

This is causing that office365 data ingestion could not translate IP addresses to geolocations (PR here)
@alberpilot
Copy link
Contributor

alberpilot commented May 23, 2022
edited by c-bordon
Loading

This development was completed without taking into account the Filebeat deliverable. The following actions should be completed as soon as possible:

Tasks

@alberpilot alberpilot moved this to Todo in Release 4.3.4 May 23, 2022
@DFolchA DFolchA self-assigned this May 24, 2022
@DFolchA
Copy link
Contributor

DFolchA commented May 25, 2022

Update report

Build filebeat module with latest changes, and update generation script:
https://github.com/wazuh/wazuh-packages/blob/filebeat-module/filebeat/build-wazuh-module.sh

Improvements:

  • Install mage
  • Use git to get beats repository

Test new module.

This was referenced May 27, 2022
Merged
Merged
Merged
Merged
Merged
@DFolchA
Copy link
Contributor

DFolchA commented May 27, 2022

Update

  • Work in improved script for Wazuh packages using docker

@snaow snaow removed this from Release 4.3.4 Jun 1, 2022
@okynos okynos moved this to Triage in Release 4.4.0 Sep 9, 2022
@DFolchA DFolchA removed their assignment Mar 22, 2023
@c-bordon c-bordon self-assigned this Mar 22, 2023
@c-bordon
Copy link
Member

UpdateReport

Tasks

  • A new Dockerfile was created with the necessary for the construction of the Filebeat module and 2 scripts were created for this creation, the build.sh which is responsible for the creation of the module itself, and the build-filebeat-module.sh which facilitates the use of the first script for any user who wants to create it from this repository.
  • We started from this script for the creation of the new ones: https://github.com/wazuh/wazuh-packages/blob/filebeat-module/filebeat/build-wazuh-module.sh

@c-bordon
Copy link
Member

UpdateReport

Tasks

@c-bordon c-bordon mentioned this issue Mar 27, 2023
Open
30 tasks
@c-bordon c-bordon linked a pull request Mar 27, 2023 that will close this issue
Scripts for building the Filebeat module for Wazuh #2142
Open
30 tasks
@teddytpc1 teddytpc1 added level/task Subtask issue type/change Change requested labels Apr 26, 2023
@jotacarma90
Copy link
Member

Close this, tracking work in #2113

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@c-bordon c-bordon

Labels
level/task Subtask issue type/change Change requested
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Scripts for building the Filebeat module for Wazuh wazuh/wazuh-packages
6 participants
@jnasselle @alberpilot @DFolchA @teddytpc1 @jotacarma90 @c-bordon