Skip to content

[8.1](backport #30382) [Filebeat] [auditd]: Support EXECVE events with truncated argument list#30457

Merged
adriansr merged 2 commits into8.1from
mergify/bp/8.1/pr-30382
Feb 17, 2022
Merged

[8.1](backport #30382) [Filebeat] [auditd]: Support EXECVE events with truncated argument list#30457
adriansr merged 2 commits into8.1from
mergify/bp/8.1/pr-30382

Conversation

@mergify
Copy link
Copy Markdown
Contributor

@mergify mergify bot commented Feb 17, 2022
edited by zube bot
Loading

This is an automatic backport of pull request #30382 done by Mergify.

Mergify commands and options

More conditions and actions can be found in the documentation.

You can also trigger Mergify actions by commenting on this pull request:

  • @Mergifyio refresh will re-evaluate the rules
  • @Mergifyio rebase will rebase this PR on its base branch
  • @Mergifyio update will merge the base branch into this PR
  • @Mergifyio backport <destination> will backport this PR on <destination> branch

Additionally, on Mergify dashboard you can:

  • look at your merge queues
  • generate the Mergify configuration with the config editor.

Finally, you can contact us on https://mergify.com

@adriansr
[Filebeat] [auditd]: Support EXECVE events with truncated argument li…
2e5cf52 
…st (#30382)

This modifies Filebeat's auditd pipeline to support parsing of EXECVE
records with truncated argument lists.

When such a log is found, the arguments will be appended to process.args
with a leading entry informing about the truncation.

This is to prevent a mapping explosion in Filebeat when a lot of these
logs are ingested with the previous pipeline version.

(cherry picked from commit 79229e7)
@mergify mergify bot added the backport label Feb 17, 2022
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Feb 17, 2022
@botelastic
Copy link
Copy Markdown

botelastic bot commented Feb 17, 2022

This pull request doesn't have a Team:<team> label.

@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Feb 17, 2022
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-02-17T19:13:44.125+0000

  • Duration: 106 min 16 sec

Test stats 🧪

Test Results
Failed 0
Passed 8665
Skipped 1098
Total 9763

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@adriansr adriansr merged commit a7bcd67 into 8.1 Feb 17, 2022
@adriansr adriansr deleted the mergify/bp/8.1/pr-30382 branch February 17, 2022 22:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@adriansr adriansr

Labels

backport needs_team Indicates that the issue/PR needs a Team:* label

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@elasticmachine @adriansr