Skip to content

Rename process.exe to process.executable for ECS#9949

Merged
ruflin merged 4 commits intoelastic:masterfrom
ruflin:ecs-process-metadata
Jan 11, 2019
Merged

Rename process.exe to process.executable for ECS#9949
ruflin merged 4 commits intoelastic:masterfrom
ruflin:ecs-process-metadata

Conversation

@ruflin
Copy link
Copy Markdown
Contributor

@ruflin ruflin commented Jan 8, 2019
edited
Loading

This also updates the auditbeat auditd module to use process.executable instead of process.exe.

@ruflin ruflin added in progress Pull request is currently in progress. libbeat ecs labels Jan 8, 2019
@ruflin ruflin requested a review from a team as a code owner January 8, 2019 14:00
ruflin
ruflin commented Jan 8, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@ruflin ruflin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@andrewkroh It seems there is also in auditbeat process.exe?

@ruflin ruflin mentioned this pull request Jan 8, 2019
Closed
@andrewkroh
Copy link
Copy Markdown
Member

andrewkroh commented Jan 8, 2019

It seems there is also in auditbeat process.exe?

Yes, the Auditbeat auditd module produces this field.

beats/auditbeat/module/auditd/audit_linux.go

Line 571 in ae290b4

process["exe"] = p.Exe

webmat
webmat approved these changes Jan 8, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@webmat webmat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ruflin ruflin requested review from a team as code owners January 9, 2019 13:02
@ruflin
Copy link
Copy Markdown
Contributor Author

ruflin commented Jan 9, 2019

I added to this PR the change in the auditd module in auditbeat.

@ruflin ruflin added review and removed in progress Pull request is currently in progress. labels Jan 10, 2019
@ruflin
Copy link
Copy Markdown
Contributor Author

ruflin commented Jan 10, 2019

@andrewkroh Could you take another look as it now also affects auditbeat?

webmat
webmat reviewed Jan 10, 2019
View reviewed changes
andrewkroh
andrewkroh approved these changes Jan 11, 2019
View reviewed changes
auditbeat/module/auditd/audit_linux.go Outdated
Copy link
Copy Markdown
Member

@andrewkroh andrewkroh Jan 11, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This package has a data.json and I think an execve.json that should be updated. You can run go test . -data on Linux to update them.

Copy link
Copy Markdown
Contributor Author

@ruflin ruflin Jan 11, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, it unfortunately also removed some entries which are probably available in other envs.

@ruflin ruflin force-pushed the ecs-process-metadata branch from 2d655e9 to 941a91f Compare January 11, 2019 11:41
@ruflin ruflin merged commit f5a9028 into elastic:master Jan 11, 2019
@ruflin ruflin deleted the ecs-process-metadata branch January 11, 2019 15:46
DStape pushed a commit to DStape/beats that referenced this pull request Aug 20, 2019
@ruflin
Rename process.exe to process.executable for ECS (elastic#9949)
309c560 
This also updates the auditbeat auditd module to use process.executable instead of process.exe.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

+2 more reviewers

@webmat webmat webmat approved these changes

@urso urso urso approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

ecs libbeat review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ruflin @andrewkroh @webmat @urso