Skip to content

Commit 01cd6eb

Browse files
r00tu53rr00tu53r
committed
rebuild after merging master
2 parents 194daed + 6458f55 commit 01cd6eb

File tree

39 files changed

+1676
-175302
lines changed

39 files changed

+1676
-175302
lines changed

packages/aws/changelog.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,9 @@
11
# newer versions go on top
2+
- version: "1.10.0"
3+
changes:
4+
- description: Add cloudwatch input into AWS package for log collection
5+
type: enhancement
6+
link: https://github.com/elastic/integrations/pull/2323
27
- version: "1.9.0"
38
changes:
49
- description: Add Route 53 Resolver Logs Datastream

packages/aws/data_stream/cloudtrail/agent/stream/aws-cloudwatch.yml.hbs

Lines changed: 93 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,93 @@
1+
{{#unless log_group_name}}
2+
{{#unless log_group_name_prefix}}
3+
{{#if log_group_arn }}
4+
log_group_arn: {{ log_group_arn }}
5+
{{/if}}
6+
{{/unless}}
7+
{{/unless}}
8+
9+
{{#unless log_group_arn}}
10+
{{#unless log_group_name}}
11+
{{#if log_group_name_prefix }}
12+
log_group_name_prefix: {{ log_group_name_prefix }}
13+
{{/if}}
14+
{{/unless}}
15+
{{/unless}}
16+
17+
{{#unless log_group_arn}}
18+
{{#unless log_group_name_prefix}}
19+
{{#if log_group_name }}
20+
log_group_name: {{ log_group_name }}
21+
{{/if}}
22+
{{/unless}}
23+
{{/unless}}
24+
25+
{{#unless log_group_arn}}
26+
region_name: {{ region_name }}
27+
{{/unless}}
28+
29+
{{#unless log_stream_prefix}}
30+
{{#if log_streams }}
31+
log_streams: {{ log_streams }}
32+
{{/if}}
33+
{{/unless}}
34+
35+
{{#unless log_streams}}
36+
{{#if log_stream_prefix }}
37+
log_stream_prefix: {{ log_stream_prefix }}
38+
{{/if}}
39+
{{/unless}}
40+
41+
{{#if start_position }}
42+
start_position: {{ start_position }}
43+
{{/if}}
44+
45+
{{#if scan_frequency }}
46+
scan_frequency: {{ scan_frequency }}
47+
{{/if}}
48+
49+
{{#if api_sleep }}
50+
api_sleep: {{ api_sleep }}
51+
{{/if}}
52+
53+
{{#if credential_profile_name}}
54+
credential_profile_name: {{credential_profile_name}}
55+
{{/if}}
56+
{{#if shared_credential_file}}
57+
shared_credential_file: {{shared_credential_file}}
58+
{{/if}}
59+
{{#if api_timeout}}
60+
api_timeout: {{api_timeout}}
61+
{{/if}}
62+
{{#if endpoint}}
63+
endpoint: {{endpoint}}
64+
{{/if}}
65+
{{#if access_key_id}}
66+
access_key_id: {{access_key_id}}
67+
{{/if}}
68+
{{#if secret_access_key}}
69+
secret_access_key: {{secret_access_key}}
70+
{{/if}}
71+
{{#if session_token}}
72+
session_token: {{session_token}}
73+
{{/if}}
74+
{{#if role_arn}}
75+
role_arn: {{role_arn}}
76+
{{/if}}
77+
{{#if proxy_url }}
78+
proxy_url: {{proxy_url}}
79+
{{/if}}
80+
tags:
81+
{{#if preserve_original_event}}
82+
- preserve_original_event
83+
{{/if}}
84+
{{#each tags as |tag i|}}
85+
- {{tag}}
86+
{{/each}}
87+
{{#contains "forwarded" tags}}
88+
publisher_pipeline.disable_host: true
89+
{{/contains}}
90+
{{#if processors}}
91+
processors:
92+
{{processors}}
93+
{{/if}}

packages/aws/data_stream/cloudtrail/manifest.yml

Lines changed: 106 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -193,3 +193,109 @@ streams:
193193
type: bool
194194
multi: false
195195
default: false
196+
- input: aws-cloudwatch
197+
template_path: aws-cloudwatch.yml.hbs
198+
title: AWS CloudTrail Logs
199+
description: Collect AWS CloudTrail logs using cloudwatch input
200+
enabled: false
201+
vars:
202+
- name: log_group_arn
203+
type: text
204+
title: Log Group ARN
205+
multi: false
206+
required: false
207+
show_user: true
208+
description: ARN of the log group to collect logs from.
209+
- name: log_group_name
210+
type: text
211+
title: Log Group Name
212+
multi: false
213+
required: false
214+
show_user: false
215+
description: Name of the log group to collect logs from. `region_name` is required when `log_group_name` is given.
216+
- name: log_group_name_prefix
217+
type: text
218+
title: Log Group Name Prefix
219+
multi: false
220+
required: false
221+
show_user: false
222+
description: The prefix for a group of log group names. `region_name` is required when `log_group_name_prefix` is given. `log_group_name` and `log_group_name_prefix` cannot be given at the same time.
223+
- name: region_name
224+
type: text
225+
title: Region Name
226+
multi: false
227+
required: false
228+
show_user: false
229+
description: Region that the specified log group or log group prefix belongs to.
230+
- name: log_streams
231+
type: text
232+
title: Log Streams
233+
multi: true
234+
required: false
235+
show_user: false
236+
description: A list of strings of log streams names that Filebeat collect log events from.
237+
- name: log_streams_prefix
238+
type: text
239+
title: Log Stream Prefix
240+
multi: false
241+
required: false
242+
show_user: false
243+
description: A string to filter the results to include only log events from log streams that have names starting with this prefix.
244+
- name: start_position
245+
type: text
246+
title: Start Position
247+
multi: false
248+
required: false
249+
default: beginning
250+
show_user: true
251+
description: Allows user to specify if this input should read log files from the beginning or from the end.
252+
- name: scan_frequency
253+
type: text
254+
title: Scan Frequency
255+
multi: false
256+
required: false
257+
show_user: false
258+
default: 1m
259+
description: This config parameter sets how often Filebeat checks for new log events from the specified log group.
260+
- name: api_timeput
261+
type: text
262+
title: API Timeout
263+
multi: false
264+
required: false
265+
show_user: false
266+
default: 120s
267+
description: The maximum duration of AWS API can take. If it exceeds the timeout, AWS API will be interrupted.
268+
- name: api_sleep
269+
type: text
270+
title: API Sleep
271+
multi: false
272+
required: false
273+
show_user: false
274+
default: 200ms
275+
description: This is used to sleep between AWS FilterLogEvents API calls inside the same collection period. `FilterLogEvents` API has a quota of 5 transactions per second (TPS)/account/Region. This value should only be adjusted when there are multiple Filebeats or multiple Filebeat inputs collecting logs from the same region and AWS account.
276+
- name: tags
277+
type: text
278+
title: Tags
279+
multi: true
280+
required: true
281+
show_user: false
282+
default:
283+
- forwarded
284+
- aws-cloudtrail
285+
- name: processors
286+
type: yaml
287+
title: Processors
288+
multi: false
289+
required: false
290+
show_user: false
291+
description: >
292+
Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
293+
294+
- name: preserve_original_event
295+
required: true
296+
show_user: true
297+
title: Preserve original event
298+
description: Preserves a raw copy of the original event, added to the field `event.original`
299+
type: bool
300+
multi: false
301+
default: false

packages/aws/data_stream/cloudwatch_logs/agent/stream/aws-cloudwatch.yml.hbs

Lines changed: 93 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,93 @@
1+
{{#unless log_group_name}}
2+
{{#unless log_group_name_prefix}}
3+
{{#if log_group_arn }}
4+
log_group_arn: {{ log_group_arn }}
5+
{{/if}}
6+
{{/unless}}
7+
{{/unless}}
8+
9+
{{#unless log_group_arn}}
10+
{{#unless log_group_name}}
11+
{{#if log_group_name_prefix }}
12+
log_group_name_prefix: {{ log_group_name_prefix }}
13+
{{/if}}
14+
{{/unless}}
15+
{{/unless}}
16+
17+
{{#unless log_group_arn}}
18+
{{#unless log_group_name_prefix}}
19+
{{#if log_group_name }}
20+
log_group_name: {{ log_group_name }}
21+
{{/if}}
22+
{{/unless}}
23+
{{/unless}}
24+
25+
{{#unless log_group_arn}}
26+
region_name: {{ region_name }}
27+
{{/unless}}
28+
29+
{{#unless log_stream_prefix}}
30+
{{#if log_streams }}
31+
log_streams: {{ log_streams }}
32+
{{/if}}
33+
{{/unless}}
34+
35+
{{#unless log_streams}}
36+
{{#if log_stream_prefix }}
37+
log_stream_prefix: {{ log_stream_prefix }}
38+
{{/if}}
39+
{{/unless}}
40+
41+
{{#if start_position }}
42+
start_position: {{ start_position }}
43+
{{/if}}
44+
45+
{{#if scan_frequency }}
46+
scan_frequency: {{ scan_frequency }}
47+
{{/if}}
48+
49+
{{#if api_sleep }}
50+
api_sleep: {{ api_sleep }}
51+
{{/if}}
52+
53+
{{#if credential_profile_name}}
54+
credential_profile_name: {{credential_profile_name}}
55+
{{/if}}
56+
{{#if shared_credential_file}}
57+
shared_credential_file: {{shared_credential_file}}
58+
{{/if}}
59+
{{#if api_timeout}}
60+
api_timeout: {{api_timeout}}
61+
{{/if}}
62+
{{#if endpoint}}
63+
endpoint: {{endpoint}}
64+
{{/if}}
65+
{{#if access_key_id}}
66+
access_key_id: {{access_key_id}}
67+
{{/if}}
68+
{{#if secret_access_key}}
69+
secret_access_key: {{secret_access_key}}
70+
{{/if}}
71+
{{#if session_token}}
72+
session_token: {{session_token}}
73+
{{/if}}
74+
{{#if role_arn}}
75+
role_arn: {{role_arn}}
76+
{{/if}}
77+
{{#if proxy_url }}
78+
proxy_url: {{proxy_url}}
79+
{{/if}}
80+
tags:
81+
{{#if preserve_original_event}}
82+
- preserve_original_event
83+
{{/if}}
84+
{{#each tags as |tag i|}}
85+
- {{tag}}
86+
{{/each}}
87+
{{#contains "forwarded" tags}}
88+
publisher_pipeline.disable_host: true
89+
{{/contains}}
90+
{{#if processors}}
91+
processors:
92+
{{processors}}
93+
{{/if}}

0 commit comments

Comments
 (0)