From f8253aaabacfa7c1a417499c02e7ed294cb21606 Mon Sep 17 00:00:00 2001 From: Tiago Queiroz Date: Mon, 22 Jan 2024 18:15:29 +0100 Subject: [PATCH] rename eventsLogger to sensitiveLogger --- auditbeat/auditbeat.reference.yml | 4 +- auditbeat/auditbeat.yml | 4 +- filebeat/filebeat.reference.yml | 4 +- filebeat/filebeat.yml | 4 +- go.mod | 2 +- go.sum | 4 +- heartbeat/heartbeat.reference.yml | 4 +- heartbeat/heartbeat.yml | 4 +- .../_meta/config/logging.reference.yml.tmpl | 4 +- libbeat/_meta/config/logging.yml.tmpl | 4 +- libbeat/cmd/instance/beat.go | 61 ++++++++++--------- libbeat/cmd/instance/beat_test.go | 4 +- libbeat/docs/loggingconfig.asciidoc | 20 +++--- libbeat/outputs/console/console.go | 2 +- libbeat/outputs/elasticsearch/client.go | 14 ++--- .../elasticsearch/client_integration_test.go | 10 +-- .../outputs/elasticsearch/elasticsearch.go | 10 +-- libbeat/outputs/fileout/file.go | 14 ++--- libbeat/outputs/kafka/client.go | 14 ++--- libbeat/outputs/kafka/kafka.go | 4 +- libbeat/outputs/logstash/logstash.go | 2 +- libbeat/outputs/output_reg.go | 6 +- libbeat/outputs/redis/client.go | 22 +++---- libbeat/outputs/redis/redis.go | 4 +- libbeat/outputs/shipper/shipper.go | 2 +- libbeat/publisher/pipeline/controller.go | 4 +- libbeat/publisher/pipeline/pipeline.go | 2 +- libbeat/publisher/pipeline/stress/out.go | 2 +- metricbeat/metricbeat.reference.yml | 4 +- metricbeat/metricbeat.yml | 4 +- packetbeat/packetbeat.reference.yml | 4 +- packetbeat/packetbeat.yml | 4 +- winlogbeat/winlogbeat.reference.yml | 4 +- winlogbeat/winlogbeat.yml | 4 +- x-pack/auditbeat/auditbeat.reference.yml | 4 +- x-pack/auditbeat/auditbeat.yml | 4 +- .../pipelinemanager/libbeattools.go | 8 +-- x-pack/filebeat/filebeat.reference.yml | 4 +- x-pack/filebeat/filebeat.yml | 4 +- .../functionbeat/functionbeat.reference.yml | 4 +- x-pack/functionbeat/functionbeat.yml | 4 +- x-pack/heartbeat/heartbeat.reference.yml | 4 +- x-pack/heartbeat/heartbeat.yml | 4 +- x-pack/metricbeat/metricbeat.reference.yml | 4 +- x-pack/metricbeat/metricbeat.yml | 4 +- x-pack/osquerybeat/osquerybeat.reference.yml | 4 +- x-pack/osquerybeat/osquerybeat.yml | 4 +- x-pack/packetbeat/packetbeat.reference.yml | 4 +- x-pack/packetbeat/packetbeat.yml | 4 +- x-pack/winlogbeat/winlogbeat.reference.yml | 4 +- x-pack/winlogbeat/winlogbeat.yml | 4 +- 51 files changed, 166 insertions(+), 165 deletions(-) diff --git a/auditbeat/auditbeat.reference.yml b/auditbeat/auditbeat.reference.yml index 9f965c0c7616..2483daa33c4f 100644 --- a/auditbeat/auditbeat.reference.yml +++ b/auditbeat/auditbeat.reference.yml @@ -1553,14 +1553,14 @@ logging.files: # Having a different log file for raw events also prevents event data # from drowning out the regular log files. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/auditbeat # The name of the files where the logs are written to. - #name: auditbeat-events-data + #name: auditbeat-sensitive # Configure log file size limit. If the limit is reached, log file will be # automatically rotated. diff --git a/auditbeat/auditbeat.yml b/auditbeat/auditbeat.yml index e882ac93aaff..ba867c0f20fa 100644 --- a/auditbeat/auditbeat.yml +++ b/auditbeat/auditbeat.yml @@ -174,14 +174,14 @@ processors: # log messages, a different log file, only for log entries containing raw events, # is used. It will use the same level, selectors and all other configurations # from the default logger, but it will have it's own file configuration. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/auditbeat # The name of the files where the logs are written to. - #name: auditbeat-events-data + #name: auditbeat-sensitive # ============================= X-Pack Monitoring ============================== # Auditbeat can export internal metrics to a central Elasticsearch monitoring diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml index 272cff60d8ea..2577942ed124 100644 --- a/filebeat/filebeat.reference.yml +++ b/filebeat/filebeat.reference.yml @@ -2649,14 +2649,14 @@ logging.files: # Having a different log file for raw events also prevents event data # from drowning out the regular log files. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/filebeat # The name of the files where the logs are written to. - #name: filebeat-events-data + #name: filebeat-sensitive # Configure log file size limit. If the limit is reached, log file will be # automatically rotated. diff --git a/filebeat/filebeat.yml b/filebeat/filebeat.yml index 3add6f54a11a..863abb33bb7c 100644 --- a/filebeat/filebeat.yml +++ b/filebeat/filebeat.yml @@ -191,14 +191,14 @@ processors: # log messages, a different log file, only for log entries containing raw events, # is used. It will use the same level, selectors and all other configurations # from the default logger, but it will have it's own file configuration. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/filebeat # The name of the files where the logs are written to. - #name: filebeat-events-data + #name: filebeat-sensitive # ============================= X-Pack Monitoring ============================== # Filebeat can export internal metrics to a central Elasticsearch monitoring diff --git a/go.mod b/go.mod index 7b33536c2dff..24f8623c75c3 100644 --- a/go.mod +++ b/go.mod @@ -420,4 +420,4 @@ replace ( // Exclude this version because the version has an invalid checksum. exclude github.com/docker/distribution v2.8.0+incompatible -replace github.com/elastic/elastic-agent-libs => github.com/belimawr/elastic-agent-libs v0.2.9-0.20240116105334-25f61a14ad41 +replace github.com/elastic/elastic-agent-libs => github.com/belimawr/elastic-agent-libs v0.2.9-0.20240122163001-efb117578ab2 diff --git a/go.sum b/go.sum index e76d55018646..2bbdbc8407f2 100644 --- a/go.sum +++ b/go.sum @@ -373,8 +373,8 @@ github.com/awslabs/goformation/v4 v4.1.0 h1:JRxIW0IjhYpYDrIZOTJGMu2azXKI+OK5dP56 github.com/awslabs/goformation/v4 v4.1.0/go.mod h1:MBDN7u1lMNDoehbFuO4uPvgwPeolTMA2TzX1yO6KlxI= github.com/awslabs/kinesis-aggregation/go/v2 v2.0.0-20220623125934-28468a6701b5 h1:lxW5Q6K2IisyF5tlr6Ts0W4POGWQZco05MJjFmoeIHs= github.com/awslabs/kinesis-aggregation/go/v2 v2.0.0-20220623125934-28468a6701b5/go.mod h1:0Qr1uMHFmHsIYMcG4T7BJ9yrJtWadhOmpABCX69dwuc= -github.com/belimawr/elastic-agent-libs v0.2.9-0.20240116105334-25f61a14ad41 h1:4kwfzIBmNATT0es3HsgZP7W4p6OUo1TCOk5qchsUzTs= -github.com/belimawr/elastic-agent-libs v0.2.9-0.20240116105334-25f61a14ad41/go.mod h1:pGMj5myawdqu+xE+WKvM5FQzKQ/MonikkWOzoFTJxaU= +github.com/belimawr/elastic-agent-libs v0.2.9-0.20240122163001-efb117578ab2 h1:QOTo5kTJ8oqdrSOH8/OhSkEMA3mnRltGg52M9YyH7Zo= +github.com/belimawr/elastic-agent-libs v0.2.9-0.20240122163001-efb117578ab2/go.mod h1:pGMj5myawdqu+xE+WKvM5FQzKQ/MonikkWOzoFTJxaU= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/benbjohnson/immutable v0.2.1/go.mod h1:uc6OHo6PN2++n98KHLxW8ef4W42ylHiQSENghE1ezxI= github.com/benbjohnson/tmpl v1.0.0/go.mod h1:igT620JFIi44B6awvU9IsDhR77IXWtFigTLil/RPdps= diff --git a/heartbeat/heartbeat.reference.yml b/heartbeat/heartbeat.reference.yml index 1c7317042850..fceb17e7d777 100644 --- a/heartbeat/heartbeat.reference.yml +++ b/heartbeat/heartbeat.reference.yml @@ -1645,14 +1645,14 @@ logging.files: # Having a different log file for raw events also prevents event data # from drowning out the regular log files. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/heartbeat # The name of the files where the logs are written to. - #name: heartbeat-events-data + #name: heartbeat-sensitive # Configure log file size limit. If the limit is reached, log file will be # automatically rotated. diff --git a/heartbeat/heartbeat.yml b/heartbeat/heartbeat.yml index 0b28eec374e0..be707ad671e4 100644 --- a/heartbeat/heartbeat.yml +++ b/heartbeat/heartbeat.yml @@ -157,14 +157,14 @@ processors: # log messages, a different log file, only for log entries containing raw events, # is used. It will use the same level, selectors and all other configurations # from the default logger, but it will have it's own file configuration. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/heartbeat # The name of the files where the logs are written to. - #name: heartbeat-events-data + #name: heartbeat-sensitive # ============================= X-Pack Monitoring ============================== # Heartbeat can export internal metrics to a central Elasticsearch monitoring diff --git a/libbeat/_meta/config/logging.reference.yml.tmpl b/libbeat/_meta/config/logging.reference.yml.tmpl index d8e91dfffdbb..1cc018bbf3e1 100644 --- a/libbeat/_meta/config/logging.reference.yml.tmpl +++ b/libbeat/_meta/config/logging.reference.yml.tmpl @@ -77,14 +77,14 @@ logging.files: # Having a different log file for raw events also prevents event data # from drowning out the regular log files. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/{{.BeatName}} # The name of the files where the logs are written to. - #name: {{.BeatName}}-events-data + #name: {{.BeatName}}-sensitive # Configure log file size limit. If the limit is reached, log file will be # automatically rotated. diff --git a/libbeat/_meta/config/logging.yml.tmpl b/libbeat/_meta/config/logging.yml.tmpl index 7fe93c9fc0a1..8a1f5d18cc84 100644 --- a/libbeat/_meta/config/logging.yml.tmpl +++ b/libbeat/_meta/config/logging.yml.tmpl @@ -14,11 +14,11 @@ # log messages, a different log file, only for log entries containing raw events, # is used. It will use the same level, selectors and all other configurations # from the default logger, but it will have it's own file configuration. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/{{.BeatName}} # The name of the files where the logs are written to. - #name: {{.BeatName}}-events-data + #name: {{.BeatName}}-sensitive diff --git a/libbeat/cmd/instance/beat.go b/libbeat/cmd/instance/beat.go index 4362e276b734..0f9b1816b1a7 100644 --- a/libbeat/cmd/instance/beat.go +++ b/libbeat/cmd/instance/beat.go @@ -122,15 +122,15 @@ type beatConfig struct { Features *config.C `config:"features"` // beat internal components configurations - HTTP *config.C `config:"http"` - HTTPPprof *pprof.Config `config:"http.pprof"` - BufferConfig *config.C `config:"http.buffer"` - Path paths.Path `config:"path"` - Logging *config.C `config:"logging"` - EventLogging *config.C `config:"logging.events"` - MetricLogging *config.C `config:"logging.metrics"` - Keystore *config.C `config:"keystore"` - Instrumentation instrumentation.Config `config:"instrumentation"` + HTTP *config.C `config:"http"` + HTTPPprof *pprof.Config `config:"http.pprof"` + BufferConfig *config.C `config:"http.buffer"` + Path paths.Path `config:"path"` + Logging *config.C `config:"logging"` + SensitiveLogging *config.C `config:"logging.sensitive"` + MetricLogging *config.C `config:"logging.metrics"` + Keystore *config.C `config:"keystore"` + Instrumentation instrumentation.Config `config:"instrumentation"` // output/publishing related configurations Pipeline pipeline.Config `config:",inline"` @@ -386,29 +386,30 @@ func (b *Beat) createBeater(bt beat.Creator) (beat.Beater, error) { // we need some defaults to be populates otherwise Unpack will // fail. We also overwrite some defaults that are specific to the // events logger. - eventsLoggerCfg := logp.DefaultConfig(configure.GetEnvironment()) - eventsLoggerCfg.Files.MaxSize = 5242880 // 5MB - eventsLoggerCfg.Files.MaxBackups = 5 + sensitiveLoggerCfg := logp.DefaultConfig(configure.GetEnvironment()) + sensitiveLoggerCfg.ToFiles = true // make the default explicit + sensitiveLoggerCfg.Files.MaxSize = 5242880 // 5MB + sensitiveLoggerCfg.Files.MaxBackups = 5 - // merge eventsLoggerCfg with b.Config.Logging, so logging.events.* only + // merge sensitiveLoggerCfg with b.Config.Logging, so logging.sensitive.* only // overwrites the files block. - if err := b.Config.EventLogging.Unpack(&eventsLoggerCfg); err != nil { + if err := b.Config.SensitiveLogging.Unpack(&sensitiveLoggerCfg); err != nil { return nil, fmt.Errorf("error initialising events logger: %w", err) } // Ensure the default filename is set - if eventsLoggerCfg.Files.Name == "" { - eventsLoggerCfg.Files.Name = b.Info.Beat + if sensitiveLoggerCfg.Files.Name == "" { + sensitiveLoggerCfg.Files.Name = b.Info.Beat // Append the name so the files do not overwrite themselves. - eventsLoggerCfg.Files.Name = eventsLoggerCfg.Files.Name + "-events-data" + sensitiveLoggerCfg.Files.Name = sensitiveLoggerCfg.Files.Name + "-events-data" } // Now that the events logger is configured, we can register it's diagnostic // hook b.Manager.RegisterDiagnosticHook("events log", "log files containing raw events", "events_log.ndjson", - "application/x-ndjson", b.eventsLogDiagnosticsHook(eventsLoggerCfg)) - outputFactory := b.makeOutputFactory(b.Config.Output, eventsLoggerCfg) + "application/x-ndjson", b.eventsLogDiagnosticsHook(sensitiveLoggerCfg)) + outputFactory := b.makeOutputFactory(b.Config.Output, sensitiveLoggerCfg) settings := pipeline.Settings{ Processors: b.processors, InputQueueSize: b.InputQueueSize, @@ -418,7 +419,7 @@ func (b *Beat) createBeater(bt beat.Creator) (beat.Beater, error) { return nil, fmt.Errorf("error initializing publisher: %w", err) } - reload.RegisterV2.MustRegisterOutput(b.makeOutputReloader(publisher.OutputReloader(), eventsLoggerCfg)) + reload.RegisterV2.MustRegisterOutput(b.makeOutputReloader(publisher.OutputReloader(), sensitiveLoggerCfg)) // TODO: some beats race on shutdown with publisher.Stop -> do not call Stop yet, // but refine publisher to disconnect clients on stop automatically @@ -855,18 +856,18 @@ func (b *Beat) configure(settings Settings) error { // If either b.Config.EventLoggingor b.Config.Logging are nil // merging them will fail, so in case any of them is nil, // we set them to an empty config.C - if b.Config.EventLogging == nil { - b.Config.EventLogging = config.NewConfig() + if b.Config.SensitiveLogging == nil { + b.Config.SensitiveLogging = config.NewConfig() } if b.Config.Logging == nil { b.Config.Logging = config.NewConfig() } - if err := b.Config.EventLogging.Merge(b.Config.Logging); err != nil { - return fmt.Errorf("cannot merge logging and logging.events configuration: %w", err) + if err := b.Config.SensitiveLogging.Merge(b.Config.Logging); err != nil { + return fmt.Errorf("cannot merge logging and logging.sensitive configuration: %w", err) } - if _, err := b.Config.EventLogging.Remove("events", -1); err != nil { - return fmt.Errorf("cannot update logging.events configuration: %w", err) + if _, err := b.Config.SensitiveLogging.Remove("events", -1); err != nil { + return fmt.Errorf("cannot update logging.sensitive configuration: %w", err) } if err := promoteOutputQueueSettings(&b.Config); err != nil { @@ -1176,7 +1177,7 @@ func (b *Beat) indexSetupCallback() elasticsearch.ConnectCallback { } } -func (b *Beat) makeOutputReloader(outReloader pipeline.OutputReloader, eventsLoggerCfg logp.Config) reload.Reloadable { +func (b *Beat) makeOutputReloader(outReloader pipeline.OutputReloader, sensitiveLoggerCfg logp.Config) reload.Reloadable { return reload.ReloadableFunc(func(update *reload.ConfigWithMeta) error { if update == nil { return nil @@ -1198,7 +1199,7 @@ func (b *Beat) makeOutputReloader(outReloader pipeline.OutputReloader, eventsLog } } - return outReloader.Reload(update, eventsLoggerCfg, b.createOutput) + return outReloader.Reload(update, sensitiveLoggerCfg, b.createOutput) }) } @@ -1303,7 +1304,7 @@ func (b *Beat) reloadOutputOnCertChange(cfg config.Namespace) error { return nil } -func (b *Beat) createOutput(stats outputs.Observer, cfg config.Namespace, eventsLoggerCfg logp.Config) (outputs.Group, error) { +func (b *Beat) createOutput(stats outputs.Observer, cfg config.Namespace, sensitiveLoggerCfg logp.Config) (outputs.Group, error) { if !cfg.IsSet() { return outputs.Group{}, nil } @@ -1312,7 +1313,7 @@ func (b *Beat) createOutput(stats outputs.Observer, cfg config.Namespace, events return outputs.Group{}, fmt.Errorf("could not setup output certificates reloader: %w", err) } - return outputs.Load(b.IdxSupporter, b.Info, stats, cfg.Name(), cfg.Config(), eventsLoggerCfg) + return outputs.Load(b.IdxSupporter, b.Info, stats, cfg.Name(), cfg.Config(), sensitiveLoggerCfg) } func (b *Beat) registerClusterUUIDFetching() { diff --git a/libbeat/cmd/instance/beat_test.go b/libbeat/cmd/instance/beat_test.go index 0ee30cdcc720..184797591b86 100644 --- a/libbeat/cmd/instance/beat_test.go +++ b/libbeat/cmd/instance/beat_test.go @@ -267,8 +267,8 @@ type outputReloaderMock struct { func (r *outputReloaderMock) Reload( cfg *reload.ConfigWithMeta, - eventsLoggerCfg logp.Config, - factory func(o outputs.Observer, cfg config.Namespace, eventsLoggerCfg logp.Config) (outputs.Group, error), + sensitiveLoggerCfg logp.Config, + factory func(o outputs.Observer, cfg config.Namespace, sensitiveLoggerCfg logp.Config) (outputs.Group, error), ) error { r.cfg = cfg return nil diff --git a/libbeat/docs/loggingconfig.asciidoc b/libbeat/docs/loggingconfig.asciidoc index f9cc07563eb2..89181dc69617 100644 --- a/libbeat/docs/loggingconfig.asciidoc +++ b/libbeat/docs/loggingconfig.asciidoc @@ -296,7 +296,7 @@ Below are some samples: ifndef::serverless[] [float] -=== Configuration options for events logger +=== Configuration options for sensitive logger Some outputs will log raw events on errors like indexing errors in the Elasticsearch output, to prevent logging raw events (that may contain @@ -309,34 +309,34 @@ Having a different log file for raw events also prevents event data from drowning out the regular log files. IMPORTANT: No matter the default logger output configuration, raw events -will **always** be logged to a file configured by `logging.events.files`. +will **always** be logged to a file configured by `logging.sensitive.files`. [float] -==== `logging.events.files.path` +==== `logging.sensitive.files.path` The directory that log files are written to. The default is the logs path. See the <> section for details. [float] -==== `logging.events.files.name` +==== `logging.sensitive.files.name` -The name of the file that logs are written to. The default is '{beatname_lc}'. +The name of the file that logs are written to. The default is '{beatname_lc}'-sensitive. [float] -==== `logging.events.files.rotateeverybytes` +==== `logging.sensitive.files.rotateeverybytes` The maximum size of a log file. If the limit is reached, a new log file is generated. The default size limit is 5242880 (5 MB). [float] -==== `logging.events.files.keepfiles` +==== `logging.sensitive.files.keepfiles` The number of most recent rotated log files to keep on disk. Older files are deleted during log rotation. The default value is 5. The `keepfiles` options has to be in the range of 2 to 1024 files. [float] -==== `logging.events.files.permissions` +==== `logging.sensitive.files.permissions` The permissions mask to apply when rotating log files. The default value is 0600. The `permissions` option must be a valid Unix-style file permissions mask @@ -354,7 +354,7 @@ Examples: * 0600: give read and write access to the file owner, and no access to all others. [float] -==== `logging.events.files.interval` +==== `logging.sensitive.files.interval` Enable log file rotation on time intervals in addition to size-based rotation. Intervals must be at least 1s. Values of 1m, 1h, 24h, 7*24h, 30*24h, and 365*24h @@ -363,7 +363,7 @@ reported by the local system clock. All other intervals are calculated from the unix epoch. Defaults to disabled. [float] -==== `logging.events.files.rotateonstartup` +==== `logging.sensitive.files.rotateonstartup` If the log file already exists on startup, immediately rotate it and start writing to a new file instead of appending to the existing one. Defaults to diff --git a/libbeat/outputs/console/console.go b/libbeat/outputs/console/console.go index a7cc4a69e6ad..753fe0b4b30d 100644 --- a/libbeat/outputs/console/console.go +++ b/libbeat/outputs/console/console.go @@ -51,7 +51,7 @@ func makeConsole( beat beat.Info, observer outputs.Observer, cfg *config.C, - eventsLoggerCfg logp.Config, + sensitiveLoggerCfg logp.Config, ) (outputs.Group, error) { config := defaultConfig err := cfg.Unpack(&config) diff --git a/libbeat/outputs/elasticsearch/client.go b/libbeat/outputs/elasticsearch/client.go index b9728fc7bf88..22df451600e4 100644 --- a/libbeat/outputs/elasticsearch/client.go +++ b/libbeat/outputs/elasticsearch/client.go @@ -56,7 +56,7 @@ type Client struct { NonIndexableAction string log *logp.Logger - eventsLogger *logp.Logger + sensitiveLogger *logp.Logger } // ClientSettings contains the settings for a client. @@ -83,7 +83,7 @@ const ( // NewClient instantiates a new client. func NewClient( logger *logp.Logger, - eventsLogger *logp.Logger, + sensitiveLogger *logp.Logger, s ClientSettings, onConnect *callbacksRegistry, ) (*Client, error) { @@ -144,7 +144,7 @@ func NewClient( NonIndexableAction: s.NonIndexableAction, log: logger, - eventsLogger: eventsLogger, + sensitiveLogger: sensitiveLogger, } return client, nil @@ -179,7 +179,7 @@ func (client *Client) Clone() *Client { c, _ := NewClient( client.log, - client.eventsLogger, + client.sensitiveLogger, ClientSettings{ ConnectionSettings: connection, Index: client.index, @@ -438,11 +438,11 @@ func (client *Client) bulkCollectPublishFails(result eslegclient.BulkResult, dat if result { stats.nonIndexable++ client.log.Errorf("Can't deliver to dead letter index event (status=%v). Look for events-data log file to view the event and cause.", status) - client.eventsLogger.Errorf("Can't deliver to dead letter index event %#v (status=%v): %s", data[i], status, msg) + client.sensitiveLogger.Errorf("Can't deliver to dead letter index event %#v (status=%v): %s", data[i], status, msg) // poison pill - this will clog the pipeline if the underlying failure is non transient. } else if client.NonIndexableAction == dead_letter_index { client.log.Warnf("Cannot index event (status=%v), trying dead letter index. Look for events-data log file to view the event and cause.", status) - client.eventsLogger.Warnf("Cannot index event %#v (status=%v): %s, trying dead letter index", data[i], status, msg) + client.sensitiveLogger.Warnf("Cannot index event %#v (status=%v): %s, trying dead letter index", data[i], status, msg) if data[i].Content.Meta == nil { data[i].Content.Meta = mapstr.M{ dead_letter_marker_field: true, @@ -458,7 +458,7 @@ func (client *Client) bulkCollectPublishFails(result eslegclient.BulkResult, dat } else { // drop stats.nonIndexable++ client.log.Warnf("Cannot index event (status=%v): dropping event! Look for events-data log file to view the event and cause.", status) - client.eventsLogger.Warnf("Cannot index event %#v (status=%v): %s, dropping event!", data[i], status, msg) + client.sensitiveLogger.Warnf("Cannot index event %#v (status=%v): %s, dropping event!", data[i], status, msg) continue } } diff --git a/libbeat/outputs/elasticsearch/client_integration_test.go b/libbeat/outputs/elasticsearch/client_integration_test.go index 7eebadc80098..2ecafac5f1d8 100644 --- a/libbeat/outputs/elasticsearch/client_integration_test.go +++ b/libbeat/outputs/elasticsearch/client_integration_test.go @@ -426,12 +426,12 @@ func connectTestEs(t *testing.T, cfg interface{}, stats outputs.Observer) (outpu // Creates the events logger configuration for testing, // it uses the default one but logs to stderr instead of a file. // This prevents the test to leave log files behind. - eventsLoggerCfg := logp.DefaultConfig(logp.DefaultEnvironment) - eventsLoggerCfg.Level = logp.DebugLevel - eventsLoggerCfg.ToStderr = true - eventsLoggerCfg.ToFiles = false + sensitiveLoggerCfg := logp.DefaultConfig(logp.DefaultEnvironment) + sensitiveLoggerCfg.Level = logp.DebugLevel + sensitiveLoggerCfg.ToStderr = true + sensitiveLoggerCfg.ToFiles = false - output, err := makeES(im, info, stats, config, eventsLoggerCfg) + output, err := makeES(im, info, stats, config, sensitiveLoggerCfg) if err != nil { t.Fatal(err) } diff --git a/libbeat/outputs/elasticsearch/elasticsearch.go b/libbeat/outputs/elasticsearch/elasticsearch.go index 975c78a13161..10d41279e50c 100644 --- a/libbeat/outputs/elasticsearch/elasticsearch.go +++ b/libbeat/outputs/elasticsearch/elasticsearch.go @@ -40,13 +40,13 @@ func makeES( beat beat.Info, observer outputs.Observer, cfg *config.C, - eventsLoggerCfg logp.Config, + sensitiveLoggerCfg logp.Config, ) (outputs.Group, error) { log := logp.NewLogger(logSelector) - eventsLogger := logp.NewLogger(logSelector) + sensitiveLogger := logp.NewLogger(logSelector) // Set a new Output so it writes to a different file than `log` - eventsLogger = eventsLogger.WithOptions(zap.WrapCore(logp.WithFileOrStderrOutput(eventsLoggerCfg))) - eventsLogger = eventsLogger.With("logger.type", "sensitive") + sensitiveLogger = sensitiveLogger.WithOptions(zap.WrapCore(logp.WithFileOrStderrOutput(sensitiveLoggerCfg))) + sensitiveLogger = sensitiveLogger.With("logger.type", "sensitive") if !cfg.HasField("bulk_max_size") { if err := cfg.SetInt("bulk_max_size", -1, defaultBulkSize); err != nil { @@ -120,7 +120,7 @@ func makeES( var client outputs.NetworkClient client, err = NewClient( log, - eventsLogger, + sensitiveLogger, ClientSettings{ ConnectionSettings: eslegclient.ConnectionSettings{ URL: esURL, diff --git a/libbeat/outputs/fileout/file.go b/libbeat/outputs/fileout/file.go index a0aadfd53e43..d003849b3025 100644 --- a/libbeat/outputs/fileout/file.go +++ b/libbeat/outputs/fileout/file.go @@ -40,7 +40,7 @@ func init() { type fileOutput struct { log *logp.Logger - eventsLogger *logp.Logger + sensitiveLogger *logp.Logger filePath string beat beat.Info observer outputs.Observer @@ -54,7 +54,7 @@ func makeFileout( beat beat.Info, observer outputs.Observer, cfg *c.C, - eventsLoggerCfg logp.Config, + sensitiveLoggerCfg logp.Config, ) (outputs.Group, error) { foConfig := defaultConfig() if err := cfg.Unpack(&foConfig); err != nil { @@ -65,14 +65,14 @@ func makeFileout( _ = cfg.SetInt("bulk_max_size", -1, -1) logSelector := "file" - eventsLogger := logp.NewLogger(logSelector) + sensitiveLogger := logp.NewLogger(logSelector) // Set a new Output so it writes to a different file than `log` - eventsLogger = eventsLogger.WithOptions(zap.WrapCore(logp.WithFileOrStderrOutput(eventsLoggerCfg))) - eventsLogger = eventsLogger.With("logger.type", "sensitive") + sensitiveLogger = sensitiveLogger.WithOptions(zap.WrapCore(logp.WithFileOrStderrOutput(sensitiveLoggerCfg))) + sensitiveLogger = sensitiveLogger.With("logger.type", "sensitive") fo := &fileOutput{ log: logp.NewLogger(logSelector), - eventsLogger: eventsLogger, + sensitiveLogger: sensitiveLogger, beat: beat, observer: observer, } @@ -143,7 +143,7 @@ func (out *fileOutput) Publish(_ context.Context, batch publisher.Batch) error { out.log.Warnf("Failed to serialize the event: %+v", err) } out.log.Debug("Event logged to events-data log file") - out.eventsLogger.Debugf("Failed event: %v", event) + out.sensitiveLogger.Debugf("Failed event: %v", event) dropped++ continue diff --git a/libbeat/outputs/kafka/client.go b/libbeat/outputs/kafka/client.go index 45f834888060..ae6c5455f0e1 100644 --- a/libbeat/outputs/kafka/client.go +++ b/libbeat/outputs/kafka/client.go @@ -42,7 +42,7 @@ import ( type client struct { log *logp.Logger - eventsLogger *logp.Logger + sensitiveLogger *logp.Logger observer outputs.Observer hosts []string topic outil.Selector @@ -83,16 +83,16 @@ func newKafkaClient( headers []header, writer codec.Codec, cfg *sarama.Config, - eventsLoggerCfg logp.Config, + sensitiveLoggerCfg logp.Config, ) (*client, error) { - eventsLogger := logp.NewLogger(logSelector) + sensitiveLogger := logp.NewLogger(logSelector) // Set a new Output so it writes to a different file than `log` - eventsLogger = eventsLogger.WithOptions(zap.WrapCore(logp.WithFileOrStderrOutput(eventsLoggerCfg))) - eventsLogger = eventsLogger.With("logger.type", "sensitive") + sensitiveLogger = sensitiveLogger.WithOptions(zap.WrapCore(logp.WithFileOrStderrOutput(sensitiveLoggerCfg))) + sensitiveLogger = sensitiveLogger.With("logger.type", "sensitive") c := &client{ log: logp.NewLogger(logSelector), - eventsLogger: eventsLogger, + sensitiveLogger: sensitiveLogger, observer: observer, hosts: hosts, topic: topic, @@ -238,7 +238,7 @@ func (c *client) getEventMessage(data *publisher.Event) (*message, error) { if err != nil { if c.log.IsDebug() { c.log.Debug("failed event logged to events logger file") - c.eventsLogger.Debugf("failed event: %v", event) + c.sensitiveLogger.Debugf("failed event: %v", event) } return nil, err } diff --git a/libbeat/outputs/kafka/kafka.go b/libbeat/outputs/kafka/kafka.go index 524a51bafe2d..93b3edfa2fb4 100644 --- a/libbeat/outputs/kafka/kafka.go +++ b/libbeat/outputs/kafka/kafka.go @@ -43,7 +43,7 @@ func makeKafka( beat beat.Info, observer outputs.Observer, cfg *config.C, - eventsLoggerCfg logp.Config, + sensitiveLoggerCfg logp.Config, ) (outputs.Group, error) { log := logp.NewLogger(logSelector) log.Debug("initialize kafka output") @@ -73,7 +73,7 @@ func makeKafka( return outputs.Fail(err) } - client, err := newKafkaClient(observer, hosts, beat.IndexPrefix, kConfig.Key, topic, kConfig.Headers, codec, libCfg, eventsLoggerCfg) + client, err := newKafkaClient(observer, hosts, beat.IndexPrefix, kConfig.Key, topic, kConfig.Headers, codec, libCfg, sensitiveLoggerCfg) if err != nil { return outputs.Fail(err) } diff --git a/libbeat/outputs/logstash/logstash.go b/libbeat/outputs/logstash/logstash.go index 466f6b742f9f..cc5a50251648 100644 --- a/libbeat/outputs/logstash/logstash.go +++ b/libbeat/outputs/logstash/logstash.go @@ -41,7 +41,7 @@ func makeLogstash( beat beat.Info, observer outputs.Observer, cfg *conf.C, - eventsLoggerCfg logp.Config, + sensitiveLoggerCfg logp.Config, ) (outputs.Group, error) { lsConfig, err := readConfig(cfg, beat) if err != nil { diff --git a/libbeat/outputs/output_reg.go b/libbeat/outputs/output_reg.go index 213daf0298ad..de0d5a2714db 100644 --- a/libbeat/outputs/output_reg.go +++ b/libbeat/outputs/output_reg.go @@ -34,7 +34,7 @@ type Factory func( beat beat.Info, stats Observer, cfg *config.C, - eventsLogger logp.Config) (Group, error) + sensitiveLoggerCfg logp.Config) (Group, error) // IndexManager provides additional index related services to the outputs. type IndexManager interface { @@ -83,7 +83,7 @@ func Load( stats Observer, name string, config *config.C, - eventsLoggerCfg logp.Config, + sensitiveLoggerCfg logp.Config, ) (Group, error) { factory := FindFactory(name) if factory == nil { @@ -93,5 +93,5 @@ func Load( if stats == nil { stats = NewNilObserver() } - return factory(im, info, stats, config, eventsLoggerCfg) + return factory(im, info, stats, config, sensitiveLoggerCfg) } diff --git a/libbeat/outputs/redis/client.go b/libbeat/outputs/redis/client.go index e6b40c63e047..5accd79ff1ef 100644 --- a/libbeat/outputs/redis/client.go +++ b/libbeat/outputs/redis/client.go @@ -49,7 +49,7 @@ type publishFn func( type client struct { log *logp.Logger - eventsLogger *logp.Logger + sensitiveLogger *logp.Logger *transport.Client observer outputs.Observer index string @@ -76,17 +76,17 @@ func newClient( pass string, db int, key outil.Selector, dt redisDataType, index string, codec codec.Codec, - eventsLoggerCfg logp.Config, + sensitiveLoggerCfg logp.Config, ) *client { logSelector := "redis" - eventsLogger := logp.NewLogger(logSelector) + sensitiveLogger := logp.NewLogger(logSelector) // Set a new Output so it writes to a different file than `log` - eventsLogger = eventsLogger.WithOptions(zap.WrapCore(logp.WithFileOrStderrOutput(eventsLoggerCfg))) - eventsLogger = eventsLogger.With("logger.type", "sensitive") + sensitiveLogger = sensitiveLogger.WithOptions(zap.WrapCore(logp.WithFileOrStderrOutput(sensitiveLoggerCfg))) + sensitiveLogger = sensitiveLogger.With("logger.type", "sensitive") return &client{ log: logp.NewLogger(logSelector), - eventsLogger: eventsLogger, + sensitiveLogger: sensitiveLogger, Client: tc, observer: observer, timeout: timeout, @@ -237,7 +237,7 @@ func (c *client) publishEventsBulk(conn redis.Conn, command string) publishFn { args := make([]interface{}, 1, len(data)+1) args[0] = dest - okEvents, args := serializeEvents(c.log, c.eventsLogger, args, 1, data, c.index, c.codec) + okEvents, args := serializeEvents(c.log, c.sensitiveLogger, args, 1, data, c.index, c.codec) c.observer.Dropped(len(data) - len(okEvents)) if (len(args) - 1) == 0 { return nil, nil @@ -263,7 +263,7 @@ func (c *client) publishEventsPipeline(conn redis.Conn, command string) publishF return func(key outil.Selector, data []publisher.Event) ([]publisher.Event, error) { var okEvents []publisher.Event serialized := make([]interface{}, 0, len(data)) - okEvents, serialized = serializeEvents(c.log, c.eventsLogger, serialized, 0, data, c.index, c.codec) + okEvents, serialized = serializeEvents(c.log, c.sensitiveLogger, serialized, 0, data, c.index, c.codec) c.observer.Dropped(len(data) - len(okEvents)) if len(serialized) == 0 { return nil, nil @@ -318,7 +318,7 @@ func (c *client) publishEventsPipeline(conn redis.Conn, command string) publishF func serializeEvents( log *logp.Logger, - eventsLogger *logp.Logger, + sensitiveLogger *logp.Logger, to []interface{}, i int, data []publisher.Event, @@ -331,7 +331,7 @@ func serializeEvents( serializedEvent, err := codec.Encode(index, &d.Content) if err != nil { log.Errorf("Encoding event failed with error: %+v. Look for events-data log file to view the event", err) - eventsLogger.Debugf("Failed event: %v", d.Content) + sensitiveLogger.Debugf("Failed event: %v", d.Content) goto failLoop } @@ -349,7 +349,7 @@ failLoop: serializedEvent, err := codec.Encode(index, &d.Content) if err != nil { log.Errorf("Encoding event failed with error: %+v. Look for events-data log file to view the event", err) - eventsLogger.Debugf("Failed event: %v", d.Content) + sensitiveLogger.Debugf("Failed event: %v", d.Content) i++ continue } diff --git a/libbeat/outputs/redis/redis.go b/libbeat/outputs/redis/redis.go index 5f902620a2ab..8b80cfc52060 100644 --- a/libbeat/outputs/redis/redis.go +++ b/libbeat/outputs/redis/redis.go @@ -52,7 +52,7 @@ func makeRedis( beat beat.Info, observer outputs.Observer, cfg *config.C, - eventsLoggerCfg logp.Config, + sensitiveLoggerCfg logp.Config, ) (outputs.Group, error) { if !cfg.HasField("index") { @@ -163,7 +163,7 @@ func makeRedis( } client := newClient(conn, observer, rConfig.Timeout, - pass, rConfig.Db, key, dataType, rConfig.Index, enc, eventsLoggerCfg) + pass, rConfig.Db, key, dataType, rConfig.Index, enc, sensitiveLoggerCfg) clients[i] = newBackoffClient(client, rConfig.Backoff.Init, rConfig.Backoff.Max) } diff --git a/libbeat/outputs/shipper/shipper.go b/libbeat/outputs/shipper/shipper.go index bf0e77691f9e..8caa97b25f28 100644 --- a/libbeat/outputs/shipper/shipper.go +++ b/libbeat/outputs/shipper/shipper.go @@ -92,7 +92,7 @@ func makeShipper( beat beat.Info, observer outputs.Observer, cfg *conf.C, - eventsLoggerCfg logp.Config, + sensitiveLoggerCfg logp.Config, ) (outputs.Group, error) { config := defaultConfig() diff --git a/libbeat/publisher/pipeline/controller.go b/libbeat/publisher/pipeline/controller.go index bcaaca438fd7..5b49bccfb2d4 100644 --- a/libbeat/publisher/pipeline/controller.go +++ b/libbeat/publisher/pipeline/controller.go @@ -180,7 +180,7 @@ func (c *outputController) Set(outGrp outputs.Group) { // Reload the output func (c *outputController) Reload( cfg *reload.ConfigWithMeta, - eventsLoggerCfg logp.Config, + sensitiveLoggerCfg logp.Config, outFactory func(outputs.Observer, conf.Namespace, logp.Config) (outputs.Group, error), ) error { outCfg := conf.Namespace{} @@ -192,7 +192,7 @@ func (c *outputController) Reload( output, err := loadOutput(c.monitors, func(stats outputs.Observer) (string, outputs.Group, error) { name := outCfg.Name() - out, err := outFactory(stats, outCfg, eventsLoggerCfg) + out, err := outFactory(stats, outCfg, sensitiveLoggerCfg) return name, out, err }) if err != nil { diff --git a/libbeat/publisher/pipeline/pipeline.go b/libbeat/publisher/pipeline/pipeline.go index 7076b379fe58..3414950538fc 100644 --- a/libbeat/publisher/pipeline/pipeline.go +++ b/libbeat/publisher/pipeline/pipeline.go @@ -111,7 +111,7 @@ const ( type OutputReloader interface { Reload( cfg *reload.ConfigWithMeta, - eventsLoggerCfg logp.Config, + sensitiveLoggerCfg logp.Config, factory func(outputs.Observer, conf.Namespace, logp.Config) (outputs.Group, error), ) error } diff --git a/libbeat/publisher/pipeline/stress/out.go b/libbeat/publisher/pipeline/stress/out.go index fc51f24e7d57..5fa5260861a6 100644 --- a/libbeat/publisher/pipeline/stress/out.go +++ b/libbeat/publisher/pipeline/stress/out.go @@ -56,7 +56,7 @@ func init() { outputs.RegisterType("test", makeTestOutput) } -func makeTestOutput(_ outputs.IndexManager, beat beat.Info, observer outputs.Observer, cfg *conf.C, eventsLoggerCfg logp.Config) (outputs.Group, error) { +func makeTestOutput(_ outputs.IndexManager, beat beat.Info, observer outputs.Observer, cfg *conf.C, sensitiveLoggerCfg logp.Config) (outputs.Group, error) { config := defaultTestOutputConfig if err := cfg.Unpack(&config); err != nil { return outputs.Fail(err) diff --git a/metricbeat/metricbeat.reference.yml b/metricbeat/metricbeat.reference.yml index 4420d4a2dc6e..474656912e73 100644 --- a/metricbeat/metricbeat.reference.yml +++ b/metricbeat/metricbeat.reference.yml @@ -2403,14 +2403,14 @@ logging.files: # Having a different log file for raw events also prevents event data # from drowning out the regular log files. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/metricbeat # The name of the files where the logs are written to. - #name: metricbeat-events-data + #name: metricbeat-sensitive # Configure log file size limit. If the limit is reached, log file will be # automatically rotated. diff --git a/metricbeat/metricbeat.yml b/metricbeat/metricbeat.yml index 3925d12b82c8..84fd87726aca 100644 --- a/metricbeat/metricbeat.yml +++ b/metricbeat/metricbeat.yml @@ -147,14 +147,14 @@ processors: # log messages, a different log file, only for log entries containing raw events, # is used. It will use the same level, selectors and all other configurations # from the default logger, but it will have it's own file configuration. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/metricbeat # The name of the files where the logs are written to. - #name: metricbeat-events-data + #name: metricbeat-sensitive # ============================= X-Pack Monitoring ============================== # Metricbeat can export internal metrics to a central Elasticsearch monitoring diff --git a/packetbeat/packetbeat.reference.yml b/packetbeat/packetbeat.reference.yml index 2c51bdb8c91b..0d0edfe891ae 100644 --- a/packetbeat/packetbeat.reference.yml +++ b/packetbeat/packetbeat.reference.yml @@ -2019,14 +2019,14 @@ logging.files: # Having a different log file for raw events also prevents event data # from drowning out the regular log files. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/packetbeat # The name of the files where the logs are written to. - #name: packetbeat-events-data + #name: packetbeat-sensitive # Configure log file size limit. If the limit is reached, log file will be # automatically rotated. diff --git a/packetbeat/packetbeat.yml b/packetbeat/packetbeat.yml index a5026fdbb353..0590a19bae8e 100644 --- a/packetbeat/packetbeat.yml +++ b/packetbeat/packetbeat.yml @@ -275,14 +275,14 @@ processors: # log messages, a different log file, only for log entries containing raw events, # is used. It will use the same level, selectors and all other configurations # from the default logger, but it will have it's own file configuration. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/packetbeat # The name of the files where the logs are written to. - #name: packetbeat-events-data + #name: packetbeat-sensitive # ============================= X-Pack Monitoring ============================== # Packetbeat can export internal metrics to a central Elasticsearch monitoring diff --git a/winlogbeat/winlogbeat.reference.yml b/winlogbeat/winlogbeat.reference.yml index 78189b2e3c12..10a0a06b3763 100644 --- a/winlogbeat/winlogbeat.reference.yml +++ b/winlogbeat/winlogbeat.reference.yml @@ -1435,14 +1435,14 @@ logging.files: # Having a different log file for raw events also prevents event data # from drowning out the regular log files. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/winlogbeat # The name of the files where the logs are written to. - #name: winlogbeat-events-data + #name: winlogbeat-sensitive # Configure log file size limit. If the limit is reached, log file will be # automatically rotated. diff --git a/winlogbeat/winlogbeat.yml b/winlogbeat/winlogbeat.yml index 012bee36190b..4de803e9d067 100644 --- a/winlogbeat/winlogbeat.yml +++ b/winlogbeat/winlogbeat.yml @@ -160,14 +160,14 @@ processors: # log messages, a different log file, only for log entries containing raw events, # is used. It will use the same level, selectors and all other configurations # from the default logger, but it will have it's own file configuration. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/winlogbeat # The name of the files where the logs are written to. - #name: winlogbeat-events-data + #name: winlogbeat-sensitive # ============================= X-Pack Monitoring ============================== # Winlogbeat can export internal metrics to a central Elasticsearch monitoring diff --git a/x-pack/auditbeat/auditbeat.reference.yml b/x-pack/auditbeat/auditbeat.reference.yml index 1fc28d0cb4c7..b821841d121f 100644 --- a/x-pack/auditbeat/auditbeat.reference.yml +++ b/x-pack/auditbeat/auditbeat.reference.yml @@ -1609,14 +1609,14 @@ logging.files: # Having a different log file for raw events also prevents event data # from drowning out the regular log files. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/auditbeat # The name of the files where the logs are written to. - #name: auditbeat-events-data + #name: auditbeat-sensitive # Configure log file size limit. If the limit is reached, log file will be # automatically rotated. diff --git a/x-pack/auditbeat/auditbeat.yml b/x-pack/auditbeat/auditbeat.yml index 0e1dbb5c2c28..d6511d734245 100644 --- a/x-pack/auditbeat/auditbeat.yml +++ b/x-pack/auditbeat/auditbeat.yml @@ -201,14 +201,14 @@ processors: # log messages, a different log file, only for log entries containing raw events, # is used. It will use the same level, selectors and all other configurations # from the default logger, but it will have it's own file configuration. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/auditbeat # The name of the files where the logs are written to. - #name: auditbeat-events-data + #name: auditbeat-sensitive # ============================= X-Pack Monitoring ============================== # Auditbeat can export internal metrics to a central Elasticsearch monitoring diff --git a/x-pack/dockerlogbeat/pipelinemanager/libbeattools.go b/x-pack/dockerlogbeat/pipelinemanager/libbeattools.go index 774feda6765c..a2c183616fb2 100644 --- a/x-pack/dockerlogbeat/pipelinemanager/libbeattools.go +++ b/x-pack/dockerlogbeat/pipelinemanager/libbeattools.go @@ -70,11 +70,11 @@ func loadNewPipeline(logOptsConfig ContainerOutputConfig, hostname string, log * // Get the default/current logging configuration // we need some defaults to be populates otherwise Unpack will // fail - eventsLoggerCfg := logp.DefaultConfig(configure.GetEnvironment()) + sensitiveLoggerCfg := logp.DefaultConfig(configure.GetEnvironment()) // Ensure the default filename is set - if eventsLoggerCfg.Files.Name == "" { - eventsLoggerCfg.Files.Name = "dockerlogbeat-events-data" + if sensitiveLoggerCfg.Files.Name == "" { + sensitiveLoggerCfg.Files.Name = "dockerlogbeat-events-data" } pipeline, err := pipeline.LoadWithSettings( @@ -87,7 +87,7 @@ func loadNewPipeline(logOptsConfig ContainerOutputConfig, hostname string, log * pipelineCfg, func(stat outputs.Observer) (string, outputs.Group, error) { cfg := config.Output - out, err := outputs.Load(idxMgr, info, stat, cfg.Name(), cfg.Config(), eventsLoggerCfg) + out, err := outputs.Load(idxMgr, info, stat, cfg.Name(), cfg.Config(), sensitiveLoggerCfg) return cfg.Name(), out, err }, settings, diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 5bb862b98d05..7b5a6b0b1806 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -5025,14 +5025,14 @@ logging.files: # Having a different log file for raw events also prevents event data # from drowning out the regular log files. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/filebeat # The name of the files where the logs are written to. - #name: filebeat-events-data + #name: filebeat-sensitive # Configure log file size limit. If the limit is reached, log file will be # automatically rotated. diff --git a/x-pack/filebeat/filebeat.yml b/x-pack/filebeat/filebeat.yml index 3add6f54a11a..863abb33bb7c 100644 --- a/x-pack/filebeat/filebeat.yml +++ b/x-pack/filebeat/filebeat.yml @@ -191,14 +191,14 @@ processors: # log messages, a different log file, only for log entries containing raw events, # is used. It will use the same level, selectors and all other configurations # from the default logger, but it will have it's own file configuration. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/filebeat # The name of the files where the logs are written to. - #name: filebeat-events-data + #name: filebeat-sensitive # ============================= X-Pack Monitoring ============================== # Filebeat can export internal metrics to a central Elasticsearch monitoring diff --git a/x-pack/functionbeat/functionbeat.reference.yml b/x-pack/functionbeat/functionbeat.reference.yml index 4e12aa9ace95..4394c1c3b126 100644 --- a/x-pack/functionbeat/functionbeat.reference.yml +++ b/x-pack/functionbeat/functionbeat.reference.yml @@ -1273,14 +1273,14 @@ logging.files: # Having a different log file for raw events also prevents event data # from drowning out the regular log files. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/functionbeat # The name of the files where the logs are written to. - #name: functionbeat-events-data + #name: functionbeat-sensitive # Configure log file size limit. If the limit is reached, log file will be # automatically rotated. diff --git a/x-pack/functionbeat/functionbeat.yml b/x-pack/functionbeat/functionbeat.yml index 0544fec54fd4..52aec30c5417 100644 --- a/x-pack/functionbeat/functionbeat.yml +++ b/x-pack/functionbeat/functionbeat.yml @@ -370,14 +370,14 @@ processors: # log messages, a different log file, only for log entries containing raw events, # is used. It will use the same level, selectors and all other configurations # from the default logger, but it will have it's own file configuration. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/functionbeat # The name of the files where the logs are written to. - #name: functionbeat-events-data + #name: functionbeat-sensitive # ============================= X-Pack Monitoring ============================== # Functionbeat can export internal metrics to a central Elasticsearch monitoring diff --git a/x-pack/heartbeat/heartbeat.reference.yml b/x-pack/heartbeat/heartbeat.reference.yml index 1c7317042850..fceb17e7d777 100644 --- a/x-pack/heartbeat/heartbeat.reference.yml +++ b/x-pack/heartbeat/heartbeat.reference.yml @@ -1645,14 +1645,14 @@ logging.files: # Having a different log file for raw events also prevents event data # from drowning out the regular log files. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/heartbeat # The name of the files where the logs are written to. - #name: heartbeat-events-data + #name: heartbeat-sensitive # Configure log file size limit. If the limit is reached, log file will be # automatically rotated. diff --git a/x-pack/heartbeat/heartbeat.yml b/x-pack/heartbeat/heartbeat.yml index 0b28eec374e0..be707ad671e4 100644 --- a/x-pack/heartbeat/heartbeat.yml +++ b/x-pack/heartbeat/heartbeat.yml @@ -157,14 +157,14 @@ processors: # log messages, a different log file, only for log entries containing raw events, # is used. It will use the same level, selectors and all other configurations # from the default logger, but it will have it's own file configuration. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/heartbeat # The name of the files where the logs are written to. - #name: heartbeat-events-data + #name: heartbeat-sensitive # ============================= X-Pack Monitoring ============================== # Heartbeat can export internal metrics to a central Elasticsearch monitoring diff --git a/x-pack/metricbeat/metricbeat.reference.yml b/x-pack/metricbeat/metricbeat.reference.yml index 1bd277059d15..de24f183a73f 100644 --- a/x-pack/metricbeat/metricbeat.reference.yml +++ b/x-pack/metricbeat/metricbeat.reference.yml @@ -2964,14 +2964,14 @@ logging.files: # Having a different log file for raw events also prevents event data # from drowning out the regular log files. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/metricbeat # The name of the files where the logs are written to. - #name: metricbeat-events-data + #name: metricbeat-sensitive # Configure log file size limit. If the limit is reached, log file will be # automatically rotated. diff --git a/x-pack/metricbeat/metricbeat.yml b/x-pack/metricbeat/metricbeat.yml index 3925d12b82c8..84fd87726aca 100644 --- a/x-pack/metricbeat/metricbeat.yml +++ b/x-pack/metricbeat/metricbeat.yml @@ -147,14 +147,14 @@ processors: # log messages, a different log file, only for log entries containing raw events, # is used. It will use the same level, selectors and all other configurations # from the default logger, but it will have it's own file configuration. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/metricbeat # The name of the files where the logs are written to. - #name: metricbeat-events-data + #name: metricbeat-sensitive # ============================= X-Pack Monitoring ============================== # Metricbeat can export internal metrics to a central Elasticsearch monitoring diff --git a/x-pack/osquerybeat/osquerybeat.reference.yml b/x-pack/osquerybeat/osquerybeat.reference.yml index 9b0c50a1b0b0..a66d1947783d 100644 --- a/x-pack/osquerybeat/osquerybeat.reference.yml +++ b/x-pack/osquerybeat/osquerybeat.reference.yml @@ -992,14 +992,14 @@ logging.files: # Having a different log file for raw events also prevents event data # from drowning out the regular log files. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/osquerybeat # The name of the files where the logs are written to. - #name: osquerybeat-events-data + #name: osquerybeat-sensitive # Configure log file size limit. If the limit is reached, log file will be # automatically rotated. diff --git a/x-pack/osquerybeat/osquerybeat.yml b/x-pack/osquerybeat/osquerybeat.yml index e187ba70c1e6..ac8e69d61191 100644 --- a/x-pack/osquerybeat/osquerybeat.yml +++ b/x-pack/osquerybeat/osquerybeat.yml @@ -133,14 +133,14 @@ processors: # log messages, a different log file, only for log entries containing raw events, # is used. It will use the same level, selectors and all other configurations # from the default logger, but it will have it's own file configuration. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/osquerybeat # The name of the files where the logs are written to. - #name: osquerybeat-events-data + #name: osquerybeat-sensitive # ============================= X-Pack Monitoring ============================== # Osquerybeat can export internal metrics to a central Elasticsearch monitoring diff --git a/x-pack/packetbeat/packetbeat.reference.yml b/x-pack/packetbeat/packetbeat.reference.yml index 2c51bdb8c91b..0d0edfe891ae 100644 --- a/x-pack/packetbeat/packetbeat.reference.yml +++ b/x-pack/packetbeat/packetbeat.reference.yml @@ -2019,14 +2019,14 @@ logging.files: # Having a different log file for raw events also prevents event data # from drowning out the regular log files. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/packetbeat # The name of the files where the logs are written to. - #name: packetbeat-events-data + #name: packetbeat-sensitive # Configure log file size limit. If the limit is reached, log file will be # automatically rotated. diff --git a/x-pack/packetbeat/packetbeat.yml b/x-pack/packetbeat/packetbeat.yml index a5026fdbb353..0590a19bae8e 100644 --- a/x-pack/packetbeat/packetbeat.yml +++ b/x-pack/packetbeat/packetbeat.yml @@ -275,14 +275,14 @@ processors: # log messages, a different log file, only for log entries containing raw events, # is used. It will use the same level, selectors and all other configurations # from the default logger, but it will have it's own file configuration. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/packetbeat # The name of the files where the logs are written to. - #name: packetbeat-events-data + #name: packetbeat-sensitive # ============================= X-Pack Monitoring ============================== # Packetbeat can export internal metrics to a central Elasticsearch monitoring diff --git a/x-pack/winlogbeat/winlogbeat.reference.yml b/x-pack/winlogbeat/winlogbeat.reference.yml index b4980c973bc8..0c0910b30d03 100644 --- a/x-pack/winlogbeat/winlogbeat.reference.yml +++ b/x-pack/winlogbeat/winlogbeat.reference.yml @@ -1437,14 +1437,14 @@ logging.files: # Having a different log file for raw events also prevents event data # from drowning out the regular log files. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/winlogbeat # The name of the files where the logs are written to. - #name: winlogbeat-events-data + #name: winlogbeat-sensitive # Configure log file size limit. If the limit is reached, log file will be # automatically rotated. diff --git a/x-pack/winlogbeat/winlogbeat.yml b/x-pack/winlogbeat/winlogbeat.yml index c88939331f7b..5a43d23d9091 100644 --- a/x-pack/winlogbeat/winlogbeat.yml +++ b/x-pack/winlogbeat/winlogbeat.yml @@ -161,14 +161,14 @@ processors: # log messages, a different log file, only for log entries containing raw events, # is used. It will use the same level, selectors and all other configurations # from the default logger, but it will have it's own file configuration. -#logging.events: +#logging.sensitive: #files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/winlogbeat # The name of the files where the logs are written to. - #name: winlogbeat-events-data + #name: winlogbeat-sensitive # ============================= X-Pack Monitoring ============================== # Winlogbeat can export internal metrics to a central Elasticsearch monitoring