feat(packages/system): enable System integration log collection on SLES 16.0

[andrzej-stencel]

Proposed commit message

Enable System integration log collection on SLES 16.0

Also fixes System integration log collection on other versions of SLES (SUSE Linux Enterprise Server).

• For SLES 15, enables log collection on systems with dashes in version, like "15-SP7".
• For SLES versions lower than 15 (11, 12), enables log collection with logfile input. The condition on the input was incorrect and caused the logfile input to never run on any version of SLES.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

• Fixes [system]: broken logs condition on SUSE Linux #16026
• Fixes [Sles15]: System integration logs are not visible under Data Streams tab for Sles tar agent. #16583

Other notes

I couldn't find a way to write tests for this. The conditions should be testable. Given high priority of the issue #16583, I decided to go ahead without writing tests.
I would have liked to use startsWith, it would simplify the conditions greatly. I wasn't sure we want to do this given the history of:

• On Kibana version 9.1.0, agents running versions below 8.17.9 using System integration cannot be uninstalled. #14697
• Remove startWith usage in condition to fix issues with certain versions #15662
  Theoretically I suppose the comma issue should be fixed in the currently supported versions, but I suppose there are possibly still customers running older versions that could be affected by the comma issue.

[elastic-vault-github-plugin-prod]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[octavioranieri]

Any ETA to have it merged, please? 🙏 thanks in advance!

[andrzej-stencel]

Rebased and ready for reviews.

[rdner]

The change looks good to me.

It would be great if whoever reported the issue could also test the package before it's published (using elastic-package).

However, if it can't wait we can merge it as it is and address the feedback in a patch release right away if needed.

[andrzej-stencel]

@elastic/obs-infraobs-integrations, @elastic/sec-linux-platform, @elastic/sec-windows-platform can you please review?

[github-actions]

TL;DR

Buildkite failed in Check integrations system during package linting because the System package version metadata is inconsistent: packages/system/manifest.yml is still 2.17.0 while the changelog has a new 2.18.0 entry. Align the manifest/changelog versions and rerun the package check.

Remediation

• Update packages/system/manifest.yml version to match the new changelog release (likely 2.18.0), or retarget the new changelog entry to the current manifest version if this PR is not intended to bump the package version.
• Re-run: .buildkite/scripts/test_one_package.sh packages/system origin/main 25f7bb65afcb54ba2459828094672214d88ebf2b

Investigation details

Root Cause

The failing step is package lint validation, and the fatal error is:

• current manifest version doesn't have changelog entry

Relevant files at the failing commit:

• packages/system/manifest.yml:4 → version: "2.17.0"
• packages/system/changelog.yml:2 → top entry is - version: "2.18.0"

This mismatch indicates release metadata drift for the System package in this PR branch.

Evidence

• Build: https://buildkite.com/elastic/integrations/builds/42786
• Job/step: Check integrations system (.buildkite/scripts/test_one_package.sh packages/system origin/main 25f7bb65afcb54ba2459828094672214d88ebf2b)
• Key log excerpt:

Error: checking package failed: linting package failed: found 1 validation error:
  1. current manifest version doesn't have changelog entry

Verification

• Not run locally in this workflow (analysis based on Buildkite logs and repository files at the failing commit SHA).

Follow-up

If you intended this PR to release System 2.18.0, bump manifest.yml to 2.18.0. If not, change/remove the 2.18.0 changelog entry so the current manifest version is the active changelog version.

Note

🔒 Integrity filter blocked 2 items

The following items were blocked because they don't meet the GitHub integrity level.

• #18219 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• feat(packages/system): enable System integration log collection on SLES 16.0 #18219 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

---

What is this? | From workflow: PR Buildkite Detective

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 286a8c9

History

• 💔 Build #42786 failed 25f7bb6
• 💚 Build #41938 succeeded cc42846
• 💚 Build #40844 succeeded f3e6a4a