Skip to content

Latest commit

 

History

History
160 lines (83 loc) · 4.35 KB

CHANGELOG.next.asciidoc

File metadata and controls

160 lines (83 loc) · 4.35 KB
Raw

Beats version HEAD

Breaking changes

Affecting all Beats

  • Update to Go 1.17.9 31350

Auditbeat

Filebeat

Heartbeat

  • Restrict setuid to containerized environments. 30869

Metricbeat

Packetbeat

Winlogbeat

Functionbeat

Bugfixes

Affecting all Beats

  • Fix group write permissions on runtime directories. 30869

  • Store syslog version as string. 31446

  • Accept XML that declares non-UTF-8 encoding to allow decode_xml and decode_xml_wineventlog decoding of incorrectly annotated documents. 31395 31546

Auditbeat

Filebeat

  • Do not emit error log when filestream reader reaches EOF and close.reader.on_eof is enabled. 31109

  • Netflow: replace invalid field value. 31295

  • google_workspace: Fix pagination to prevent skipped events when more than one page is present. 31372

  • sophos.xg: Update module to handle new log fields. 31038 31388

  • cisco: Fix umbrella dns logs populating destination.ip instead of source.nat.ip. 31454

  • Fix MISP documentation for var.filters config option. 31434

  • Duplicate awscloudwatch.* fields to aws.cloudwatch.* in aws-cloudwatch input. 31488

  • aws-s3 input: Stop SQS keep-alive routine on InvalidParameterValue error. 30675 31499

  • Supporting the double digit date parsing in ingest pipeline for oracle logs 31514

Heartbeat - Fix unintentional use of no-op logger. 31543

Metricbeat

  • Improve handling of disabled commands in Zookeeper Metricbeat module. #31013

Packetbeat

Winlogbeat

Functionbeat

Elastic Logging Plugin

Added

Affecting all Beats

Auditbeat

  • Add backlog_wait_time_actual to the output of the auditbeat auditd show-status command. 31535

Filebeat

  • Add text/csv decoder to httpjson input 28564

  • Update aws-s3 input to connect to non AWS S3 buckets 28222 28234

  • Add support for '/var/log/pods/' path for add_kubernetes_metadata processor with resource_type: pod. 28868

  • Add documentation for add_kubernetes_metadata processors log_path matcher. 28868

  • Add support for parsers on journald input 29070

  • Add support in httpjson input for oAuth2ProviderDefault of password grant_type. 29087

  • threatintel module: Add new Recorded Future integration. 30030

  • Support SASL/SCRAM authentication in the Kafka input. 31167

  • checkpoint module: Add network.transport derived from IANA number. 31076

  • Add URL Encode template function for httpjson input. 30962

  • Add storage_account_container configuration option to Azure logs. 31279

  • Add application/zip decoder to the httpsjon input. 31282 31304

  • Sanitize the Azure storage account container names with underscores (_). 31384

  • Add missing docs for the delegated_account option in the httpjson input. 31498

Auditbeat

  • auditd: Updated the go-libaudit library version to v2.3.0. This refreshes the syscall names for Linux and adds ECS categorizations for more audit anomaly events. 31519

Filebeat

  • http_endpoint input: Add support for requests with Content-Encoding: gzip. 31005

Heartbeat

Metricbeat

  • Extend documentation about orchestrator.cluster fields 30518

  • Enhance Oracle Module: Change tablespace metricset collection period 30948 #31259

  • Add orchestrator cluster ECS fields in kubernetes events 31341

Packetbeat

Functionbeat

Winlogbeat

  • Add parent process ID to new process creation events. 29237 31102

Elastic Log Driver

Deprecated

Affecting all Beats

Filebeat

Heartbeat

Metricbeat

Packetbeat

Winlogbeat

Functionbeat

Known Issue