Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update queue and statless events models #267

Merged
merged 7 commits into from
Nov 12, 2024
Merged

Update queue and statless events models #267

merged 7 commits into from
Nov 12, 2024

Conversation

cborla
Copy link
Member

@cborla cborla commented Nov 2, 2024
edited
Loading

Related issue
#253

Description

The development of the following PR consists of 4 points.

  1. Adapt the queue to be able to support 2 columns for all tables, the fields to be added are the moduleType and the metadata.

  2. Adapt the logcollector module, so that when assembling the message to insert in the queue, it respects the following format.

{
    "agent":
    {
        "groups":
        [],
        "host":
        {
            "architecture": "x86_64",
            "hostname": "chb-VBox",
            "ip": "10.0.2.5",
            "os":
            {
                "name": "Ubuntu",
                "platform": "Linux"
            }
        },
        "id": "ee9009ba-f2db-4ac4-a74f-77f52c2d421a",
        "type": "Endpoint",
        "version": "5.0.0"
    }
}
{
    "module": "logcollector",
    "type": "file"
}
{
    "event":
    {
        "ingested": "",
        "module": "logcollector",
        "original": "hello wazuh!",
        "provider": "syslog"
    },
    "log":
    {
        "file":
        {
            "path": "/tmp/test.log"
        }
    },
    "tags":
    [
        "mvp"
    ]
}
  1. Modify the output data structure of the queue, to comply with the simil JSON streaming format.
  2. All indicated fields must comply with the ECS format.

Tests

  • Compilation without warnings in every supported platform
    • Linux
    • Windows
    • MAC OS X

@cborla cborla linked an issue Nov 2, 2024 that may be closed by this pull request
Events generated by agent must comply with the common schema #253
Closed
@cborla cborla force-pushed the enhancement/253-normalise-events-to-a-common-scheme branch 16 times, most recently from 91716af to 345e6fa Compare November 9, 2024 04:29
@cborla cborla force-pushed the enhancement/253-normalise-events-to-a-common-scheme branch 3 times, most recently from cd5908e to 549d465 Compare November 11, 2024 14:46
@cborla cborla force-pushed the enhancement/253-normalise-events-to-a-common-scheme branch 2 times, most recently from 92e97f7 to c7b1645 Compare November 12, 2024 02:34
@cborla cborla marked this pull request as ready for review November 12, 2024 02:35
@cborla cborla changed the title Update stateful and statless events models Update queue and statless events models Nov 12, 2024
@cborla cborla force-pushed the enhancement/253-normalise-events-to-a-common-scheme branch from c7b1645 to 31219b3 Compare November 12, 2024 02:47
@cborla cborla mentioned this pull request Nov 12, 2024
Closed
TomasTurina
TomasTurina reviewed Nov 12, 2024
View reviewed changes
@cborla cborla force-pushed the enhancement/253-normalise-events-to-a-common-scheme branch 3 times, most recently from 570460d to afb6150 Compare November 12, 2024 15:51
@cborla cborla force-pushed the enhancement/253-normalise-events-to-a-common-scheme branch from afb6150 to 38e9670 Compare November 12, 2024 18:38
@TomasTurina
Copy link
Member

Changes related to dataType will be addressed in another PR. cc @cborla

@TomasTurina TomasTurina merged commit d1cf856 into master Nov 12, 2024
5 checks passed
@TomasTurina TomasTurina deleted the enhancement/253-normalise-events-to-a-common-scheme branch November 12, 2024 19:02
@vikman90 vikman90 linked an issue Nov 13, 2024 that may be closed by this pull request
Refactor Message Output for Common Schema Compliance #291
Closed
@vikman90 vikman90 removed a link to an issue Nov 13, 2024
Events generated by agent must comply with the common schema #253
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TomasTurina TomasTurina TomasTurina approved these changes

@vikman90 vikman90 Awaiting requested review from vikman90

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Refactor Message Output for Common Schema Compliance
2 participants
@cborla @TomasTurina