[logging] Upgrade ECS to 1.12 (#113583)
This commit is contained in:
parent
cc73577f84
commit
b58e7218ad
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-agent.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-agent.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-as.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-as.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-base.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-base.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -17,7 +17,7 @@ interface NestedFields {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-client.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-client.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-cloud.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-cloud.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,15 +7,17 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-code_signature.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-code_signature.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
export interface EcsCodeSignature {
|
export interface EcsCodeSignature {
|
||||||
|
digest_algorithm?: string;
|
||||||
exists?: boolean;
|
exists?: boolean;
|
||||||
signing_id?: string;
|
signing_id?: string;
|
||||||
status?: string;
|
status?: string;
|
||||||
subject_name?: string;
|
subject_name?: string;
|
||||||
|
timestamp?: string;
|
||||||
team_id?: string;
|
team_id?: string;
|
||||||
trusted?: boolean;
|
trusted?: boolean;
|
||||||
valid?: boolean;
|
valid?: boolean;
|
||||||
|
|
|
@ -7,14 +7,21 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-container.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-container.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
export interface EcsContainer {
|
export interface EcsContainer {
|
||||||
|
cpu?: { usage?: number };
|
||||||
|
disk?: Disk;
|
||||||
id?: string;
|
id?: string;
|
||||||
image?: { name?: string; tag?: string[] };
|
image?: { name?: string; tag?: string[] };
|
||||||
labels?: Record<string, unknown>;
|
labels?: Record<string, unknown>;
|
||||||
name?: string;
|
name?: string;
|
||||||
runtime?: string;
|
runtime?: string;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
interface Disk {
|
||||||
|
read?: { bytes?: number };
|
||||||
|
write?: { bytes?: number };
|
||||||
|
}
|
||||||
|
|
18
packages/kbn-logging/src/ecs/data_stream.ts
Normal file
18
packages/kbn-logging/src/ecs/data_stream.ts
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
/*
|
||||||
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||||
|
* or more contributor license agreements. Licensed under the Elastic License
|
||||||
|
* 2.0 and the Server Side Public License, v 1; you may not use this file except
|
||||||
|
* in compliance with, at your election, the Elastic License 2.0 or the Server
|
||||||
|
* Side Public License, v 1.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-data_stream.html
|
||||||
|
*
|
||||||
|
* @internal
|
||||||
|
*/
|
||||||
|
export interface EcsDataStream {
|
||||||
|
dataset?: string;
|
||||||
|
namespace?: string;
|
||||||
|
type?: 'logs' | 'metrics';
|
||||||
|
}
|
|
@ -17,7 +17,7 @@ interface NestedFields {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-destination.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-destination.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -17,7 +17,7 @@ interface NestedFields {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-dll.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-dll.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-dns.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-dns.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
71
packages/kbn-logging/src/ecs/elf.ts
Normal file
71
packages/kbn-logging/src/ecs/elf.ts
Normal file
|
@ -0,0 +1,71 @@
|
||||||
|
/*
|
||||||
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||||
|
* or more contributor license agreements. Licensed under the Elastic License
|
||||||
|
* 2.0 and the Server Side Public License, v 1; you may not use this file except
|
||||||
|
* in compliance with, at your election, the Elastic License 2.0 or the Server
|
||||||
|
* Side Public License, v 1.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-elf.html
|
||||||
|
*
|
||||||
|
* @internal
|
||||||
|
*/
|
||||||
|
export interface EcsElf {
|
||||||
|
architecture?: string;
|
||||||
|
byte_order?: string;
|
||||||
|
cpu_type?: string;
|
||||||
|
creation_date?: string;
|
||||||
|
exports?: Export[];
|
||||||
|
imports?: Import[];
|
||||||
|
header?: Header;
|
||||||
|
sections?: Section[];
|
||||||
|
segments?: Segment[];
|
||||||
|
shared_libraries?: string[];
|
||||||
|
telfhash?: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
interface Export {
|
||||||
|
binding?: string;
|
||||||
|
name?: string;
|
||||||
|
section?: string;
|
||||||
|
size?: string;
|
||||||
|
type?: string;
|
||||||
|
version?: string;
|
||||||
|
visibility?: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
interface Import {
|
||||||
|
library?: string;
|
||||||
|
name?: string;
|
||||||
|
type?: string;
|
||||||
|
version?: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
interface Header {
|
||||||
|
abi_version?: string;
|
||||||
|
class?: string;
|
||||||
|
data?: string;
|
||||||
|
entrypoint?: number;
|
||||||
|
object_version?: string;
|
||||||
|
os_abi?: string;
|
||||||
|
type?: string;
|
||||||
|
version?: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
interface Section {
|
||||||
|
chi2?: number;
|
||||||
|
entropy?: number;
|
||||||
|
flags?: string;
|
||||||
|
name?: string;
|
||||||
|
physical_offset?: string;
|
||||||
|
physical_size?: number;
|
||||||
|
type?: string;
|
||||||
|
virtual_address?: number;
|
||||||
|
virtual_size?: number;
|
||||||
|
}
|
||||||
|
|
||||||
|
interface Segment {
|
||||||
|
sections?: string;
|
||||||
|
type?: string;
|
||||||
|
}
|
48
packages/kbn-logging/src/ecs/email.ts
Normal file
48
packages/kbn-logging/src/ecs/email.ts
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
/*
|
||||||
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||||
|
* or more contributor license agreements. Licensed under the Elastic License
|
||||||
|
* 2.0 and the Server Side Public License, v 1; you may not use this file except
|
||||||
|
* in compliance with, at your election, the Elastic License 2.0 or the Server
|
||||||
|
* Side Public License, v 1.
|
||||||
|
*/
|
||||||
|
|
||||||
|
import { EcsFile } from './file';
|
||||||
|
import { EcsHash } from './hash';
|
||||||
|
|
||||||
|
interface NestedFields {
|
||||||
|
// Not all hash types are explicitly supported, see
|
||||||
|
// https://github.com/elastic/ecs/pull/1569
|
||||||
|
hash?: Pick<EcsHash, 'md5' | 'sha1' | 'sha256'>;
|
||||||
|
}
|
||||||
|
|
||||||
|
interface AttachmentNestedFields {
|
||||||
|
file?: Pick<EcsFile, 'extension' | 'mime_type' | 'name' | 'size' | 'hash'>;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* No docs yet, see https://github.com/elastic/ecs/pull/1569
|
||||||
|
*
|
||||||
|
* @internal
|
||||||
|
*/
|
||||||
|
export interface EcsEmail extends NestedFields {
|
||||||
|
attachments?: Attachment[];
|
||||||
|
bcc?: string[];
|
||||||
|
cc?: string[];
|
||||||
|
content_type?: string;
|
||||||
|
delivery_timestamp?: string;
|
||||||
|
direction?: string;
|
||||||
|
from?: string;
|
||||||
|
local_id?: string;
|
||||||
|
message_id?: string;
|
||||||
|
origination_timestamp?: string;
|
||||||
|
reply_to?: string;
|
||||||
|
subject?: string;
|
||||||
|
'subject.text'?: string;
|
||||||
|
to?: string[];
|
||||||
|
x_mailer?: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
// eslint-disable-next-line @typescript-eslint/no-empty-interface
|
||||||
|
interface Attachment extends AttachmentNestedFields {
|
||||||
|
// intentionally empty
|
||||||
|
}
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-error.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-error.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,12 +7,13 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-event.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-event.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
export interface EcsEvent {
|
export interface EcsEvent {
|
||||||
action?: string;
|
action?: string;
|
||||||
|
agent_id_status?: 'verified' | 'mismatch' | 'missing' | 'auth_metadata_missing';
|
||||||
category?: EcsEventCategory[];
|
category?: EcsEventCategory[];
|
||||||
code?: string;
|
code?: string;
|
||||||
created?: string;
|
created?: string;
|
||||||
|
|
|
@ -7,19 +7,21 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
import { EcsCodeSignature } from './code_signature';
|
import { EcsCodeSignature } from './code_signature';
|
||||||
|
import { EcsElf } from './elf';
|
||||||
import { EcsHash } from './hash';
|
import { EcsHash } from './hash';
|
||||||
import { EcsPe } from './pe';
|
import { EcsPe } from './pe';
|
||||||
import { EcsX509 } from './x509';
|
import { EcsX509 } from './x509';
|
||||||
|
|
||||||
interface NestedFields {
|
interface NestedFields {
|
||||||
code_signature?: EcsCodeSignature;
|
code_signature?: EcsCodeSignature;
|
||||||
|
elf?: EcsElf;
|
||||||
hash?: EcsHash;
|
hash?: EcsHash;
|
||||||
pe?: EcsPe;
|
pe?: EcsPe;
|
||||||
x509?: EcsX509;
|
x509?: EcsX509;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-file.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-file.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
@ -32,6 +34,7 @@ export interface EcsFile extends NestedFields {
|
||||||
directory?: string;
|
directory?: string;
|
||||||
drive_letter?: string;
|
drive_letter?: string;
|
||||||
extension?: string;
|
extension?: string;
|
||||||
|
fork_name?: string;
|
||||||
gid?: string;
|
gid?: string;
|
||||||
group?: string;
|
group?: string;
|
||||||
inode?: string;
|
inode?: string;
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-geo.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-geo.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-group.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-group.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-hash.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-hash.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -18,7 +18,7 @@ interface NestedFields {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-host.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-host.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-http.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-http.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -13,8 +13,10 @@ import { EcsAutonomousSystem } from './autonomous_system';
|
||||||
import { EcsClient } from './client';
|
import { EcsClient } from './client';
|
||||||
import { EcsCloud } from './cloud';
|
import { EcsCloud } from './cloud';
|
||||||
import { EcsContainer } from './container';
|
import { EcsContainer } from './container';
|
||||||
|
import { EcsDataStream } from './data_stream';
|
||||||
import { EcsDestination } from './destination';
|
import { EcsDestination } from './destination';
|
||||||
import { EcsDns } from './dns';
|
import { EcsDns } from './dns';
|
||||||
|
import { EcsEmail } from './email';
|
||||||
import { EcsError } from './error';
|
import { EcsError } from './error';
|
||||||
import { EcsEvent } from './event';
|
import { EcsEvent } from './event';
|
||||||
import { EcsFile } from './file';
|
import { EcsFile } from './file';
|
||||||
|
@ -24,6 +26,7 @@ import { EcsHttp } from './http';
|
||||||
import { EcsLog } from './log';
|
import { EcsLog } from './log';
|
||||||
import { EcsNetwork } from './network';
|
import { EcsNetwork } from './network';
|
||||||
import { EcsObserver } from './observer';
|
import { EcsObserver } from './observer';
|
||||||
|
import { EcsOrchestrator } from './orchestrator';
|
||||||
import { EcsOrganization } from './organization';
|
import { EcsOrganization } from './organization';
|
||||||
import { EcsPackage } from './package';
|
import { EcsPackage } from './package';
|
||||||
import { EcsProcess } from './process';
|
import { EcsProcess } from './process';
|
||||||
|
@ -45,13 +48,13 @@ export { EcsEventCategory, EcsEventKind, EcsEventOutcome, EcsEventType } from '.
|
||||||
|
|
||||||
interface EcsField {
|
interface EcsField {
|
||||||
/**
|
/**
|
||||||
* These typings were written as of ECS 1.9.0.
|
* These typings were written as of ECS 1.12.0.
|
||||||
* Don't change this value without checking the rest
|
* Don't change this value without checking the rest
|
||||||
* of the types to conform to that ECS version.
|
* of the types to conform to that ECS version.
|
||||||
*
|
*
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/index.html
|
* https://www.elastic.co/guide/en/ecs/1.12/index.html
|
||||||
*/
|
*/
|
||||||
version: '1.9.0';
|
version: '1.12.0';
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -68,8 +71,10 @@ export type Ecs = EcsBase &
|
||||||
client?: EcsClient;
|
client?: EcsClient;
|
||||||
cloud?: EcsCloud;
|
cloud?: EcsCloud;
|
||||||
container?: EcsContainer;
|
container?: EcsContainer;
|
||||||
|
data_stream?: EcsDataStream;
|
||||||
destination?: EcsDestination;
|
destination?: EcsDestination;
|
||||||
dns?: EcsDns;
|
dns?: EcsDns;
|
||||||
|
email?: EcsEmail;
|
||||||
error?: EcsError;
|
error?: EcsError;
|
||||||
event?: EcsEvent;
|
event?: EcsEvent;
|
||||||
file?: EcsFile;
|
file?: EcsFile;
|
||||||
|
@ -79,6 +84,7 @@ export type Ecs = EcsBase &
|
||||||
log?: EcsLog;
|
log?: EcsLog;
|
||||||
network?: EcsNetwork;
|
network?: EcsNetwork;
|
||||||
observer?: EcsObserver;
|
observer?: EcsObserver;
|
||||||
|
orchestrator?: EcsOrchestrator;
|
||||||
organization?: EcsOrganization;
|
organization?: EcsOrganization;
|
||||||
package?: EcsPackage;
|
package?: EcsPackage;
|
||||||
process?: EcsProcess;
|
process?: EcsProcess;
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-interface.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-interface.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-log.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-log.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
@ -16,6 +16,7 @@ export interface EcsLog {
|
||||||
level?: string;
|
level?: string;
|
||||||
logger?: string;
|
logger?: string;
|
||||||
origin?: Origin;
|
origin?: Origin;
|
||||||
|
/** @deprecated - use `event.original` instead */
|
||||||
original?: string;
|
original?: string;
|
||||||
syslog?: Syslog;
|
syslog?: Syslog;
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,7 +14,7 @@ interface NestedFields {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-network.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-network.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -29,7 +29,7 @@ interface NestedIngressFields {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-observer.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-observer.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
32
packages/kbn-logging/src/ecs/orchestrator.ts
Normal file
32
packages/kbn-logging/src/ecs/orchestrator.ts
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
/*
|
||||||
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||||
|
* or more contributor license agreements. Licensed under the Elastic License
|
||||||
|
* 2.0 and the Server Side Public License, v 1; you may not use this file except
|
||||||
|
* in compliance with, at your election, the Elastic License 2.0 or the Server
|
||||||
|
* Side Public License, v 1.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-orchestrator.html
|
||||||
|
*
|
||||||
|
* @internal
|
||||||
|
*/
|
||||||
|
export interface EcsOrchestrator {
|
||||||
|
api_version?: string;
|
||||||
|
cluster?: Cluster;
|
||||||
|
namespace?: string;
|
||||||
|
organization?: string;
|
||||||
|
resource?: Resource;
|
||||||
|
type?: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
interface Cluster {
|
||||||
|
name?: string;
|
||||||
|
url?: string;
|
||||||
|
version?: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
interface Resource {
|
||||||
|
name?: string;
|
||||||
|
type?: string;
|
||||||
|
}
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-organization.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-organization.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-os.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-os.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-package.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-package.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-pe.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-pe.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,18 +7,21 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
import { EcsCodeSignature } from './code_signature';
|
import { EcsCodeSignature } from './code_signature';
|
||||||
|
import { EcsElf } from './elf';
|
||||||
import { EcsHash } from './hash';
|
import { EcsHash } from './hash';
|
||||||
import { EcsPe } from './pe';
|
import { EcsPe } from './pe';
|
||||||
|
|
||||||
interface NestedFields {
|
interface NestedFields {
|
||||||
code_signature?: EcsCodeSignature;
|
code_signature?: EcsCodeSignature;
|
||||||
|
elf?: EcsElf;
|
||||||
hash?: EcsHash;
|
hash?: EcsHash;
|
||||||
parent?: EcsProcess;
|
parent?: EcsProcess;
|
||||||
pe?: EcsPe;
|
pe?: EcsPe;
|
||||||
|
target?: EcsProcess;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-process.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-process.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
@ -26,6 +29,7 @@ export interface EcsProcess extends NestedFields {
|
||||||
args?: string[];
|
args?: string[];
|
||||||
args_count?: number;
|
args_count?: number;
|
||||||
command_line?: string;
|
command_line?: string;
|
||||||
|
end?: string;
|
||||||
entity_id?: string;
|
entity_id?: string;
|
||||||
executable?: string;
|
executable?: string;
|
||||||
exit_code?: number;
|
exit_code?: number;
|
||||||
|
@ -34,7 +38,6 @@ export interface EcsProcess extends NestedFields {
|
||||||
pid?: number;
|
pid?: number;
|
||||||
ppid?: number;
|
ppid?: number;
|
||||||
start?: string;
|
start?: string;
|
||||||
thread?: { id?: number; name?: string };
|
|
||||||
title?: string;
|
title?: string;
|
||||||
uptime?: number;
|
uptime?: number;
|
||||||
working_directory?: string;
|
working_directory?: string;
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-registry.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-registry.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-related.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-related.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-rule.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-rule.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -17,7 +17,7 @@ interface NestedFields {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-server.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-server.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,11 +7,13 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-service.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-service.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
export interface EcsService {
|
export interface EcsService {
|
||||||
|
address?: string;
|
||||||
|
environment?: string;
|
||||||
ephemeral_id?: string;
|
ephemeral_id?: string;
|
||||||
id?: string;
|
id?: string;
|
||||||
name?: string;
|
name?: string;
|
||||||
|
|
|
@ -17,7 +17,7 @@ interface NestedFields {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-source.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-source.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -6,17 +6,82 @@
|
||||||
* Side Public License, v 1.
|
* Side Public License, v 1.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
import { EcsAutonomousSystem } from './autonomous_system';
|
||||||
|
import { EcsFile } from './file';
|
||||||
|
import { EcsGeo } from './geo';
|
||||||
|
import { EcsRegistry } from './registry';
|
||||||
|
import { EcsUrl } from './url';
|
||||||
|
import { EcsX509 } from './x509';
|
||||||
|
|
||||||
|
interface IndicatorNestedFields {
|
||||||
|
as?: EcsAutonomousSystem;
|
||||||
|
file?: EcsFile;
|
||||||
|
geo?: EcsGeo;
|
||||||
|
registry?: EcsRegistry;
|
||||||
|
url?: EcsUrl;
|
||||||
|
x509?: EcsX509;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-threat.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-threat.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
export interface EcsThreat {
|
export interface EcsThreat {
|
||||||
|
enrichments?: Enrichment[];
|
||||||
|
indicator?: Indicator;
|
||||||
framework?: string;
|
framework?: string;
|
||||||
|
group?: Group;
|
||||||
|
software?: Software;
|
||||||
tactic?: Tactic;
|
tactic?: Tactic;
|
||||||
technique?: Technique;
|
technique?: Technique;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
interface Enrichment {
|
||||||
|
indicator?: Indicator;
|
||||||
|
matched?: Matched;
|
||||||
|
}
|
||||||
|
|
||||||
|
interface Indicator extends IndicatorNestedFields {
|
||||||
|
confidence?: string;
|
||||||
|
description?: string;
|
||||||
|
email?: { address?: string };
|
||||||
|
first_seen?: string;
|
||||||
|
ip?: string;
|
||||||
|
last_seen?: string;
|
||||||
|
marking?: { tlp?: string };
|
||||||
|
modified_at?: string;
|
||||||
|
port?: number;
|
||||||
|
provider?: string;
|
||||||
|
reference?: string;
|
||||||
|
scanner_stats?: number;
|
||||||
|
sightings?: number;
|
||||||
|
type?: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
interface Matched {
|
||||||
|
atomic?: string;
|
||||||
|
field?: string;
|
||||||
|
id?: string;
|
||||||
|
index?: string;
|
||||||
|
type?: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
interface Group {
|
||||||
|
alias?: string[];
|
||||||
|
id?: string;
|
||||||
|
name?: string;
|
||||||
|
reference?: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
interface Software {
|
||||||
|
id?: string;
|
||||||
|
name?: string;
|
||||||
|
platforms?: string[];
|
||||||
|
reference?: string;
|
||||||
|
type?: string;
|
||||||
|
}
|
||||||
|
|
||||||
interface Tactic {
|
interface Tactic {
|
||||||
id?: string[];
|
id?: string[];
|
||||||
name?: string[];
|
name?: string[];
|
||||||
|
|
|
@ -17,7 +17,7 @@ interface NestedServerFields {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-tls.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-tls.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
* the base fields, we will need to do an intersection with these types at
|
* the base fields, we will need to do an intersection with these types at
|
||||||
* the root level.
|
* the root level.
|
||||||
*
|
*
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-tracing.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-tracing.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-url.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-url.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -20,7 +20,7 @@ interface NestedFields {
|
||||||
* placed at the root level, but not if it is nested inside another field like
|
* placed at the root level, but not if it is nested inside another field like
|
||||||
* `destination`. A more detailed explanation of these nuances can be found at:
|
* `destination`. A more detailed explanation of these nuances can be found at:
|
||||||
*
|
*
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-user-usage.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-user-usage.html
|
||||||
*
|
*
|
||||||
* As a result, we need to export a separate `NestedUser` type to import into
|
* As a result, we need to export a separate `NestedUser` type to import into
|
||||||
* other interfaces internally. This contains the reusable subset of properties
|
* other interfaces internally. This contains the reusable subset of properties
|
||||||
|
|
|
@ -13,7 +13,7 @@ interface NestedFields {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-user_agent.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-user_agent.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-vlan.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-vlan.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-vulnerability.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-vulnerability.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* https://www.elastic.co/guide/en/ecs/1.9/ecs-x509.html
|
* https://www.elastic.co/guide/en/ecs/1.12/ecs-x509.html
|
||||||
*
|
*
|
||||||
* @internal
|
* @internal
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -16,7 +16,7 @@ exports[`asLoggerFactory() only allows to create new loggers. 1`] = `
|
||||||
Object {
|
Object {
|
||||||
"@timestamp": "2012-01-30T22:33:22.011-05:00",
|
"@timestamp": "2012-01-30T22:33:22.011-05:00",
|
||||||
"ecs": Object {
|
"ecs": Object {
|
||||||
"version": "1.9.0",
|
"version": "1.12.0",
|
||||||
},
|
},
|
||||||
"log": Object {
|
"log": Object {
|
||||||
"level": "TRACE",
|
"level": "TRACE",
|
||||||
|
@ -33,7 +33,7 @@ exports[`asLoggerFactory() only allows to create new loggers. 2`] = `
|
||||||
Object {
|
Object {
|
||||||
"@timestamp": "2012-01-30T17:33:22.011-05:00",
|
"@timestamp": "2012-01-30T17:33:22.011-05:00",
|
||||||
"ecs": Object {
|
"ecs": Object {
|
||||||
"version": "1.9.0",
|
"version": "1.12.0",
|
||||||
},
|
},
|
||||||
"log": Object {
|
"log": Object {
|
||||||
"level": "INFO",
|
"level": "INFO",
|
||||||
|
@ -51,7 +51,7 @@ exports[`asLoggerFactory() only allows to create new loggers. 3`] = `
|
||||||
Object {
|
Object {
|
||||||
"@timestamp": "2012-01-30T12:33:22.011-05:00",
|
"@timestamp": "2012-01-30T12:33:22.011-05:00",
|
||||||
"ecs": Object {
|
"ecs": Object {
|
||||||
"version": "1.9.0",
|
"version": "1.12.0",
|
||||||
},
|
},
|
||||||
"log": Object {
|
"log": Object {
|
||||||
"level": "FATAL",
|
"level": "FATAL",
|
||||||
|
@ -68,7 +68,7 @@ exports[`flushes memory buffer logger and switches to real logger once config is
|
||||||
Object {
|
Object {
|
||||||
"@timestamp": "2012-02-01T09:33:22.011-05:00",
|
"@timestamp": "2012-02-01T09:33:22.011-05:00",
|
||||||
"ecs": Object {
|
"ecs": Object {
|
||||||
"version": "1.9.0",
|
"version": "1.12.0",
|
||||||
},
|
},
|
||||||
"log": Object {
|
"log": Object {
|
||||||
"level": "INFO",
|
"level": "INFO",
|
||||||
|
@ -86,7 +86,7 @@ exports[`flushes memory buffer logger and switches to real logger once config is
|
||||||
Object {
|
Object {
|
||||||
"@timestamp": "2012-01-31T23:33:22.011-05:00",
|
"@timestamp": "2012-01-31T23:33:22.011-05:00",
|
||||||
"ecs": Object {
|
"ecs": Object {
|
||||||
"version": "1.9.0",
|
"version": "1.12.0",
|
||||||
},
|
},
|
||||||
"log": Object {
|
"log": Object {
|
||||||
"level": "INFO",
|
"level": "INFO",
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
// Jest Snapshot v1, https://goo.gl/fbAQLP
|
// Jest Snapshot v1, https://goo.gl/fbAQLP
|
||||||
|
|
||||||
exports[`\`format()\` correctly formats record. 1`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-1\\",\\"error\\":{\\"message\\":\\"Some error message\\",\\"type\\":\\"Some error name\\",\\"stack_trace\\":\\"Some error stack\\"},\\"log\\":{\\"level\\":\\"FATAL\\",\\"logger\\":\\"context-1\\"},\\"process\\":{\\"pid\\":5355}}"`;
|
exports[`\`format()\` correctly formats record. 1`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-1\\",\\"error\\":{\\"message\\":\\"Some error message\\",\\"type\\":\\"Some error name\\",\\"stack_trace\\":\\"Some error stack\\"},\\"log\\":{\\"level\\":\\"FATAL\\",\\"logger\\":\\"context-1\\"},\\"process\\":{\\"pid\\":5355}}"`;
|
||||||
|
|
||||||
exports[`\`format()\` correctly formats record. 2`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-2\\",\\"log\\":{\\"level\\":\\"ERROR\\",\\"logger\\":\\"context-2\\"},\\"process\\":{\\"pid\\":5355}}"`;
|
exports[`\`format()\` correctly formats record. 2`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-2\\",\\"log\\":{\\"level\\":\\"ERROR\\",\\"logger\\":\\"context-2\\"},\\"process\\":{\\"pid\\":5355}}"`;
|
||||||
|
|
||||||
exports[`\`format()\` correctly formats record. 3`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-3\\",\\"log\\":{\\"level\\":\\"WARN\\",\\"logger\\":\\"context-3\\"},\\"process\\":{\\"pid\\":5355}}"`;
|
exports[`\`format()\` correctly formats record. 3`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-3\\",\\"log\\":{\\"level\\":\\"WARN\\",\\"logger\\":\\"context-3\\"},\\"process\\":{\\"pid\\":5355}}"`;
|
||||||
|
|
||||||
exports[`\`format()\` correctly formats record. 4`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-4\\",\\"log\\":{\\"level\\":\\"DEBUG\\",\\"logger\\":\\"context-4\\"},\\"process\\":{\\"pid\\":5355}}"`;
|
exports[`\`format()\` correctly formats record. 4`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-4\\",\\"log\\":{\\"level\\":\\"DEBUG\\",\\"logger\\":\\"context-4\\"},\\"process\\":{\\"pid\\":5355}}"`;
|
||||||
|
|
||||||
exports[`\`format()\` correctly formats record. 5`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-5\\",\\"log\\":{\\"level\\":\\"INFO\\",\\"logger\\":\\"context-5\\"},\\"process\\":{\\"pid\\":5355}}"`;
|
exports[`\`format()\` correctly formats record. 5`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-5\\",\\"log\\":{\\"level\\":\\"INFO\\",\\"logger\\":\\"context-5\\"},\\"process\\":{\\"pid\\":5355}}"`;
|
||||||
|
|
||||||
exports[`\`format()\` correctly formats record. 6`] = `"{\\"ecs\\":{\\"version\\":\\"1.9.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-6\\",\\"log\\":{\\"level\\":\\"TRACE\\",\\"logger\\":\\"context-6\\"},\\"process\\":{\\"pid\\":5355}}"`;
|
exports[`\`format()\` correctly formats record. 6`] = `"{\\"ecs\\":{\\"version\\":\\"1.12.0\\"},\\"@timestamp\\":\\"2012-02-01T09:30:22.011-05:00\\",\\"message\\":\\"message-6\\",\\"log\\":{\\"level\\":\\"TRACE\\",\\"logger\\":\\"context-6\\"},\\"process\\":{\\"pid\\":5355}}"`;
|
||||||
|
|
|
@ -74,7 +74,7 @@ test('`format()` correctly formats record.', () => {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
test('`format()` correctly formats record with meta-data', () => {
|
test('`format()` correctly formats record with meta-data and correct ECS version', () => {
|
||||||
const layout = new JsonLayout();
|
const layout = new JsonLayout();
|
||||||
|
|
||||||
expect(
|
expect(
|
||||||
|
@ -94,7 +94,7 @@ test('`format()` correctly formats record with meta-data', () => {
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
).toStrictEqual({
|
).toStrictEqual({
|
||||||
ecs: { version: '1.9.0' },
|
ecs: { version: '1.12.0' },
|
||||||
'@timestamp': '2012-02-01T09:30:22.011-05:00',
|
'@timestamp': '2012-02-01T09:30:22.011-05:00',
|
||||||
log: {
|
log: {
|
||||||
level: 'DEBUG',
|
level: 'DEBUG',
|
||||||
|
@ -136,7 +136,7 @@ test('`format()` correctly formats error record with meta-data', () => {
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
).toStrictEqual({
|
).toStrictEqual({
|
||||||
ecs: { version: '1.9.0' },
|
ecs: { version: expect.any(String) },
|
||||||
'@timestamp': '2012-02-01T09:30:22.011-05:00',
|
'@timestamp': '2012-02-01T09:30:22.011-05:00',
|
||||||
log: {
|
log: {
|
||||||
level: 'DEBUG',
|
level: 'DEBUG',
|
||||||
|
@ -176,7 +176,7 @@ test('format() meta can merge override logs', () => {
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
).toStrictEqual({
|
).toStrictEqual({
|
||||||
ecs: { version: '1.9.0' },
|
ecs: { version: expect.any(String) },
|
||||||
'@timestamp': '2012-02-01T09:30:22.011-05:00',
|
'@timestamp': '2012-02-01T09:30:22.011-05:00',
|
||||||
message: 'foo',
|
message: 'foo',
|
||||||
log: {
|
log: {
|
||||||
|
@ -206,7 +206,7 @@ test('format() meta can not override message', () => {
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
).toStrictEqual({
|
).toStrictEqual({
|
||||||
ecs: { version: '1.9.0' },
|
ecs: { version: expect.any(String) },
|
||||||
'@timestamp': '2012-02-01T09:30:22.011-05:00',
|
'@timestamp': '2012-02-01T09:30:22.011-05:00',
|
||||||
message: 'foo',
|
message: 'foo',
|
||||||
log: {
|
log: {
|
||||||
|
@ -235,7 +235,7 @@ test('format() meta can not override ecs version', () => {
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
).toStrictEqual({
|
).toStrictEqual({
|
||||||
ecs: { version: '1.9.0' },
|
ecs: { version: expect.any(String) },
|
||||||
'@timestamp': '2012-02-01T09:30:22.011-05:00',
|
'@timestamp': '2012-02-01T09:30:22.011-05:00',
|
||||||
message: 'foo',
|
message: 'foo',
|
||||||
log: {
|
log: {
|
||||||
|
@ -267,7 +267,7 @@ test('format() meta can not override logger or level', () => {
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
).toStrictEqual({
|
).toStrictEqual({
|
||||||
ecs: { version: '1.9.0' },
|
ecs: { version: expect.any(String) },
|
||||||
'@timestamp': '2012-02-01T09:30:22.011-05:00',
|
'@timestamp': '2012-02-01T09:30:22.011-05:00',
|
||||||
message: 'foo',
|
message: 'foo',
|
||||||
log: {
|
log: {
|
||||||
|
@ -296,7 +296,7 @@ test('format() meta can not override timestamp', () => {
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
).toStrictEqual({
|
).toStrictEqual({
|
||||||
ecs: { version: '1.9.0' },
|
ecs: { version: expect.any(String) },
|
||||||
'@timestamp': '2012-02-01T09:30:22.011-05:00',
|
'@timestamp': '2012-02-01T09:30:22.011-05:00',
|
||||||
message: 'foo',
|
message: 'foo',
|
||||||
log: {
|
log: {
|
||||||
|
|
|
@ -43,7 +43,7 @@ export class JsonLayout implements Layout {
|
||||||
|
|
||||||
public format(record: LogRecord): string {
|
public format(record: LogRecord): string {
|
||||||
const log: Ecs = {
|
const log: Ecs = {
|
||||||
ecs: { version: '1.9.0' },
|
ecs: { version: '1.12.0' },
|
||||||
'@timestamp': moment(record.timestamp).format('YYYY-MM-DDTHH:mm:ss.SSSZ'),
|
'@timestamp': moment(record.timestamp).format('YYYY-MM-DDTHH:mm:ss.SSSZ'),
|
||||||
message: record.message,
|
message: record.message,
|
||||||
error: JsonLayout.errorToSerializableObject(record.error),
|
error: JsonLayout.errorToSerializableObject(record.error),
|
||||||
|
|
|
@ -10,7 +10,7 @@ import type { EcsEventOutcome, EcsEventType, KibanaRequest, LogMeta } from 'src/
|
||||||
import type { AuthenticationResult } from '../authentication/authentication_result';
|
import type { AuthenticationResult } from '../authentication/authentication_result';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Audit event schema using ECS format: https://www.elastic.co/guide/en/ecs/1.9/index.html
|
* Audit event schema using ECS format: https://www.elastic.co/guide/en/ecs/1.12/index.html
|
||||||
*
|
*
|
||||||
* If you add additional fields to the schema ensure you update the Kibana Filebeat module:
|
* If you add additional fields to the schema ensure you update the Kibana Filebeat module:
|
||||||
* https://github.com/elastic/beats/tree/master/filebeat/module/kibana
|
* https://github.com/elastic/beats/tree/master/filebeat/module/kibana
|
||||||
|
|
Loading…
Reference in a new issue