Welcome to Weekly Beats! With this series, we're keeping you up to date with all that's new in Beats, from the details of work in progress pull requests to releases and learning resources.
Unifiedbeat - Beat for IDS/IPS event logs
Unifiedbeat reads records from Unified2 binary files generated by network intrusion detection software like Snort or Suricata, and indexes the records in Elasticsearch. Its author wrote a blog post in which he explains why Elasticsearch is a great option for storing these logs. We agree and think this is a great use of the Beats framework.
Factbeat - Beat for Puppet Facter info
Factbeat is a new community Beat, created by Toby McLaughlin from Elastic. It runs Facter periodically and sends the results to Elasticsearch. Having all the facts about your servers available in Elasticsearch makes it easy to query and visualize your infrastructure in new and interesting ways.
Expand env variables in configuration files
A commonly requested feature was to be able to use environment variables for configuring the Beats. Andrew came up with an elegant solution that allows you to use environment variables in the configuration files, while allowing for default values. This works automatically for all Beats.
Winlogbeat new field names
In time for the first release of Winlogbeat, we’ve renamed the fields exported by Winlogbeat to be more uniform with the ones exported by the other Beats.
We’ve made more cleanups to the Filebeat code, making it possible to cleanly shutdown Filebeat in all the corner cases.
PowerShell script for loading the dashboards
We now have a dockerized test environment for the manual QA phase. This makes it very easy to test against specific versions of Elasticsearch, Logstash, and Kibana.