Beats version 8.2.1edit

View commits

Bugfixesedit

Affecting all Beats

  • Fix group write permissions on runtime directories. 30869
  • Store syslog version as string. 31446
  • Accept XML that declares non-UTF-8 encoding to allow decode_xml and decode_xml_wineventlog decoding of incorrectly annotated documents. 31395 31546

Filebeat

  • Netflow: replace invalid field value. 31295
  • google_workspace: Fix pagination to prevent skipped events when more than one page is present. 31372
  • cisco: Fix umbrella dns logs populating destination.ip instead of source.nat.ip. 31454
  • Duplicate awscloudwatch.* fields to aws.cloudwatch.* in aws-cloudwatch input. 31488
  • aws-s3 input: Stop SQS keep-alive routine on InvalidParameterValue error. 30675 31499
  • Supporting the double digit date parsing in ingest pipeline for oracle logs. 31514
  • Fix handling of code_sign data in ThreatIntel Malwarebazaar. 29972 31552
  • Remove invalid term from event.outcome in the cisco asa and ftd modules. 31628

Heartbeat

  • Restrict setuid to containerized environments. 30869

Metricbeat

  • Improve handling of disabled commands in Zookeeper Metricbeat module. #31013

Packetbeat

  • Use /proc/<pid>/comm for linux process names where possible. 31527
  • Move "protocol" term from event.category to event.type in SIP events. 31599

Winlogbeat

  • Fix resource handle leak during event log enrichment. 31504
  • Fix winlogbeat.registry_flush being ignored. 31666 31669

Addededit

Affecting all Beats

  • Update to Go 1.17.10 31636
  • Add support for nanosecond precision timestamps. 15871 31553

Filebeat

  • Add storage_account_container configuration option to Azure logs. 31279
  • Sanitize the Azure storage account container names with underscores (_). 31384
  • Add missing docs for the delegated_account option in the httpjson input. 31498

Metricbeat

  • Extend documentation about orchestrator.cluster fields 30518
  • Generic SQL code reorganization, with support for raw metrics and query lists 31568
  • Add metadata for missing k8s resources/metricsets 31590
  • Fix include_top_n fields in system/process 31595