auditd: Fix invalid event.type: stop->end (#10090)

auditd: Fix invalid event.type: stop->end Stop is not a valid event.type, use end where applicable. https://www.elastic.co/guide/en/ecs/current/ecs-allowed-values-event-type.html#ecs-event-type-end Related to: elastic/sdh-beats#4763
elastic · Jul 7, 2024 · af56b28 · af56b28
1 parent 8132ef6
commit af56b28
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 6 deletions.
diff --git a/packages/auditd/changelog.yml b/packages/auditd/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "3.19.2"
+  changes:
+    - description: Fix invalid event type.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/10090
 - version: "3.19.1"
   changes:
     - description: Changed owners

diff --git a/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json b/packages/auditd/data_stream/log/_dev/test/pipeline/test-auditd-raw.log-expected.json
@@ -1221,7 +1221,7 @@
                 "original": "type=SERVICE_STOP msg=audit(1481076984.534:16): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm=\"systemd\" exe=\"/usr/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
                 "outcome": "success",
                 "type": [
-                    "stop"
+                    "end"
                 ]
             },
             "process": {
@@ -1943,7 +1943,7 @@
                 "original": "type=DAEMON_END msg=audit(1481078697.892:7799): auditd normal halt, sending auid=? pid=? subj=? res=success",
                 "outcome": "success",
                 "type": [
-                    "stop"
+                    "end"
                 ]
             },
             "tags": [

diff --git a/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/auditd/data_stream/log/elasticsearch/ingest_pipeline/default.yml
@@ -1299,7 +1299,7 @@ processors:
                 category:
                   - process
                 type:
-                  - stop
+                  - end
           DAEMON_ACCEPT:
             - event:
                 action:
@@ -1334,7 +1334,7 @@ processors:
                 category:
                   - process
                 type:
-                  - stop
+                  - end
           DAEMON_ERR:
             - event:
                 action:
@@ -1610,7 +1610,7 @@ processors:
                 category:
                   - process
                 type:
-                  - stop
+                  - end
           SOFTWARE_UPDATE:
             - event:
                 action:

diff --git a/packages/auditd/manifest.yml b/packages/auditd/manifest.yml
@@ -1,6 +1,6 @@
 name: auditd
 title: Auditd Logs
-version: "3.19.1"
+version: "3.19.2"
 description: Collect logs from Linux audit daemon with Elastic Agent.
 type: integration
 icons: