From eb5332a7e466b7fcfb1c7f22ddc375da18ef43a2 Mon Sep 17 00:00:00 2001 From: Tiago Queiroz Date: Thu, 17 Apr 2025 18:43:04 -0400 Subject: [PATCH 1/3] Document Journald on docker --- packages/iptables/changelog.yml | 5 +++++ packages/iptables/docs/README.md | 8 ++++++++ packages/iptables/manifest.yml | 2 +- packages/journald/changelog.yml | 5 +++++ packages/journald/docs/README.md | 8 ++++++++ packages/journald/manifest.yml | 2 +- packages/system/changelog.yml | 5 +++++ packages/system/docs/README.md | 8 ++++++++ packages/system/manifest.yml | 2 +- 9 files changed, 42 insertions(+), 3 deletions(-) diff --git a/packages/iptables/changelog.yml b/packages/iptables/changelog.yml index 1623ca9f308..6f6650b5ad0 100644 --- a/packages/iptables/changelog.yml +++ b/packages/iptables/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.20.1" + changes: + - description: Update documentation to mention the requirements for reading Journald logs. + type: enhancement + link: https://github.com/elastic/integrations/pull/13597 - version: "1.20.0" changes: - description: Support stack version 9.0. diff --git a/packages/iptables/docs/README.md b/packages/iptables/docs/README.md index 24e2380de49..35b012ca5d3 100644 --- a/packages/iptables/docs/README.md +++ b/packages/iptables/docs/README.md @@ -9,6 +9,14 @@ traffic (allow/deny). The module is by default configured to run with the `udp` input on port `9001`. However, it can also be configured to read from a file path or journald. +To read Journald logs from within a container, you need to use the +[`elastic-agent-complete`](https://www.elastic.co/docs/reference/fleet/install-elastic-agents#elastic-agent-complete-flavor) +Docker image that contains the `jouranlctl` binary. Journal files can have breaking changes making it +impossible to read files generated by a newer versions of +Journald. Ensure the jounral files you are reading were generated by +a version equal or older than the `journalctl` shipped with the Docker +image. + ## Logs ### Iptables log diff --git a/packages/iptables/manifest.yml b/packages/iptables/manifest.yml index 315960f8812..28d38c23494 100644 --- a/packages/iptables/manifest.yml +++ b/packages/iptables/manifest.yml @@ -1,6 +1,6 @@ name: iptables title: Iptables -version: "1.20.0" +version: "1.20.1" description: Collect logs from Iptables with Elastic Agent. type: integration icons: diff --git a/packages/journald/changelog.yml b/packages/journald/changelog.yml index ab17ab03f7a..180a7358735 100644 --- a/packages/journald/changelog.yml +++ b/packages/journald/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.3" + changes: + - description: Update documentation to mention the requirements for reading Journald logs. + type: enhancement + link: https://github.com/elastic/integrations/pull/13597 - version: "1.1.2" changes: - description: Update Kibana requirement to support 9.x. diff --git a/packages/journald/docs/README.md b/packages/journald/docs/README.md index 09ab19d5979..3e48545be09 100644 --- a/packages/journald/docs/README.md +++ b/packages/journald/docs/README.md @@ -5,6 +5,14 @@ The journald input reads the log data and the metadata associated with it. The journald input is available on Linux systems with `systemd` installed. +To read Journald logs from within a container, you need to use the +[`elastic-agent-complete`](https://www.elastic.co/docs/reference/fleet/install-elastic-agents#elastic-agent-complete-flavor) +Docker image that contains the `jouranlctl` binary. Journal files can have breaking changes making it +impossible to read files generated by a newer versions of +Journald. Ensure the jounral files you are reading were generated by +a version equal or older than the `journalctl` shipped with the Docker +image.x + An example event looks as follows: ```json diff --git a/packages/journald/manifest.yml b/packages/journald/manifest.yml index b9ead830820..1e9eec59f61 100644 --- a/packages/journald/manifest.yml +++ b/packages/journald/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.3.0 name: journald title: "Custom Journald logs" -version: 1.1.2 +version: 1.1.3 description: Collect logs from journald with Elastic Agent. type: input categories: diff --git a/packages/system/changelog.yml b/packages/system/changelog.yml index 2b5f814d4f2..5b6b06870c6 100644 --- a/packages/system/changelog.yml +++ b/packages/system/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.68.2" + changes: + - description: Update documentation to mention the requirements for reading Journald logs. + type: enhancement + link: https://github.com/elastic/integrations/pull/13597 - version: "1.68.1" changes: - description: Change security pipeline to be defensive against different data types. diff --git a/packages/system/docs/README.md b/packages/system/docs/README.md index fc6c2657128..3327e61212f 100644 --- a/packages/system/docs/README.md +++ b/packages/system/docs/README.md @@ -38,6 +38,14 @@ Each data stream collects different kinds of metric data, which may require dedi to be fetched and which may vary across operating systems. Details on the permissions needed for each data stream are available in the [Metrics reference](#metrics-reference). +To read Journald logs from within a container, you need to use the +[`elastic-agent-complete`](https://www.elastic.co/docs/reference/fleet/install-elastic-agents#elastic-agent-complete-flavor) +Docker image that contains the `jouranlctl` binary. Journal files can have breaking changes making it +impossible to read files generated by a newer versions of +Journald. Ensure the jounral files you are reading were generated by +a version equal or older than the `journalctl` shipped with the Docker +image. + ## Setup For step-by-step instructions on how to set up an integration, see the diff --git a/packages/system/manifest.yml b/packages/system/manifest.yml index f6fbf53dfd2..8711bd30721 100644 --- a/packages/system/manifest.yml +++ b/packages/system/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.2 name: system title: System -version: "1.68.1" +version: "1.68.2" description: Collect system logs and metrics from your servers with Elastic Agent. type: integration categories: From e16a3ace74033d6524ce4a346cc868cc89672a7a Mon Sep 17 00:00:00 2001 From: Tiago Queiroz Date: Fri, 18 Apr 2025 09:35:37 -0400 Subject: [PATCH 2/3] Update the correct files --- packages/iptables/_dev/build/docs/README.md | 8 ++++++++ packages/journald/docs/README.md | 2 +- packages/system/_dev/build/docs/README.md | 8 ++++++++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/packages/iptables/_dev/build/docs/README.md b/packages/iptables/_dev/build/docs/README.md index 1eb03eafcb0..6d6c06a26c6 100644 --- a/packages/iptables/_dev/build/docs/README.md +++ b/packages/iptables/_dev/build/docs/README.md @@ -9,6 +9,14 @@ traffic (allow/deny). The module is by default configured to run with the `udp` input on port `9001`. However, it can also be configured to read from a file path or journald. +To read Journald logs from within a container, you need to use the +[`elastic-agent-complete`](https://www.elastic.co/docs/reference/fleet/install-elastic-agents#elastic-agent-complete-flavor) +Docker image that contains the `jouranlctl` binary. Journal files can have breaking changes making it +impossible to read files generated by a newer versions of +Journald. Ensure the jounral files you are reading were generated by +a version equal or older than the `journalctl` shipped with the Docker +image. + ## Logs ### Iptables log diff --git a/packages/journald/docs/README.md b/packages/journald/docs/README.md index 3e48545be09..3789fce9a05 100644 --- a/packages/journald/docs/README.md +++ b/packages/journald/docs/README.md @@ -11,7 +11,7 @@ Docker image that contains the `jouranlctl` binary. Journal files can have break impossible to read files generated by a newer versions of Journald. Ensure the jounral files you are reading were generated by a version equal or older than the `journalctl` shipped with the Docker -image.x +image. An example event looks as follows: diff --git a/packages/system/_dev/build/docs/README.md b/packages/system/_dev/build/docs/README.md index 42d1fc8f82a..99915ab973e 100644 --- a/packages/system/_dev/build/docs/README.md +++ b/packages/system/_dev/build/docs/README.md @@ -38,6 +38,14 @@ Each data stream collects different kinds of metric data, which may require dedi to be fetched and which may vary across operating systems. Details on the permissions needed for each data stream are available in the [Metrics reference](#metrics-reference). +To read Journald logs from within a container, you need to use the +[`elastic-agent-complete`](https://www.elastic.co/docs/reference/fleet/install-elastic-agents#elastic-agent-complete-flavor) +Docker image that contains the `jouranlctl` binary. Journal files can have breaking changes making it +impossible to read files generated by a newer versions of +Journald. Ensure the jounral files you are reading were generated by +a version equal or older than the `journalctl` shipped with the Docker +image. + ## Setup For step-by-step instructions on how to set up an integration, see the From a55be0c0a3463e03b823749328da3b06179e3d15 Mon Sep 17 00:00:00 2001 From: Tiago Queiroz Date: Fri, 25 Apr 2025 10:35:28 -0400 Subject: [PATCH 3/3] Fix typos --- packages/iptables/_dev/build/docs/README.md | 6 +++--- packages/iptables/docs/README.md | 6 +++--- packages/journald/docs/README.md | 6 +++--- packages/system/_dev/build/docs/README.md | 6 +++--- packages/system/docs/README.md | 6 +++--- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/packages/iptables/_dev/build/docs/README.md b/packages/iptables/_dev/build/docs/README.md index 6d6c06a26c6..b1143f8cb25 100644 --- a/packages/iptables/_dev/build/docs/README.md +++ b/packages/iptables/_dev/build/docs/README.md @@ -11,10 +11,10 @@ However, it can also be configured to read from a file path or journald. To read Journald logs from within a container, you need to use the [`elastic-agent-complete`](https://www.elastic.co/docs/reference/fleet/install-elastic-agents#elastic-agent-complete-flavor) -Docker image that contains the `jouranlctl` binary. Journal files can have breaking changes making it +Docker image that contains the `journalctl` binary. Journal files can have breaking changes making it impossible to read files generated by a newer versions of -Journald. Ensure the jounral files you are reading were generated by -a version equal or older than the `journalctl` shipped with the Docker +Journald. Ensure the journal files you are reading were generated by +a version equal to or older than the `journalctl` shipped with the Docker image. ## Logs diff --git a/packages/iptables/docs/README.md b/packages/iptables/docs/README.md index 35b012ca5d3..fba05cf9318 100644 --- a/packages/iptables/docs/README.md +++ b/packages/iptables/docs/README.md @@ -11,10 +11,10 @@ However, it can also be configured to read from a file path or journald. To read Journald logs from within a container, you need to use the [`elastic-agent-complete`](https://www.elastic.co/docs/reference/fleet/install-elastic-agents#elastic-agent-complete-flavor) -Docker image that contains the `jouranlctl` binary. Journal files can have breaking changes making it +Docker image that contains the `journalctl` binary. Journal files can have breaking changes making it impossible to read files generated by a newer versions of -Journald. Ensure the jounral files you are reading were generated by -a version equal or older than the `journalctl` shipped with the Docker +Journald. Ensure the journal files you are reading were generated by +a version equal to or older than the `journalctl` shipped with the Docker image. ## Logs diff --git a/packages/journald/docs/README.md b/packages/journald/docs/README.md index 3789fce9a05..025a72f18b9 100644 --- a/packages/journald/docs/README.md +++ b/packages/journald/docs/README.md @@ -7,10 +7,10 @@ The journald input is available on Linux systems with `systemd` installed. To read Journald logs from within a container, you need to use the [`elastic-agent-complete`](https://www.elastic.co/docs/reference/fleet/install-elastic-agents#elastic-agent-complete-flavor) -Docker image that contains the `jouranlctl` binary. Journal files can have breaking changes making it +Docker image that contains the `journalctl` binary. Journal files can have breaking changes making it impossible to read files generated by a newer versions of -Journald. Ensure the jounral files you are reading were generated by -a version equal or older than the `journalctl` shipped with the Docker +Journald. Ensure the journal files you are reading were generated by +a version equal to or older than the `journalctl` shipped with the Docker image. An example event looks as follows: diff --git a/packages/system/_dev/build/docs/README.md b/packages/system/_dev/build/docs/README.md index 99915ab973e..376d9b55b57 100644 --- a/packages/system/_dev/build/docs/README.md +++ b/packages/system/_dev/build/docs/README.md @@ -40,10 +40,10 @@ Details on the permissions needed for each data stream are available in the [Met To read Journald logs from within a container, you need to use the [`elastic-agent-complete`](https://www.elastic.co/docs/reference/fleet/install-elastic-agents#elastic-agent-complete-flavor) -Docker image that contains the `jouranlctl` binary. Journal files can have breaking changes making it +Docker image that contains the `journalctl` binary. Journal files can have breaking changes making it impossible to read files generated by a newer versions of -Journald. Ensure the jounral files you are reading were generated by -a version equal or older than the `journalctl` shipped with the Docker +Journald. Ensure the journal files you are reading were generated by +a version equal to or older than the `journalctl` shipped with the Docker image. ## Setup diff --git a/packages/system/docs/README.md b/packages/system/docs/README.md index 3327e61212f..299d8387d5c 100644 --- a/packages/system/docs/README.md +++ b/packages/system/docs/README.md @@ -40,10 +40,10 @@ Details on the permissions needed for each data stream are available in the [Met To read Journald logs from within a container, you need to use the [`elastic-agent-complete`](https://www.elastic.co/docs/reference/fleet/install-elastic-agents#elastic-agent-complete-flavor) -Docker image that contains the `jouranlctl` binary. Journal files can have breaking changes making it +Docker image that contains the `journalctl` binary. Journal files can have breaking changes making it impossible to read files generated by a newer versions of -Journald. Ensure the jounral files you are reading were generated by -a version equal or older than the `journalctl` shipped with the Docker +Journald. Ensure the journal files you are reading were generated by +a version equal to or older than the `journalctl` shipped with the Docker image. ## Setup