From b9a377eb64e6dddf0462a343b0946d3032dc967d Mon Sep 17 00:00:00 2001 From: Tiago Queiroz Date: Fri, 3 Nov 2023 17:04:54 +0100 Subject: [PATCH 1/6] Update elastic-agent-system-metrics to v0.8.0 Update elastic-agent-system-metrics to v0.8.0 to enable collecting memory and CPU metrics from privileged process on Windows. --- CHANGELOG.next.asciidoc | 1 + NOTICE.txt | 4 ++-- go.mod | 2 +- go.sum | 4 ++-- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 462af8725a1e..fcc150dec4d6 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -111,6 +111,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - Fix CassandraConnectionClosures metric configuration {pull}34742[34742] - Fix event mapping implementation for statsd module {pull}36925[36925] - The region and availability_zone ecs fields nested within the cloud field. {pull}37015[37015] +- Fix CPU and memory metrics collection from privileged process on Windows {issue}17314[17314]{pull}37027[37027] *Osquerybeat* diff --git a/NOTICE.txt b/NOTICE.txt index ea5514da6ebc..598987bd2d7e 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -13026,11 +13026,11 @@ these terms. -------------------------------------------------------------------------------- Dependency : github.com/elastic/elastic-agent-system-metrics -Version: v0.7.0 +Version: v0.8.0 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-agent-system-metrics@v0.7.0/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-agent-system-metrics@v0.8.0/LICENSE.txt: Apache License Version 2.0, January 2004 diff --git a/go.mod b/go.mod index 55ef8b4acc5a..b23600c78247 100644 --- a/go.mod +++ b/go.mod @@ -204,7 +204,7 @@ require ( github.com/elastic/elastic-agent-autodiscover v0.6.4 github.com/elastic/elastic-agent-libs v0.6.2 github.com/elastic/elastic-agent-shipper-client v0.5.1-0.20230228231646-f04347b666f3 - github.com/elastic/elastic-agent-system-metrics v0.7.0 + github.com/elastic/elastic-agent-system-metrics v0.8.0 github.com/elastic/go-elasticsearch/v8 v8.10.0 github.com/elastic/mito v1.6.0 github.com/elastic/toutoumomoma v0.0.0-20221026030040-594ef30cb640 diff --git a/go.sum b/go.sum index df5741e581b7..754e6da7b5f8 100644 --- a/go.sum +++ b/go.sum @@ -658,8 +658,8 @@ github.com/elastic/elastic-agent-libs v0.6.2 h1:tE5pFK4y7xm1FtXm+r+63G7STjJAaWh3 github.com/elastic/elastic-agent-libs v0.6.2/go.mod h1:o+EySawBZGeYu49shJxerg2wRCimS1dhrD4As0MS700= github.com/elastic/elastic-agent-shipper-client v0.5.1-0.20230228231646-f04347b666f3 h1:sb+25XJn/JcC9/VL8HX4r4QXSUq4uTNzGS2kxOE7u1U= github.com/elastic/elastic-agent-shipper-client v0.5.1-0.20230228231646-f04347b666f3/go.mod h1:rWarFM7qYxJKsi9WcV6ONcFjH/NA3niDNpTxO+8/GVI= -github.com/elastic/elastic-agent-system-metrics v0.7.0 h1:qDLY30UDforSd/TfHfqUDiiHSL6Nu6qLXHsKSxz4OuQ= -github.com/elastic/elastic-agent-system-metrics v0.7.0/go.mod h1:9C1UEfj0P687HAzZepHszN6zXA+2tN2Lx3Osvq1zby8= +github.com/elastic/elastic-agent-system-metrics v0.8.0 h1:EsWbtd83JvnaqnL57bKS1E6GhOdemTRbxdFDcenR8zQ= +github.com/elastic/elastic-agent-system-metrics v0.8.0/go.mod h1:9C1UEfj0P687HAzZepHszN6zXA+2tN2Lx3Osvq1zby8= github.com/elastic/elastic-transport-go/v8 v8.0.0-20230329154755-1a3c63de0db6/go.mod h1:87Tcz8IVNe6rVSLdBux1o/PEItLtyabHU3naC7IoqKI= github.com/elastic/elastic-transport-go/v8 v8.3.0 h1:DJGxovyQLXGr62e9nDMPSxRyWION0Bh6d9eCFBriiHo= github.com/elastic/elastic-transport-go/v8 v8.3.0/go.mod h1:87Tcz8IVNe6rVSLdBux1o/PEItLtyabHU3naC7IoqKI= From 2f3b207da3d012fb402297e4d2ec65236d5ee15f Mon Sep 17 00:00:00 2001 From: Tiago Queiroz Date: Mon, 6 Nov 2023 16:05:28 +0100 Subject: [PATCH 2/6] Fix tests Fix system tests by removing metrics that are not present for all process. --- metricbeat/module/system/test_system.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/metricbeat/module/system/test_system.py b/metricbeat/module/system/test_system.py index 039e7299a8a6..e7a68e4f83a9 100644 --- a/metricbeat/module/system/test_system.py +++ b/metricbeat/module/system/test_system.py @@ -111,8 +111,9 @@ # cmdline is also part of the system process fields, but it may not be present # for some kernel level processes. fd is also part of the system process, but # is not available on all OSes and requires root to read for all processes. +# num_threads may not be readable for some privileged process on Windows, # cgroup is only available on linux. -SYSTEM_PROCESS_FIELDS = ["cpu", "memory", "state", "num_threads"] +SYSTEM_PROCESS_FIELDS = ["cpu", "memory", "state"] class Test(metricbeat.BaseTest): @@ -430,6 +431,7 @@ def test_process(self): process.pop("cgroup", None) process.pop("fd", None) process.pop("cmdline", None) + process.pop("num_threads", None) self.assertCountEqual(SYSTEM_PROCESS_FIELDS, process.keys()) From ad4675bedf9c781dd4538260859d38f9fdd5aa8a Mon Sep 17 00:00:00 2001 From: Tiago Queiroz Date: Fri, 3 Nov 2023 17:04:54 +0100 Subject: [PATCH 3/6] Update elastic-agent-system-metrics to v0.8.1 Update elastic-agent-system-metrics to v0.8.1 to enable collecting memory and CPU metrics from privileged process on Windows. --- NOTICE.txt | 4 ++-- go.mod | 2 +- go.sum | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/NOTICE.txt b/NOTICE.txt index 598987bd2d7e..e651bc3488dc 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -13026,11 +13026,11 @@ these terms. -------------------------------------------------------------------------------- Dependency : github.com/elastic/elastic-agent-system-metrics -Version: v0.8.0 +Version: v0.8.1 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-agent-system-metrics@v0.8.0/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-agent-system-metrics@v0.8.1/LICENSE.txt: Apache License Version 2.0, January 2004 diff --git a/go.mod b/go.mod index b23600c78247..91c1ba0f2a97 100644 --- a/go.mod +++ b/go.mod @@ -204,7 +204,7 @@ require ( github.com/elastic/elastic-agent-autodiscover v0.6.4 github.com/elastic/elastic-agent-libs v0.6.2 github.com/elastic/elastic-agent-shipper-client v0.5.1-0.20230228231646-f04347b666f3 - github.com/elastic/elastic-agent-system-metrics v0.8.0 + github.com/elastic/elastic-agent-system-metrics v0.8.1 github.com/elastic/go-elasticsearch/v8 v8.10.0 github.com/elastic/mito v1.6.0 github.com/elastic/toutoumomoma v0.0.0-20221026030040-594ef30cb640 diff --git a/go.sum b/go.sum index 754e6da7b5f8..96d4a3752ffd 100644 --- a/go.sum +++ b/go.sum @@ -658,8 +658,8 @@ github.com/elastic/elastic-agent-libs v0.6.2 h1:tE5pFK4y7xm1FtXm+r+63G7STjJAaWh3 github.com/elastic/elastic-agent-libs v0.6.2/go.mod h1:o+EySawBZGeYu49shJxerg2wRCimS1dhrD4As0MS700= github.com/elastic/elastic-agent-shipper-client v0.5.1-0.20230228231646-f04347b666f3 h1:sb+25XJn/JcC9/VL8HX4r4QXSUq4uTNzGS2kxOE7u1U= github.com/elastic/elastic-agent-shipper-client v0.5.1-0.20230228231646-f04347b666f3/go.mod h1:rWarFM7qYxJKsi9WcV6ONcFjH/NA3niDNpTxO+8/GVI= -github.com/elastic/elastic-agent-system-metrics v0.8.0 h1:EsWbtd83JvnaqnL57bKS1E6GhOdemTRbxdFDcenR8zQ= -github.com/elastic/elastic-agent-system-metrics v0.8.0/go.mod h1:9C1UEfj0P687HAzZepHszN6zXA+2tN2Lx3Osvq1zby8= +github.com/elastic/elastic-agent-system-metrics v0.8.1 h1:eg6actuLeGJlIJFotHRdlAsz/3WhX2G8E0qI301IKBA= +github.com/elastic/elastic-agent-system-metrics v0.8.1/go.mod h1:9C1UEfj0P687HAzZepHszN6zXA+2tN2Lx3Osvq1zby8= github.com/elastic/elastic-transport-go/v8 v8.0.0-20230329154755-1a3c63de0db6/go.mod h1:87Tcz8IVNe6rVSLdBux1o/PEItLtyabHU3naC7IoqKI= github.com/elastic/elastic-transport-go/v8 v8.3.0 h1:DJGxovyQLXGr62e9nDMPSxRyWION0Bh6d9eCFBriiHo= github.com/elastic/elastic-transport-go/v8 v8.3.0/go.mod h1:87Tcz8IVNe6rVSLdBux1o/PEItLtyabHU3naC7IoqKI= From 3a085486d171828668abee73896736831b2d8535 Mon Sep 17 00:00:00 2001 From: Tiago Queiroz Date: Wed, 8 Nov 2023 11:16:44 +0100 Subject: [PATCH 4/6] fix unix tests --- metricbeat/module/system/test_system.py | 1 + 1 file changed, 1 insertion(+) diff --git a/metricbeat/module/system/test_system.py b/metricbeat/module/system/test_system.py index e7a68e4f83a9..35342c2c60b8 100644 --- a/metricbeat/module/system/test_system.py +++ b/metricbeat/module/system/test_system.py @@ -488,6 +488,7 @@ def test_process_unix(self): process.pop("cgroup", None) process.pop("cmdline", None) process.pop("fd", None) + process.pop("num_threads", None) self.assertCountEqual(SYSTEM_PROCESS_FIELDS, process.keys()) From 148065912d5b0d852fcc43ea64b932e6fc6a728e Mon Sep 17 00:00:00 2001 From: Tiago Queiroz Date: Mon, 13 Nov 2023 11:13:42 +0100 Subject: [PATCH 5/6] Add debug and save logs after test run --- Jenkinsfile | 2 +- metricbeat/module/system/test_system.py | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index ecbb2abff468..64b5c9bb2c14 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -719,7 +719,7 @@ def withBeatsEnv(Map args = [:], Closure body) { error("Error '${err.toString()}'") } finally { if (archive) { - archiveArtifacts(allowEmptyArchive: true, artifacts: "${directory}/build/system-tests/docker-logs/TEST-docker-compose-*.log, ${directory}/build/integration-tests/**/**") + archiveArtifacts(allowEmptyArchive: true, artifacts: "${directory}/build/system-tests/docker-logs/TEST-docker-compose-*.log, ${directory}/build/integration-tests/**/**, ${directory}/build/system-tests/last_run/**/**") archiveTestOutput(directory: directory, testResults: testResults, artifacts: artifacts, id: args.id, upload: upload) } tearDown() diff --git a/metricbeat/module/system/test_system.py b/metricbeat/module/system/test_system.py index 35342c2c60b8..bd585457eb5f 100644 --- a/metricbeat/module/system/test_system.py +++ b/metricbeat/module/system/test_system.py @@ -422,6 +422,13 @@ def test_process(self): for evt in output: process = evt["system"]["process"] found_cmdline |= "cmdline" in process + if not found_cmdline: + try: + print("ProcessName: ", evt['process']['pid']) + print("ProcessName: ", evt['process']['name']) + print("ProcessArgs: ", evt['process']['args']) + except Exception: + print(">>>>>>>>>>>>>>>>>>>> did not find pid, name or args for process") # Remove 'env' prior to checking documented fields because its keys are dynamic. process.pop("env", None) From bab5bb460c985cf0fa129759e3c891bf7f9ff65d Mon Sep 17 00:00:00 2001 From: Tiago Queiroz Date: Wed, 15 Nov 2023 09:50:07 +0100 Subject: [PATCH 6/6] Fix python test, remove debug Fix the python test to ensure the cmdLine is found in at least one process instead of them all because we cannot fetch the cmdLine from privileged process. --- Jenkinsfile | 2 +- metricbeat/module/system/test_system.py | 17 +++++++---------- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 64b5c9bb2c14..ecbb2abff468 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -719,7 +719,7 @@ def withBeatsEnv(Map args = [:], Closure body) { error("Error '${err.toString()}'") } finally { if (archive) { - archiveArtifacts(allowEmptyArchive: true, artifacts: "${directory}/build/system-tests/docker-logs/TEST-docker-compose-*.log, ${directory}/build/integration-tests/**/**, ${directory}/build/system-tests/last_run/**/**") + archiveArtifacts(allowEmptyArchive: true, artifacts: "${directory}/build/system-tests/docker-logs/TEST-docker-compose-*.log, ${directory}/build/integration-tests/**/**") archiveTestOutput(directory: directory, testResults: testResults, artifacts: artifacts, id: args.id, upload: upload) } tearDown() diff --git a/metricbeat/module/system/test_system.py b/metricbeat/module/system/test_system.py index bd585457eb5f..9303920b8975 100644 --- a/metricbeat/module/system/test_system.py +++ b/metricbeat/module/system/test_system.py @@ -421,14 +421,10 @@ def test_process(self): found_cmdline = False for evt in output: process = evt["system"]["process"] + # Not all process will have 'cmdline' due to permission issues, + # especially on Windows. Therefore we ensure at least some of + # them will have it. found_cmdline |= "cmdline" in process - if not found_cmdline: - try: - print("ProcessName: ", evt['process']['pid']) - print("ProcessName: ", evt['process']['name']) - print("ProcessArgs: ", evt['process']['args']) - except Exception: - print(">>>>>>>>>>>>>>>>>>>> did not find pid, name or args for process") # Remove 'env' prior to checking documented fields because its keys are dynamic. process.pop("env", None) @@ -441,9 +437,10 @@ def test_process(self): process.pop("num_threads", None) self.assertCountEqual(SYSTEM_PROCESS_FIELDS, process.keys()) - - self.assertTrue( - found_cmdline, "cmdline not found in any process events") + # After iterating over all process, make sure at least one of them had + # the 'cmdline' set. + self.assertTrue( + found_cmdline, "cmdline not found in any process events") @unittest.skipUnless(re.match("(?i)linux|darwin|freebsd", sys.platform), "os") def test_process_unix(self):