Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Winlogbeat escaping CRLF sequences #11357

Merged
merged 4 commits into from
Mar 21, 2019
Merged

Fix Winlogbeat escaping CRLF sequences #11357

merged 4 commits into from
Mar 21, 2019

Conversation

adriansr
Copy link
Contributor

Previous fix (#11006) made Winlogbeat escape CRLF control characters, which are expected in Windows event logs.

Fixes #11328

@adriansr
Fix Winlogbeat escaping CRLF sequences
aeea9c4 
Previous fix (elastic#11006) made Winlogbeat escape CRLF control characters
which are expected in Windows event logs.

Fixes elastic#11328
@adriansr adriansr requested a review from a team as a code owner March 21, 2019 03:12
andrewkroh
andrewkroh reviewed Mar 21, 2019
View reviewed changes
winlogbeat/sys/event_test.go Outdated
if !assert.NoError(t, err) {
assert.Equal(t, err.Error(), "XML syntax error on line 6: illegal character code U+001B")
}
evXML := strings.Replace(allXML, "%1", "
\n\x1b", -1)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think including other whitespace characters would be good too since \t is used a lot in event logs.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What was the story with the \r? I see you had to use 
. Is it because of https://www.w3.org/TR/REC-xml/#sec-line-ends?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, the XML parser was getting rid of it.

winlogbeat/tests/system/test_wineventlog.py Outdated
self.assertNotIn("event.original", evts[0], evts[0])
self.assertIn("message", evts[0], evts[0])
self.assertNotIn("\\u000a", evts[0]["message"])
self.assertEqual(unicode(msg), evts[0]["message"].decode('unicode-escape'), evts[0])
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to read some python docs before I can fully understand this stuff. But I get the gist.

@adriansr
Copy link
Contributor Author

jenkins, test this

@adriansr adriansr added bug Winlogbeat needs_backport PR is waiting to be backported to other branches. labels Mar 21, 2019
andrewkroh
andrewkroh approved these changes Mar 21, 2019
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@adriansr adriansr merged commit 6865403 into elastic:master Mar 21, 2019
adriansr added a commit to adriansr/beats that referenced this pull request Mar 21, 2019
@adriansr
Fix Winlogbeat escaping CRLF and TAB characters (elastic#11357)
ea6b328 
Previous fix (elastic#11006) made Winlogbeat escape CRLF control characters
which are expected in Windows event logs.

Fixes elastic#11328

(cherry picked from commit 6865403)
@adriansr adriansr mentioned this pull request Mar 21, 2019
Merged
@adriansr adriansr added v6.7.0 and removed needs_backport PR is waiting to be backported to other branches. labels Mar 21, 2019
adriansr added a commit that referenced this pull request Mar 21, 2019
@adriansr
Fix Winlogbeat escaping CRLF and TAB characters (#11357) (#11369)
14ca49c 
Previous fix (#11006) made Winlogbeat escape CRLF control characters
which are expected in Windows event logs.

Fixes #11328

(cherry picked from commit 6865403)
@adriansr adriansr mentioned this pull request Mar 21, 2019
Merged
adriansr added a commit to adriansr/beats that referenced this pull request Mar 21, 2019
@adriansr
Fix Winlogbeat escaping CRLF and TAB characters (elastic#11357)
9c8cbb6 
Previous fix (elastic#11006) made Winlogbeat escape CRLF control characters
which are expected in Windows event logs.

Fixes elastic#11328

(cherry picked from commit 6865403)
@adriansr adriansr mentioned this pull request Mar 21, 2019
Closed
adriansr added a commit to adriansr/beats that referenced this pull request Mar 21, 2019
@adriansr
Fix Winlogbeat escaping CRLF and TAB characters (elastic#11357)
bf39dd4 
Previous fix (elastic#11006) made Winlogbeat escape CRLF control characters
which are expected in Windows event logs.

Fixes elastic#11328

(cherry picked from commit 6865403)
@adriansr adriansr mentioned this pull request Mar 21, 2019
Merged
adriansr added a commit to adriansr/beats that referenced this pull request Mar 21, 2019
@adriansr
Fix Winlogbeat escaping CRLF and TAB characters (elastic#11357)
f52ad39 
Previous fix (elastic#11006) made Winlogbeat escape CRLF control characters
which are expected in Windows event logs.

Fixes elastic#11328

(cherry picked from commit 6865403)
@adriansr adriansr mentioned this pull request Mar 21, 2019
Merged
adriansr added a commit that referenced this pull request Mar 21, 2019
@adriansr
Fix Winlogbeat escaping CRLF and TAB characters (#11357) (#11373)
d026281 
Previous fix (#11006) made Winlogbeat escape CRLF control characters
which are expected in Windows event logs.

Fixes #11328

(cherry picked from commit 6865403)
adriansr added a commit that referenced this pull request Mar 22, 2019
@adriansr
Cherry-pick #11357 to 5.6: Fix Winlogbeat escaping CRLF sequences (#1…
3129969 
…1372)

Previous fix (#11006) made Winlogbeat escape CRLF control characters
which are expected in Windows event logs.

Fixes #11328

(cherry picked from commit 6865403)
adriansr added a commit to adriansr/beats that referenced this pull request Mar 25, 2019
@adriansr
[Winlogbeat] fix system test failure
791eaa7 
The new system test added in elastic#11357 checks for the wrong field
in 6.7 and 6.6.
@adriansr adriansr mentioned this pull request Mar 25, 2019
Merged
adriansr added a commit that referenced this pull request Mar 25, 2019
@adriansr
[Winlogbeat] fix system test failure (#11422)
821ac2f 
The new system test added in #11357 checks for the wrong field
in 6.7 and 6.6.
adriansr added a commit to adriansr/beats that referenced this pull request Mar 25, 2019
@adriansr
[Winlogbeat] fix system test failure (elastic#11422)
75fd9bd 
The new system test added in elastic#11357 checks for the wrong field
in 6.7 and 6.6.
adriansr added a commit that referenced this pull request Mar 28, 2019
@adriansr
Cherry-pick #11357 to 6.6: Fix Winlogbeat escaping CRLF sequences (#1…
cc64201 
…1370)

Previous fix (#11006) made Winlogbeat escape CRLF control characters
which are expected in Windows event logs.

Fixes #11328

(cherry picked from commit 6865403)
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
@adriansr
Cherry-pick elastic#11357 to 6.6: Fix Winlogbeat escaping CRLF sequen…
52ec4ad 
…ces (elastic#11370)

Previous fix (elastic#11006) made Winlogbeat escape CRLF control characters
which are expected in Windows event logs.

Fixes elastic#11328

(cherry picked from commit 5db0f15)
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
@adriansr
Cherry-pick elastic#11357 to 5.6: Fix Winlogbeat escaping CRLF sequen…
2f03f6d 
…ces (elastic#11372)

Previous fix (elastic#11006) made Winlogbeat escape CRLF control characters
which are expected in Windows event logs.

Fixes elastic#11328

(cherry picked from commit 6865403)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees
No one assigned
Labels
bug review v6.6.3 v6.7.0 v7.0.0 Winlogbeat
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

winlogbeat 6.6.2 sends utf-16 control codes (carriage return, line feed, tab)
2 participants
@adriansr @andrewkroh