diff --git a/packages/iptables/_dev/build/docs/README.md b/packages/iptables/_dev/build/docs/README.md index 1eb03eafcb0..25f496698a5 100644 --- a/packages/iptables/_dev/build/docs/README.md +++ b/packages/iptables/_dev/build/docs/README.md @@ -9,6 +9,22 @@ traffic (allow/deny). The module is by default configured to run with the `udp` input on port `9001`. However, it can also be configured to read from a file path or journald. +To read Journald logs from within a container, you need to use a +Docker image variant that contains `journalctl` binary. The variant +supporting Journald is `elastic-agent-complete`. + +Journal files can have breaking changes making it +impossible to read files generated by a newer versions of +Journald. Ensure the journal files you are reading were generated by +a version equal to or older than the `journalctl` shipped with the Docker +image. + +To check the version of `journalctl` shipped with an Elastic Agent +Docker image, run the following command: +``` +docker run --rm -it --entrypoint journalctl docker.elastic.co/elastic-agent/elastic-agent-complete: --version +``` + ## Logs ### Iptables log diff --git a/packages/iptables/changelog.yml b/packages/iptables/changelog.yml index 7b9e41d7297..8b8f4a22c18 100644 --- a/packages/iptables/changelog.yml +++ b/packages/iptables/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.21.1" + changes: + - description: Update documentation to mention the requirements for reading Journald logs. + type: enhancement + link: https://github.com/elastic/integrations/pull/13597 - version: "1.21.0" changes: - description: Allow @custom pipeline access to event.original without setting preserve_original_event. diff --git a/packages/iptables/docs/README.md b/packages/iptables/docs/README.md index 24e2380de49..42bcaffdbb4 100644 --- a/packages/iptables/docs/README.md +++ b/packages/iptables/docs/README.md @@ -9,6 +9,22 @@ traffic (allow/deny). The module is by default configured to run with the `udp` input on port `9001`. However, it can also be configured to read from a file path or journald. +To read Journald logs from within a container, you need to use a +Docker image variant that contains `journalctl` binary. The variant +supporting Journald is `elastic-agent-complete`. + +Journal files can have breaking changes making it +impossible to read files generated by a newer versions of +Journald. Ensure the journal files you are reading were generated by +a version equal to or older than the `journalctl` shipped with the Docker +image. + +To check the version of `journalctl` shipped with an Elastic Agent +Docker image, run the following command: +``` +docker run --rm -it --entrypoint journalctl docker.elastic.co/elastic-agent/elastic-agent-complete: --version +``` + ## Logs ### Iptables log diff --git a/packages/iptables/manifest.yml b/packages/iptables/manifest.yml index 8bb166cf121..b9eaf112b31 100644 --- a/packages/iptables/manifest.yml +++ b/packages/iptables/manifest.yml @@ -1,6 +1,6 @@ name: iptables title: Iptables -version: "1.21.0" +version: "1.21.1" description: Collect logs from Iptables with Elastic Agent. type: integration icons: diff --git a/packages/journald/changelog.yml b/packages/journald/changelog.yml index 5eca5590d2a..022049108f9 100644 --- a/packages/journald/changelog.yml +++ b/packages/journald/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.1" + changes: + - description: Update documentation to mention the requirements for reading Journald logs. + type: enhancement + link: https://github.com/elastic/integrations/pull/13597 - version: "1.2.0" changes: - description: Add support for defining Conditions diff --git a/packages/journald/docs/README.md b/packages/journald/docs/README.md index 09ab19d5979..063c29bf3d0 100644 --- a/packages/journald/docs/README.md +++ b/packages/journald/docs/README.md @@ -5,6 +5,22 @@ The journald input reads the log data and the metadata associated with it. The journald input is available on Linux systems with `systemd` installed. +To read Journald logs from within a container, you need to use a +Docker image variant that contains `journalctl` binary. The variant +supporting Journald is `elastic-agent-complete`. + +Journal files can have breaking changes making it +impossible to read files generated by a newer versions of +Journald. Ensure the journal files you are reading were generated by +a version equal to or older than the `journalctl` shipped with the Docker +image. + +To check the version of `journalctl` shipped with an Elastic-Agent +Docker image, run the following command: +``` +docker run --rm -it --entrypoint journalctl docker.elastic.co/elastic-agent/elastic-agent-complete: --version +``` + An example event looks as follows: ```json diff --git a/packages/journald/manifest.yml b/packages/journald/manifest.yml index 3eb6d46d552..773a9dbe578 100644 --- a/packages/journald/manifest.yml +++ b/packages/journald/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.3.0 name: journald title: "Custom Journald logs" -version: 1.2.0 +version: 1.2.1 description: Collect logs from journald with Elastic Agent. type: input categories: diff --git a/packages/system/_dev/build/docs/README.md b/packages/system/_dev/build/docs/README.md index 42d1fc8f82a..dda0695817c 100644 --- a/packages/system/_dev/build/docs/README.md +++ b/packages/system/_dev/build/docs/README.md @@ -38,6 +38,22 @@ Each data stream collects different kinds of metric data, which may require dedi to be fetched and which may vary across operating systems. Details on the permissions needed for each data stream are available in the [Metrics reference](#metrics-reference). +To read Journald logs from within a container, you need to use a +Docker image variant that contains `journalctl` binary. The variant +supporting Journald is `elastic-agent-complete`. + +Journal files can have breaking changes making it +impossible to read files generated by a newer versions of +Journald. Ensure the journal files you are reading were generated by +a version equal to or older than the `journalctl` shipped with the Docker +image. + +To check the version of `journalctl` shipped with an Elastic-Agent +Docker image, run the following command: +``` +docker run --rm -it --entrypoint journalctl docker.elastic.co/elastic-agent/elastic-agent-complete: --version +``` + ## Setup For step-by-step instructions on how to set up an integration, see the diff --git a/packages/system/changelog.yml b/packages/system/changelog.yml index f3d7ade01a7..79319de9688 100644 --- a/packages/system/changelog.yml +++ b/packages/system/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.2" + changes: + - description: Update documentation to mention the requirements for reading Journald logs. + type: enhancement + link: https://github.com/elastic/integrations/pull/13597 - version: "2.3.1" changes: - description: Change default to use journald input for SLES 15 SP6. diff --git a/packages/system/docs/README.md b/packages/system/docs/README.md index fc6c2657128..d2d0ec50f84 100644 --- a/packages/system/docs/README.md +++ b/packages/system/docs/README.md @@ -38,6 +38,22 @@ Each data stream collects different kinds of metric data, which may require dedi to be fetched and which may vary across operating systems. Details on the permissions needed for each data stream are available in the [Metrics reference](#metrics-reference). +To read Journald logs from within a container, you need to use a +Docker image variant that contains `journalctl` binary. The variant +supporting Journald is `elastic-agent-complete`. + +Journal files can have breaking changes making it +impossible to read files generated by a newer versions of +Journald. Ensure the journal files you are reading were generated by +a version equal to or older than the `journalctl` shipped with the Docker +image. + +To check the version of `journalctl` shipped with an Elastic-Agent +Docker image, run the following command: +``` +docker run --rm -it --entrypoint journalctl docker.elastic.co/elastic-agent/elastic-agent-complete: --version +``` + ## Setup For step-by-step instructions on how to set up an integration, see the diff --git a/packages/system/manifest.yml b/packages/system/manifest.yml index 1c7dc91a701..88cff10333f 100644 --- a/packages/system/manifest.yml +++ b/packages/system/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.2 name: system title: System -version: "2.3.1" +version: "2.3.2" description: Collect system logs and metrics from your servers with Elastic Agent. type: integration categories: