IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Beats version 8.18.2
edit
A newer version is available. Check out the latest documentation.
Beats version 8.18.2
editKnown issues
edit-
restart_on_cert_changecauses panic due to seccomp policy. In versions 8.18.0 and later, enabling this option causes the Beat to panic on restart. This is due to theeventfd2syscall missing from the default seccomp policy. To fix this, addeventfd2to a custom seccomp policy. To fix this, addeventfd2to a custom seccomp policy. For more details, refer to Use Linux Secure Computing Mode (seccomp).
Click to view the policy
seccomp:
syscalls:
- action: allow
names:
- accept
- accept4
- access
- arch_prctl
- bind
- brk
- capget
- chmod
- chown
- clock_gettime
- clock_nanosleep
- clone
- clone3
- close
- connect
- dup
- dup2
- dup3
- epoll_create
- epoll_create1
- epoll_ctl
- epoll_pwait
- epoll_wait
- eventfd2
- execve
- exit
- exit_group
- faccessat
- faccessat2
- fchdir
- fchmod
- fchmodat
- fchown
- fchownat
- fcntl
- fdatasync
- flock
- fstat
- fstatfs
- fsync
- ftruncate
- futex
- getcwd
- getdents
- getdents64
- geteuid
- getgid
- getpeername
- getpid
- getppid
- getrandom
- getrlimit
- getrusage
- getsockname
- getsockopt
- gettid
- gettimeofday
- getuid
- inotify_add_watch
- inotify_init1
- inotify_rm_watch
- ioctl
- kill
- listen
- lseek
- lstat
- madvise
- mincore
- mkdirat
- mmap
- mprotect
- munmap
- nanosleep
- newfstatat
- open
- openat
- pipe
- pipe2
- poll
- ppoll
- prctl
- pread64
- pselect6
- pwrite64
- read
- readlink
- readlinkat
- recvfrom
- recvmmsg
- recvmsg
- rename
- renameat
- rseq
- rt_sigaction
- rt_sigprocmask
- rt_sigreturn
- sched_getaffinity
- sched_yield
- sendfile
- sendmmsg
- sendmsg
- sendto
- set_robust_list
- setitimer
- setrlimit
- setsockopt
- shutdown
- sigaltstack
- socket
- splice
- stat
- statfs
- sysinfo
- tgkill
- time
- tkill
- uname
- unlink
- unlinkat
- wait4
- waitid
- write
- writev
Bugfixes
editAffecting all Beats
- Fix the add_cloud_metadata processor to better support custom certificate bundles by improving how the AWS provider HTTP client is overridden. 44189
Auditbeat
Filebeat
Osquerybeat
- Disable the allow_unsafe osquery configuration. 40130
Added
editAffecting all Beats
- Update Go version to v1.24.3. 44270
Metricbeat
- Add checks for the Resty response object in all Meraki module API calls to ensure proper handling of nil responses. 44193
-
Add
enable_batch_apioption in the Azure monitor module to allow metrics collection of multiple resources using Azure batch API. 41790 -
Add support for
_nodes/statsURIs compatible with legacy Elasticsearch versions. 44307 - Add a latency configuration option to the Azure Monitor module. 44366
Osquerybeat
- Update osquery version to v5.15.0. 43426