IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Beats version 8.18.6
edit
A newer version is available. Check out the latest documentation.
Beats version 8.18.6
editKnown issues
edit-
restart_on_cert_changecauses panic due to seccomp policy. In versions 8.18.0 and later, enabling this option causes the Beat to panic on restart. This is due to theeventfd2syscall missing from the default seccomp policy. To fix this, addeventfd2to a custom seccomp policy. To fix this, addeventfd2to a custom seccomp policy. For more details, refer to Use Linux Secure Computing Mode (seccomp).
Click to view the policy
seccomp:
syscalls:
- action: allow
names:
- accept
- accept4
- access
- arch_prctl
- bind
- brk
- capget
- chmod
- chown
- clock_gettime
- clock_nanosleep
- clone
- clone3
- close
- connect
- dup
- dup2
- dup3
- epoll_create
- epoll_create1
- epoll_ctl
- epoll_pwait
- epoll_wait
- eventfd2
- execve
- exit
- exit_group
- faccessat
- faccessat2
- fchdir
- fchmod
- fchmodat
- fchown
- fchownat
- fcntl
- fdatasync
- flock
- fstat
- fstatfs
- fsync
- ftruncate
- futex
- getcwd
- getdents
- getdents64
- geteuid
- getgid
- getpeername
- getpid
- getppid
- getrandom
- getrlimit
- getrusage
- getsockname
- getsockopt
- gettid
- gettimeofday
- getuid
- inotify_add_watch
- inotify_init1
- inotify_rm_watch
- ioctl
- kill
- listen
- lseek
- lstat
- madvise
- mincore
- mkdirat
- mmap
- mprotect
- munmap
- nanosleep
- newfstatat
- open
- openat
- pipe
- pipe2
- poll
- ppoll
- prctl
- pread64
- pselect6
- pwrite64
- read
- readlink
- readlinkat
- recvfrom
- recvmmsg
- recvmsg
- rename
- renameat
- rseq
- rt_sigaction
- rt_sigprocmask
- rt_sigreturn
- sched_getaffinity
- sched_yield
- sendfile
- sendmmsg
- sendmsg
- sendto
- set_robust_list
- setitimer
- setrlimit
- setsockopt
- shutdown
- sigaltstack
- socket
- splice
- stat
- statfs
- sysinfo
- tgkill
- time
- tkill
- uname
- unlink
- unlinkat
- wait4
- waitid
- write
- writev
Breaking changes
editAffecting all Beats
-
The base folder for data and logs on Windows has changed from
C:\ProgramData\[BeatName]to toC:\Program Files\[BeatName]-Databecause the latter has stricter permissions. 45949
Bugfixes
editFilebeat
- Fix wrongly emitted missing input ID warning 42969 45747
- Fix handling of unnecessary BOM in UTF-8 text received by o365audit input. 44327 45739
- Fix reading journald messages with more than 4kb. 45511 46017
- Restore the Streaming input on Windows. 46031
- Fix termination of input on API errors. 45999
- Fix filestream registry entries being prematurely removed, which could cause files to be re-ingested after Filebeat restarts. 46007 46032
Metricbeat