elasticmachine
commented
2 years ago Pinging @elastic/elastic-agent (Team:Elastic-Agent)
Open breml opened 2 years ago
elasticmachine
commented
2 years ago Pinging @elastic/elastic-agent (Team:Elastic-Agent)
botelastic[bot]
commented
1 year ago Hi! We just realized that we haven't looked into this issue in a while. We're sorry!
We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!
breml
commented
1 year ago 👍🏻
botelastic[bot]
commented
6 months ago Hi! We just realized that we haven't looked into this issue in a while. We're sorry!
We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!
breml
commented
6 months ago 👍🏻
We use Metricbeat on Linux as well as on Windows to monitor processes with the process metricset of the system module. For one of our use cases, we would like to evaluate the fields
process.working_directoryandprocess.executable, which are available for the Linux hosts, but are missing for the Windows hosts.On Windows (Microsoft Windows Server 2019 Datacenter), metricbeat is executed as service with "Local System account" privileges.
I did some research in the source code and it looks like https://github.com/elastic/gosigar is used to collect the process information (https://github.com/elastic/beats/blob/master/libbeat/metric/system/process/process.go#L124-L127), but this is not implemented for Windows (https://github.com/elastic/gosigar/blob/master/sigar_windows.go#L47-L49).
On the other hand, there is code to collect e.g. the working directory in https://github.com/elastic/go-sysinfo (https://github.com/elastic/go-sysinfo/blob/main/providers/windows/process_windows.go#L127-L147) so the question is, if this can be used instead or if gosigar can be updated accordingly.