class Auditbeat < Formula desc "Lightweight Shipper for Audit Data" homepage "https://www.elastic.co/products/beats/auditbeat" url "https://github.com/elastic/beats.git", :tag => "v6.8.2", :revision => "0ffbeab5a52fa93586e4178becf1252e6a837028" head "https://github.com/elastic/beats.git" bottle do cellar :any_skip_relocation sha256 "f68fdb18435d7e186815db09c659cba26624b1bbe48bf7170af3b01437698387" => :mojave sha256 "4a557b1777dce96f5a65213807aeb3ffd237039021bb22ef70f1e7aab0f07083" => :high_sierra sha256 "99ef930806428dc372bcda61c53af3cc94d97cd1471a8cff0b67f8ab1184d7b6" => :sierra end depends_on "go" => :build depends_on "python@2" => :build resource "virtualenv" do url "https://files.pythonhosted.org/packages/8b/f4/360aa656ddb0f4168aeaa1057d8784b95d1ce12f34332c1cf52420b6db4e/virtualenv-16.3.0.tar.gz" sha256 "729f0bcab430e4ef137646805b5b1d8efbb43fe53d4a0f33328624a84a5121f7" end # Patch required to build against go 1.11 (Can be removed with v7.0.0) # partially backport of https://github.com/elastic/beats/commit/8d8eaf34a6cb5f3b4565bf40ca0dc9681efea93c patch do url "https://raw.githubusercontent.com/Homebrew/formula-patches/a0f8cdc0/auditbeat/go1.11.diff" sha256 "8a00cb0265b6e2de3bc76f14f2ee4f1a5355dad490f3db9288d968b3e95ae0eb" end def install # remove non open source files rm_rf "x-pack" ENV["GOPATH"] = buildpath (buildpath/"src/github.com/elastic/beats").install buildpath.children ENV.prepend_create_path "PYTHONPATH", buildpath/"vendor/lib/python2.7/site-packages" resource("virtualenv").stage do system "python", *Language::Python.setup_install_args(buildpath/"vendor") end ENV.prepend_path "PATH", buildpath/"vendor/bin" # for virtualenv ENV.prepend_path "PATH", buildpath/"bin" # for mage (build tool) cd "src/github.com/elastic/beats/auditbeat" do # don't build docs because it would fail creating the combined OSS/x-pack # docs and we aren't installing them anyway inreplace "magefile.go", "mage.GenerateModuleIncludeListGo, Docs)", "mage.GenerateModuleIncludeListGo)" system "make", "mage" # prevent downloading binary wheels during python setup system "make", "PIP_INSTALL_COMMANDS=--no-binary :all", "python-env" system "mage", "-v", "build" system "mage", "-v", "update" (etc/"auditbeat").install Dir["auditbeat.*", "fields.yml"] (libexec/"bin").install "auditbeat" prefix.install "build/kibana" end prefix.install_metafiles buildpath/"src/github.com/elastic/beats" (bin/"auditbeat").write <<~EOS #!/bin/sh exec #{libexec}/bin/auditbeat \ --path.config #{etc}/auditbeat \ --path.data #{var}/lib/auditbeat \ --path.home #{prefix} \ --path.logs #{var}/log/auditbeat \ "$@" EOS end def post_install (var/"lib/auditbeat").mkpath (var/"log/auditbeat").mkpath end plist_options :manual => "auditbeat" def plist; <<~EOS Label #{plist_name} Program #{opt_bin}/auditbeat RunAtLoad EOS end test do (testpath/"files").mkpath (testpath/"config/auditbeat.yml").write <<~EOS auditbeat.modules: - module: file_integrity paths: - #{testpath}/files output.file: path: "#{testpath}/auditbeat" filename: auditbeat EOS pid = fork do exec "#{bin}/auditbeat", "-path.config", testpath/"config", "-path.data", testpath/"data" end sleep 5 begin touch testpath/"files/touch" sleep 30 s = IO.readlines(testpath/"auditbeat/auditbeat").last(1)[0] assert_match "\"action\":\[\"created\"\]", s realdirpath = File.realdirpath(testpath) assert_match "\"path\":\"#{realdirpath}/files/touch\"", s ensure Process.kill "SIGINT", pid Process.wait pid end end end