class Auditbeat < Formula desc "Lightweight Shipper for Audit Data" homepage "https://www.elastic.co/products/beats/auditbeat" url "https://github.com/elastic/beats.git", :tag => "v6.8.5", :revision => "22b590e4e8dbb91bdcfe8689e59dcb04447eeef6" revision 1 head "https://github.com/elastic/beats.git" bottle do cellar :any_skip_relocation rebuild 1 sha256 "09e1dc845a3f118cb43994e16d9e9646b907c479688070104ea0af636df84c4f" => :catalina sha256 "4a8d39c4a22f8fe45bd5e9fe3f9a3f12902c149c450e8060ba4dd727b3ad4193" => :mojave sha256 "b7ea5ae1e8784382ae7c5e346f896795803d0f9ca2d98fa7acdb58f687a81025" => :high_sierra end depends_on "go" => :build # https://github.com/elastic/beats/pull/14798 uses_from_macos "python@2" => :build # does not support Python 3 # Newer virtualenvs are not compatible with Python 2.7.10 on high sierra, use an old version resource "virtualenv" do url "https://files.pythonhosted.org/packages/d4/0c/9840c08189e030873387a73b90ada981885010dd9aea134d6de30cd24cb8/virtualenv-15.1.0.tar.gz" sha256 "02f8102c2436bb03b3ee6dede1919d1dac8a427541652e5ec95171ec8adbc93a" end # Patch required to build against go 1.11 (Can be removed with v7.0.0) # partially backport of https://github.com/elastic/beats/commit/8d8eaf34a6cb5f3b4565bf40ca0dc9681efea93c patch do url "https://raw.githubusercontent.com/Homebrew/formula-patches/a0f8cdc0/auditbeat/go1.11.diff" sha256 "8a00cb0265b6e2de3bc76f14f2ee4f1a5355dad490f3db9288d968b3e95ae0eb" end def install # remove non open source files rm_rf "x-pack" ENV["GOPATH"] = buildpath (buildpath/"src/github.com/elastic/beats").install buildpath.children ENV.prepend_create_path "PYTHONPATH", buildpath/"vendor/lib/python2.7/site-packages" resource("virtualenv").stage do system "python", *Language::Python.setup_install_args(buildpath/"vendor") end ENV.prepend_path "PATH", buildpath/"vendor/bin" # for virtualenv ENV.prepend_path "PATH", buildpath/"bin" # for mage (build tool) cd "src/github.com/elastic/beats/auditbeat" do # don't build docs because it would fail creating the combined OSS/x-pack # docs and we aren't installing them anyway inreplace "magefile.go", "mage.GenerateModuleIncludeListGo, Docs)", "mage.GenerateModuleIncludeListGo)" system "make", "mage" # prevent downloading binary wheels during python setup system "make", "PIP_INSTALL_COMMANDS=--no-binary :all", "python-env" system "mage", "-v", "build" system "mage", "-v", "update" (etc/"auditbeat").install Dir["auditbeat.*", "fields.yml"] (libexec/"bin").install "auditbeat" prefix.install "build/kibana" end prefix.install_metafiles buildpath/"src/github.com/elastic/beats" (bin/"auditbeat").write <<~EOS #!/bin/sh exec #{libexec}/bin/auditbeat \ --path.config #{etc}/auditbeat \ --path.data #{var}/lib/auditbeat \ --path.home #{prefix} \ --path.logs #{var}/log/auditbeat \ "$@" EOS end def post_install (var/"lib/auditbeat").mkpath (var/"log/auditbeat").mkpath end plist_options :manual => "auditbeat" def plist; <<~EOS Label #{plist_name} Program #{opt_bin}/auditbeat RunAtLoad EOS end test do (testpath/"files").mkpath (testpath/"config/auditbeat.yml").write <<~EOS auditbeat.modules: - module: file_integrity paths: - #{testpath}/files output.file: path: "#{testpath}/auditbeat" filename: auditbeat EOS pid = fork do exec "#{bin}/auditbeat", "-path.config", testpath/"config", "-path.data", testpath/"data" end sleep 5 begin touch testpath/"files/touch" sleep 30 s = IO.readlines(testpath/"auditbeat/auditbeat").last(1)[0] assert_match "\"action\":\[\"created\"\]", s realdirpath = File.realdirpath(testpath) assert_match "\"path\":\"#{realdirpath}/files/touch\"", s ensure Process.kill "SIGINT", pid Process.wait pid end end end