Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 6.0.4
• Ruby: ruby 2.4.4p296 (2018-03-28 revision 63013) [x64-mingw32]
• Distribution:
• Module version: mod 'puppet-winlogbeat', '0.2.2'

How to reproduce (e.g Puppet code you use)

1. Stop the winlogbeat service if it is already installed
2. delete the service entry on cmd by 'sc delete winlogbeat'
3. Run the puppet to get winlogbeat installed on target node puppet agent -t

Below is the excerpt of puppet class

  class { '::winlogbeat':
    download_url         => $url,
    major_version        => $version,
    package_ensure       => $package,
    outputs              => {
      'logstash'      => {
        'hosts'       => $logstash_hosts,
        'loadbalance' => $load_balance,
      },
    },
    event_logs           => {
      'Application'  => {
      'ignore_older' => '1h',
      },
    },
  }

What are you seeing

Notice: /Stage[main]/Winlogbeat::Install/Archive[C:/Windows/Temp/winlogbeat-6.4.2-windows-x86_64.zip]/ensure: download archive from https://artifacts.elastic.co/downloads/beats/winlogbe
at/winlogbeat-6.4.2-windows-x86_64.zip to C:/Windows/Temp/winlogbeat-6.4.2-windows-x86_64.zip  without cleanup
Notice: /Stage[main]/Winlogbeat::Install/Exec[unzip winlogbeat-6.4.2-windows-x86_64]/returns: executed successfully
Notice: /Stage[main]/Winlogbeat::Install/File[C:/Windows/Temp/winlogbeat-6.4.2-windows-x86_64.zip]/ensure: removed
Notice: /Stage[main]/Winlogbeat::Install/Exec[rename winlogbeat-6.4.2-windows-x86_64]/returns: executed successfully
Notice: /Stage[main]/Winlogbeat::Install/Exec[mark winlogbeat-6.4.2-windows-x86_64]/returns: executed successfully
Info: /Stage[main]/Winlogbeat::Install/Exec[mark winlogbeat-6.4.2-windows-x86_64]: Scheduling refresh of Exec[install winlogbeat-6.4.2-windows-x86_64]
Notice: /Stage[main]/Winlogbeat::Install/Exec[install winlogbeat-6.4.2-windows-x86_64]: Triggered 'refresh' from 1 event
Notice: /Stage[main]/Winlogbeat::Config/File[winlogbeat.yml]/content:

Info: Computing checksum on file C:/Program Files/Winlogbeat/winlogbeat.yml
Info: /Stage[main]/Winlogbeat::Config/File[winlogbeat.yml]: Filebucketed C:/Program Files/Winlogbeat/winlogbeat.yml to puppet with sum 30476c559dfafdd93b3a43384cb52979
Notice: /Stage[main]/Winlogbeat::Config/File[winlogbeat.yml]/content: content changed '{md5}30476c559dfafdd93b3a43384cb52979' to '{md5}e87d9990a8bbf238c39d67bb5e419271'
Info: /Stage[main]/Winlogbeat::Config/File[winlogbeat.yml]: Scheduling refresh of Service[winlogbeat]
Error: Cannot enable winlogbeat, error was: Failed to open a handle to the service:  The specified service does not exist as an installed service.
Wrapped exception:
Failed to open a handle to the service:  The specified service does not exist as an installed service.
Error: /Stage[main]/Winlogbeat::Service/Service[winlogbeat]/ensure: change from 'stopped' to 'running' failed: Cannot enable winlogbeat, error was: Failed to open a handle to the servic
e:  The specified service does not exist as an installed service.
Notice: /Stage[main]/Winlogbeat::Service/Service[winlogbeat]: Triggered 'refresh' from 1 event
Info: Class[Winlogbeat::Service]: Unscheduling all events on Class[Winlogbeat::Service]
Notice: /Stage[main]/Winlogbeat/Anchor[winlogbeat::end]: Dependency Service[winlogbeat] has failures: true

What behaviour did you expect instead

Puppet should able to install winlogbeat without any failures.

Output log

Puppet run failing with service not avaialble

Any additional information you'd like to impart

If I add the service manually with the following command and run puppet , it is not failing.
Powershell.exe -NonInteractive -NoProfile -ExecutionPolicy Bypass -NoLogo -Command New-Service -name filebeat -displayName Filebeat -binaryPathName '\"C:\Program Files\Filebeat\Filebeat.exe\" -c \"C:\Program Files\Filebeat\filebeat.yml\" -path.home \"C:\Program Files\Filebeat\" -path.data \"C:\ProgramData\filebeat\" -path.logs \"C:\ProgramData\filebeat\logs\"'

install.pp line 27 says
exec { 'rename winlogbeat folder':
while line 39 refers to line 27 with
require => Exec['rename folder'],
which leads to Puppet saying
Error: Failed to apply catalog: Could not find dependency Exec[rename folder] for Exec[install winlogbeat-1.2.3-windows]

This mainly includes a new config file format....

This was recently merged: I want to do the same to the winlogbeat module.
pcfens/puppet-filebeat#113

Hi,

Iv found puppet keeps inserting --- above the outputs section in our yml file which is making winlogbeat ignore the outputs section. Example below:

https://gist.github.com/moretalk/498f5f400e31fa13661c6419768cc6c3

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 5.5.8
• Ruby: ?
• Distribution: Windows Server 2016 standaard
• Module version: 1.0.0

How to reproduce (e.g Puppet code you use)

Use a download_url with http:// instead of https://

What are you seeing

Faulty download file path: c:\Windows\Temp/http:

What behaviour did you expect instead

Download en unzip

Output log

Error: Could not set 'present' on ensure: Invalid argument @ dir_s_mkdir - c:\Windows\Temp/http: (file: /etc/puppetlabs/code/environments/luc_3132_beats/modules/winlogbeat/manifests/install.pp, line: 27)
Wrapped exception:
Invalid argument @ dir_s_mkdir - c:\Windows\Temp/http:
Error: /Stage[main]/Winlogbeat::Install/Archive[c:\Windows\Temp/http://repo.<...>/winlogbeat-7.4.2-windows-x86_64.zip.zip]/ensure: change from 'absent' to 'present' failed: Could not set 'present' on ensure: Invalid argument @ dir_s_mkdir - c:\Windows\Temp/http: (file: /etc/puppetlabs/code/environments/luc_3132_beats/modules/winlogbeat/manifests/install.pp, line: 27)

Any additional information you'd like to impart

When download URL is changes to https:// everything is fine.
Issue is at puppet code 'install.pp line 7' $file_name

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet:
• Ruby:
• Distribution:
• Module version:

How to reproduce (e.g Puppet code you use)

What are you seeing

No capability to supply cloud.id and cloud auth for elastic.co PaaS elasticsearch

What behaviour did you expect instead

capability to supply cloud.id and cloud auth for elastic.co PaaS elasticsearch

Output log

Any additional information you'd like to impart

I submitted a commit and PR to pcfens/puppet-filebeat that was accepted and thought I'd do the same to winlogbeat

Please release 1.0.1 to the forge

Example: pcfens/puppet-filebeat#118

I will be sending you a MR eventually to do the same. I think you should release a 1.0.0 soon as the last release to support puppet 3 and beat less than 5 and then cut a 2.0.0 after this.

When is the next planned release to the Puppet forge? I'd specifically like the functionality in #36 for v7 support.

Check arch and construct url accordingly

queue_size has been removed. Is there a way to configure this module so as to leave this parameter out?

C:\Program Files\winlogbeat>.\winlogbeat.exe
winlogbeat2018/02/27 21:07:21.122998 beat.go:635: CRIT Exiting: 1 error: setting 'queue_size' has been removed
Exiting: 1 error: setting 'queue_size' has been removed

What's the correct syntax for adding multiple event logs? So far, I only managed to add one like this:

    event_logs => {
        'options' => {
            'name' => 'Application',
            'ignore_older' => '72h',
        }
    },

thx!

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 2019.8.4
• Ruby: 2.5.8
• Distribution: Puppet Enterprise
• Module version: 1.0.1

How to reproduce (e.g Puppet code you use)

Try to install winlogbeat on Windows Server Core 2016 using the following puppet code:

$url = http://redacted_url.net/winlogbeat-7.12.1-windows-x86_64.zip'
$graylog_url = redacted_hostname
  class { 'winlogbeat':
      download_url => $url,
      outputs      => {
        'logstash' => {
          'hosts'       => [$graylog_url],
        },
      },
      event_logs   => {
        'Security'    => {
        'event_id'     => $security_events,
        'ignore_older' => '48h',
        },
        'Application' => {
        'level'        => $application_events,
        'ignore_older' => '48h',
        },
        'System'      => {
        'event_id'     => $system_events,
        'ignore_older' => '48h',
        },
      },
    }

What are you seeing

Winlogbeat does not install on Server Core 2016. This installs without issue on Windows Server 2016.

What behaviour did you expect instead

Install and configure winlogbeat as normal

Output log

2021-07-2917:34 Z | warning | Skipping because of failed dependencies  Source:/Stage[main]/Winlogbeat::Service/Service[winlogbeat]File:/etc/puppetlabs/code/environments/production/manifests/winlogbeat/service.ppLine:3

2021-07-2917:34 Z | notice | Dependency Exec[install winlogbeat-7.12.1-windows-x86_64] has failures: true  Source:/Stage[main]/Winlogbeat::Config/File[winlogbeat.yml]File:/etc/puppetlabs/code/environments/production/manifests/winlogbeat/config.ppLine:34

2021-07-2917:34 Z | warning | Skipping because of failed dependencies  Source:/Stage[main]/Winlogbeat::Config/File[winlogbeat.yml]File:/etc/puppetlabs/code/environments/production/manifests/winlogbeat/config.ppLine:34

2021-07-2917:34 Z | info | Unscheduling all events on Class[Winlogbeat::Install]  Source:Class[Winlogbeat::Install]

2021-07-2917:34 Z | err | Working directory 'C:/Program Files/Winlogbeat' does not exist  Source:/Stage[main]/Winlogbeat::Install/Exec[install winlogbeat-7.12.1-windows-x86_64]File:/etc/puppetlabs/code/environments/production/manifests/winlogbeat/install.ppLine:73

2021-07-2917:34 Z | err | Failed to call refresh: Working directory 'C:/Program Files/Winlogbeat' does not exist

Any additional information you'd like to impart

I've tried quite a few different things to get this to work but it doesn't feel right as winlogbeat installs without issue on Windows Server 2016.

I've tried manually creating the directory to no avail.

If I'm doing something wrong any help will be much appreciated.