Make It So! Exec Source Metadata Enhancements
This feature page was published on a previous version of the What's New with Cribl sandbox; therefore, the instructions are no longer valid.
Exec Sources now report the command as the Source field and include a host field. We also log every time the Source executes.
The Exec Source is the proud owner of a few neat updates. A new event field, host, lists the hostname of the event. The Source field now accurately identifies the Source of the event (the Exec command string). Lastly, to facilitate traceability, the Logs tab now contains a new log message which includes the command executed, its elapsed time, and its exit code.
Let's test it out!
Exec Source- On the right-hand side of the screen in the
Edgesection, clickManage - On the
Managepage, clickdefault_fleet - Once in the
Manage > default_fleetpage, click into theCollectsubtab
I'll assume this isn't your first time here. If it is, welcome! The Collect subtab is where we configure Cribl Edge to receive and send data. We're here to check out some minor changes to how the Exec Source works. To save some time and effort, we already configured one for you and from here we can just do a quick data capture to see the new shiny.
- On the left-hand side of the
Collectpage, hover over theExecSource labeledutive - Click the
📷 Captureicon to bring upLive Datafor our Source - Observe the new
hostfield - Observe the improved
Sourcefield
In previous iterations of Cribl software, the Source field of these events would simply be stdout since that's where Edge collects the information from. However, we have improved the Source to now include the Command that was Exec-ed. Neat! We also include a host field which indicates the host system on which the command was run.
Oh by the way (OBTW), we also include a Log every time the command is run! Check it out.
Click Logs at the top of the open Exec drawer
Here we can see a log for every time our command was executed. Nifty!