diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index 905c67230e0..778430e2a30 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -92,6 +92,7 @@ https://github.com/elastic/beats/compare/v1.1.2...v1.2.0[View commits] *Topbeat* - Add the command line used to start processes {issue}533[533] +- Add username to processes {pull}845[845] - Fix issue with cpu.system_p being greater than 1 on Windows {pull}1128[1128] *Filebeat* diff --git a/topbeat/beat/sigar.go b/topbeat/beat/sigar.go index e58719b62dc..c87011c46a0 100644 --- a/topbeat/beat/sigar.go +++ b/topbeat/beat/sigar.go @@ -269,11 +269,12 @@ func GetProcess(pid int, cmdline string) (*Process, error) { } proc := Process{ - Pid: pid, - Ppid: state.Ppid, - Name: state.Name, - State: getProcState(byte(state.State)), - CmdLine: cmdline, + Pid: pid, + Ppid: state.Ppid, + Name: state.Name, + State: getProcState(byte(state.State)), + Username: state.Username, + CmdLine: cmdline, Mem: &ProcMemStat{ Size: mem.Size, Rss: mem.Resident, diff --git a/topbeat/beat/sigar_test.go b/topbeat/beat/sigar_test.go index e5c668efc8a..1d80b566af0 100644 --- a/topbeat/beat/sigar_test.go +++ b/topbeat/beat/sigar_test.go @@ -93,6 +93,7 @@ func TestGetProcess(t *testing.T) { assert.True(t, (process.Pid > 0)) assert.True(t, (process.Ppid >= 0)) assert.True(t, (len(process.Name) > 0)) + assert.True(t, (len(process.Username) > 0)) assert.NotEqual(t, "unknown", process.State) // Memory Checks diff --git a/topbeat/beat/topbeat.go b/topbeat/beat/topbeat.go index 04f6540da9a..b4ecd1bd8f0 100644 --- a/topbeat/beat/topbeat.go +++ b/topbeat/beat/topbeat.go @@ -213,12 +213,13 @@ func (t *Topbeat) exportProcStats() error { newProcs[process.Pid] = process proc := common.MapStr{ - "pid": process.Pid, - "ppid": process.Ppid, - "name": process.Name, - "state": process.State, - "mem": process.Mem, - "cpu": process.Cpu, + "pid": process.Pid, + "ppid": process.Ppid, + "name": process.Name, + "state": process.State, + "username": process.Username, + "mem": process.Mem, + "cpu": process.Cpu, } if process.CmdLine != "" { diff --git a/topbeat/tests/system/test_procs.py b/topbeat/tests/system/test_procs.py index 41efbd1f1a4..7ef1094b7f9 100644 --- a/topbeat/tests/system/test_procs.py +++ b/topbeat/tests/system/test_procs.py @@ -1,4 +1,6 @@ import re +import os +import getpass from topbeat import TestCase @@ -30,6 +32,7 @@ def test_procs(self): assert re.match("(?i).*topbeat.test(.exe)? -e -c", output["proc.cmdline"]) assert isinstance(output["proc.state"], basestring) assert isinstance(output["proc.cpu.start_time"], basestring) + self.check_username(output["proc.username"]) for key in [ "proc.pid", @@ -48,3 +51,14 @@ def test_procs(self): "proc.mem.rss_p", ]: assert type(output[key]) in [int, float] + + def check_username(self, observed, expected = None): + if expected == None: + expected = getpass.getuser() + + if os.name == 'nt': + parts = observed.split("\\", 2) + assert len(parts) == 2, "Expected proc.username to be of form DOMAIN\username, but was %s" % observed + observed = parts[1] + + assert expected == observed, "proc.username = %s, but expected %s" % (observed, expected)