Idea Filemeta beat


(Kåre Bering) #1

I was thinking about creating a new beat that can collect metadata information from files. Especially the MD5 checksum and security/acl information about who has access the the file, also creation date, last modify date, filename, size and extension.

I would then run the beat on fileservers, this would provide information about what is filling up our fileservers pdf, videos etc. And also who can access the files.

A useful case could be a user that opens an email and is tricked to click on a link containing malware, and the computer starts to encrypt network files that the user can access. It can be very tricky to find what files the user has access to, so looking at the index containing the filemeta data would give me the answer in seconds :slight_smile:

Finding file duplicates would also be easy with the MD5 checksum.

I am very new to go development and would like a little help start building a new beat.


(Steffen Siering) #2

Sounds interesting, especially for audits or giving users hints about cleaning up when their quota fills up.

Starting a beat of your own, you first need a go dev environment. It's kinda unusal, but check out: https://golang.org/doc/install. I'm using gvm to have multiple compiler versions, but it's kinda overkill most of the time.

For creating your own beat check the new beat tutorial.


(ruflin) #3

Hi @bering

I remember we had a discussion about this beat at Elastic{ON}Tour in Paris, correct?

For the building part: I think large parts can be copied from filebeat. The big advantage is that no state has to be stored so a lot of complexity is removed.

Let me know if I you have any questions.

Best,
Nicolas


(system) #4