From 480db40ddf2212aca4f03725c6f8bad4c5ba660c Mon Sep 17 00:00:00 2001 From: Adrian Serrano Date: Fri, 19 Jan 2018 19:52:36 +0700 Subject: [PATCH] auditd: Skip trailing zeroes in kernel version (#6109) Remove trailing zeroes from kernel version to avoid polluting the logs. (cherry picked from commit 72de9eddd42a7c688693b54c587778653d5ffecd) --- auditbeat/module/auditd/audit_linux.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/auditbeat/module/auditd/audit_linux.go b/auditbeat/module/auditd/audit_linux.go index 7cec837160fa..00800a4a2b49 100644 --- a/auditbeat/module/auditd/audit_linux.go +++ b/auditbeat/module/auditd/audit_linux.go @@ -518,7 +518,7 @@ func createAuditdData(data map[string]string) common.MapStr { // stream type -// stream receives callbacks from the libaudit.Reassmbler for completed events +// stream receives callbacks from the libaudit.Reassembler for completed events // or lost events that are detected by gaps in sequence numbers. type stream struct { done <-chan struct{} @@ -561,15 +561,17 @@ func kernelVersion() (major, minor int, full string, err error) { return 0, 0, "", err } - data := make([]byte, len(uname.Release)) + length := len(uname.Release) + data := make([]byte, length) for i, v := range uname.Release { if v == 0 { + length = i break } data[i] = byte(v) } - release := string(data) + release := string(data[:length]) parts := strings.SplitN(release, ".", 3) if len(parts) < 2 { return 0, 0, release, errors.Errorf("failed to parse uname release '%v'", release)