From 7677ba64e4882ec7258a1085bcba7414dbde1512 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Tue, 17 Sep 2024 17:05:42 -0400
Subject: [PATCH 01/38] Use journald for system/syslog module on Debian 12

This commit adds osVersion and osFamily to the builtin field used to
render the modules template. The system/syslog template is updated to
use journald for Debian 12.
---
 filebeat/fileset/fileset.go                   | 21 ++++++++++++++-----
 .../module/system/syslog/config/syslog.yml    | 18 ++++++++++++++++
 2 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/filebeat/fileset/fileset.go b/filebeat/fileset/fileset.go
index 7fc91135dcc..b21ae9a778a 100644
--- a/filebeat/fileset/fileset.go
+++ b/filebeat/fileset/fileset.go
@@ -32,6 +32,8 @@ import (
 	"strings"
 	"text/template"
 
+	"github.com/elastic/go-sysinfo"
+	"github.com/elastic/go-sysinfo/types"
 	"github.com/elastic/go-ucfg"
 
 	"gopkg.in/yaml.v2"
@@ -322,25 +324,34 @@ func getTemplateFunctions(vars map[string]interface{}) (template.FuncMap, error)
 // getBuiltinVars computes the supported built in variables and groups them
 // in a dictionary
 func (fs *Fileset) getBuiltinVars(info beat.Info) (map[string]interface{}, error) {
-	host, err := os.Hostname()
-	if err != nil || len(host) == 0 {
+	osHost, err := os.Hostname()
+	if err != nil || len(osHost) == 0 {
 		return nil, fmt.Errorf("Error getting the hostname: %w", err)
 	}
-	split := strings.SplitN(host, ".", 2)
+	split := strings.SplitN(osHost, ".", 2)
 	hostname := split[0]
 	domain := ""
 	if len(split) > 1 {
 		domain = split[1]
 	}
 
-	return map[string]interface{}{
+	hostInfo, err := sysinfo.Host()
+	if err != nil && !errors.Is(err, types.ErrNotImplemented) {
+		return nil, fmt.Errorf("cannot get host information: %w", err)
+	}
+
+	vars := map[string]interface{}{
 		"prefix":      info.IndexPrefix,
 		"hostname":    hostname,
 		"domain":      domain,
 		"module":      fs.mname,
 		"fileset":     fs.name,
 		"beatVersion": info.Version,
-	}, nil
+		"osVersion":   hostInfo.Info().OS.Version,
+		"osFamily":    hostInfo.Info().OS.Family,
+	}
+
+	return vars, nil
 }
 
 func (fs *Fileset) getInputConfig() (*conf.C, error) {
diff --git a/filebeat/module/system/syslog/config/syslog.yml b/filebeat/module/system/syslog/config/syslog.yml
index e7f238d8af8..8945cec3522 100644
--- a/filebeat/module/system/syslog/config/syslog.yml
+++ b/filebeat/module/system/syslog/config/syslog.yml
@@ -1,3 +1,11 @@
+{{ define "journald" }}
+type: journald
+tags:
+  - journald
+{{ end }}
+
+{{define "log-files" }}
+
 type: log
 paths:
 {{ range $i, $path := .paths }}
@@ -13,3 +21,13 @@ processors:
       target: ''
       fields:
         ecs.version: 1.12.0
+
+{{ end }}
+
+{{if eq .builtin.osFamily "debian" }}
+  {{if eq .builtin.osVersion "12 (bookworm)" }}
+     {{ template "journald" }}
+  {{end}}
+{{ else }}
+{{ template "log-files" }}
+{{end}}

From eb0a798110f94e672c80a5dc8e7849abd4afb391 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Thu, 19 Sep 2024 16:55:36 -0400
Subject: [PATCH 02/38] Add variables to force logs our journald

---
 filebeat/module/system/auth/manifest.yml      |  4 ++++
 .../module/system/syslog/config/syslog.yml    | 20 +++++++++++++----
 filebeat/module/system/syslog/manifest.yml    |  4 ++++
 filebeat/modules.d/system.yml.disabled        | 22 +++++++++++++++++++
 4 files changed, 46 insertions(+), 4 deletions(-)

diff --git a/filebeat/module/system/auth/manifest.yml b/filebeat/module/system/auth/manifest.yml
index bf1a3623cf1..ee4fb78f628 100644
--- a/filebeat/module/system/auth/manifest.yml
+++ b/filebeat/module/system/auth/manifest.yml
@@ -12,6 +12,10 @@ var:
     os.windows: []
   - name: tags
     default: []
+  - name: use_journald
+    default: false
+  - name: use_logs
+    default: false
 
 ingest_pipeline: ingest/pipeline.yml
 input: config/auth.yml
diff --git a/filebeat/module/system/syslog/config/syslog.yml b/filebeat/module/system/syslog/config/syslog.yml
index 8945cec3522..9ebe49998ae 100644
--- a/filebeat/module/system/syslog/config/syslog.yml
+++ b/filebeat/module/system/syslog/config/syslog.yml
@@ -24,10 +24,22 @@ processors:
 
 {{ end }}
 
+{{ $journaldDetected := false }}
+
 {{if eq .builtin.osFamily "debian" }}
   {{if eq .builtin.osVersion "12 (bookworm)" }}
-     {{ template "journald" }}
-  {{end}}
+    {{ $journaldDetected = true }}
+  {{  end  }}
+{{  end  }}
+
+{{ if .use_journald }}
+  {{ template "journald" . }}
+{{ else if .use_logs }}
+  {{ template "log-files" . }}
 {{ else }}
-{{ template "log-files" }}
-{{end}}
+  {{ if $journaldDetected }}
+    {{ template "journald" . }}
+  {{ else }}
+    {{ template "log-files" . }}
+  {{ end }}
+{{ end }}
diff --git a/filebeat/module/system/syslog/manifest.yml b/filebeat/module/system/syslog/manifest.yml
index 39a34e56ca3..6268b005c58 100644
--- a/filebeat/module/system/syslog/manifest.yml
+++ b/filebeat/module/system/syslog/manifest.yml
@@ -8,6 +8,10 @@ var:
     os.darwin:
       - /var/log/system.log*
     os.windows: []
+  - name: use_journald
+    default: false
+  - name: use_logs
+    default: false
 
 ingest_pipeline: ingest/pipeline.yml
 input: config/syslog.yml
diff --git a/filebeat/modules.d/system.yml.disabled b/filebeat/modules.d/system.yml.disabled
index 1302c6374da..110fee24b03 100644
--- a/filebeat/modules.d/system.yml.disabled
+++ b/filebeat/modules.d/system.yml.disabled
@@ -10,6 +10,17 @@
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 
+    # Force using journald to collect system logs
+    #var.use_journald: true|false
+
+    # Force using log files to collect system logs
+    #var.use_logs: true|false
+
+    # If use_journald and use_logs are false, then
+    # Filebeat will autodetect whether use journald
+    # to collect system logs. If both are true,
+    # then journald is used.
+
   # Authorization logs
   auth:
     enabled: false
@@ -17,3 +28,14 @@
     # Set custom paths for the log files. If left empty,
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
+
+    # Force using journald to collect system logs
+    #var.use_journald: true|false
+
+    # Force using log files to collect system logs
+    # var.use_logs: true|false
+
+    # If use_journald and use_logs are false, then
+    # Filebeat will autodetect whether use journald
+    # to collect authorization logs. If both are true,
+    # then journald is used.

From 51652010c2bb924b1d53ff790ab09eef77581d04 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Fri, 20 Sep 2024 11:42:52 -0400
Subject: [PATCH 03/38] Update docs

---
 filebeat/docs/include/use-journald.asciidoc   | 15 +++++++++++++
 filebeat/docs/modules/system.asciidoc         |  4 ++++
 filebeat/filebeat.reference.yml               | 22 +++++++++++++++++++
 .../module/system/_meta/config.reference.yml  | 22 +++++++++++++++++++
 filebeat/module/system/_meta/config.yml       | 22 +++++++++++++++++++
 filebeat/module/system/_meta/docs.asciidoc    |  4 ++++
 filebeat/modules.d/system.yml.disabled        |  4 ++--
 7 files changed, 91 insertions(+), 2 deletions(-)
 create mode 100644 filebeat/docs/include/use-journald.asciidoc

diff --git a/filebeat/docs/include/use-journald.asciidoc b/filebeat/docs/include/use-journald.asciidoc
new file mode 100644
index 00000000000..0c84bc67ce5
--- /dev/null
+++ b/filebeat/docs/include/use-journald.asciidoc
@@ -0,0 +1,15 @@
+*`var.use_journald`*::
+
+A boolean that when set to `true` will read logs from Journald. When
+Journald is used all events contain the tag `journald`
+
+*`var.use_logs`*::
+
+A boolean that when set to `true` will read logs from the log files
+defined by `vars.paths`.
+
+If neither `var.use_journald` nor `var.use_logs` are set (or both are
+`false`) {beatname_uc} will auto-detect the source for the logs.
+
+If both `var.use_journald` and `var.use_logs` are set to `true` then
+Journald will be used.
diff --git a/filebeat/docs/modules/system.asciidoc b/filebeat/docs/modules/system.asciidoc
index 1866f2d5c25..fcdf8f2a993 100644
--- a/filebeat/docs/modules/system.asciidoc
+++ b/filebeat/docs/modules/system.asciidoc
@@ -65,11 +65,15 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+include::../include/use-journald.asciidoc[]
+
 [float]
 ==== `auth` fileset settings
 
 include::../include/var-paths.asciidoc[]
 
+include::../include/use-journald.asciidoc[]
+
 *`var.tags`*::
 
 A list of tags to include in events. Including `forwarded` indicates that the
diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml
index 14e9f276fb4..c4df2ce7c31 100644
--- a/filebeat/filebeat.reference.yml
+++ b/filebeat/filebeat.reference.yml
@@ -21,6 +21,17 @@ filebeat.modules:
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 
+    # Force using journald to collect system logs
+    #var.use_journald: true|false
+
+    # Force using log files to collect system logs
+    #var.use_logs: true|false
+
+    # If use_journald and use_logs are false, then
+    # Filebeat will autodetect whether use journald
+    # to collect system logs. If both are true,
+    # then journald is used.
+
     # Input configuration (advanced). Any input configuration option
     # can be added under this section.
     #input:
@@ -33,6 +44,17 @@ filebeat.modules:
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 
+    # Force using journald to collect system logs
+    #var.use_journald: true|false
+
+    # Force using log files to collect system logs
+    #var.use_logs: true|false
+
+    # If use_journald and use_logs are false, then
+    # Filebeat will autodetect whether use journald
+    # to collect system logs. If both are true,
+    # then journald is used.
+
     # Input configuration (advanced). Any input configuration option
     # can be added under this section.
     #input:
diff --git a/filebeat/module/system/_meta/config.reference.yml b/filebeat/module/system/_meta/config.reference.yml
index 3c7a0b43d49..5c82be06848 100644
--- a/filebeat/module/system/_meta/config.reference.yml
+++ b/filebeat/module/system/_meta/config.reference.yml
@@ -7,6 +7,17 @@
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 
+    # Force using journald to collect system logs
+    #var.use_journald: true|false
+
+    # Force using log files to collect system logs
+    #var.use_logs: true|false
+
+    # If use_journald and use_logs are false, then
+    # Filebeat will autodetect whether use journald
+    # to collect system logs. If both are true,
+    # then journald is used.
+
     # Input configuration (advanced). Any input configuration option
     # can be added under this section.
     #input:
@@ -19,6 +30,17 @@
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 
+    # Force using journald to collect system logs
+    #var.use_journald: true|false
+
+    # Force using log files to collect system logs
+    #var.use_logs: true|false
+
+    # If use_journald and use_logs are false, then
+    # Filebeat will autodetect whether use journald
+    # to collect system logs. If both are true,
+    # then journald is used.
+
     # Input configuration (advanced). Any input configuration option
     # can be added under this section.
     #input:
diff --git a/filebeat/module/system/_meta/config.yml b/filebeat/module/system/_meta/config.yml
index c1fe882374d..7dbbbf3e7e4 100644
--- a/filebeat/module/system/_meta/config.yml
+++ b/filebeat/module/system/_meta/config.yml
@@ -7,6 +7,17 @@
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 
+    # Force using journald to collect system logs
+    #var.use_journald: true|false
+
+    # Force using log files to collect system logs
+    #var.use_logs: true|false
+
+    # If use_journald and use_logs are false, then
+    # Filebeat will autodetect whether use journald
+    # to collect system logs. If both are true,
+    # then journald is used.
+
   # Authorization logs
   auth:
     enabled: false
@@ -14,3 +25,14 @@
     # Set custom paths for the log files. If left empty,
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
+
+    # Force using journald to collect system logs
+    #var.use_journald: true|false
+
+    # Force using log files to collect system logs
+    #var.use_logs: true|false
+
+    # If use_journald and use_logs are false, then
+    # Filebeat will autodetect whether use journald
+    # to collect system logs. If both are true,
+    # then journald is used.
diff --git a/filebeat/module/system/_meta/docs.asciidoc b/filebeat/module/system/_meta/docs.asciidoc
index 6d9209eafe2..72c16e8c0af 100644
--- a/filebeat/module/system/_meta/docs.asciidoc
+++ b/filebeat/module/system/_meta/docs.asciidoc
@@ -58,11 +58,15 @@ include::../include/config-option-intro.asciidoc[]
 
 include::../include/var-paths.asciidoc[]
 
+include::../include/use-journald.asciidoc[]
+
 [float]
 ==== `auth` fileset settings
 
 include::../include/var-paths.asciidoc[]
 
+include::../include/use-journald.asciidoc[]
+
 *`var.tags`*::
 
 A list of tags to include in events. Including `forwarded` indicates that the
diff --git a/filebeat/modules.d/system.yml.disabled b/filebeat/modules.d/system.yml.disabled
index 110fee24b03..52652448907 100644
--- a/filebeat/modules.d/system.yml.disabled
+++ b/filebeat/modules.d/system.yml.disabled
@@ -33,9 +33,9 @@
     #var.use_journald: true|false
 
     # Force using log files to collect system logs
-    # var.use_logs: true|false
+    #var.use_logs: true|false
 
     # If use_journald and use_logs are false, then
     # Filebeat will autodetect whether use journald
-    # to collect authorization logs. If both are true,
+    # to collect system logs. If both are true,
     # then journald is used.

From ba0b7135add0b0369123a638047a71d1e5cef548 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Fri, 20 Sep 2024 16:16:51 -0400
Subject: [PATCH 04/38] [journald] enable facility filtering

---
 filebeat/input/journald/config.go                | 3 +++
 filebeat/input/journald/input.go                 | 4 ++++
 filebeat/input/journald/pkg/journalctl/reader.go | 5 +++++
 3 files changed, 12 insertions(+)

diff --git a/filebeat/input/journald/config.go b/filebeat/input/journald/config.go
index bdcd980e484..d354baaacf5 100644
--- a/filebeat/input/journald/config.go
+++ b/filebeat/input/journald/config.go
@@ -63,6 +63,9 @@ type config struct {
 	// SaveRemoteHostname defines if the original source of the entry needs to be saved.
 	SaveRemoteHostname bool `config:"save_remote_hostname"`
 
+	// Facility is a list of facilities to filter journal messages
+	Facilities []int `config:"facilities"`
+
 	// Parsers configuration
 	Parsers parser.Config `config:",inline"`
 }
diff --git a/filebeat/input/journald/input.go b/filebeat/input/journald/input.go
index 9ce61042791..7bdfcc9816f 100644
--- a/filebeat/input/journald/input.go
+++ b/filebeat/input/journald/input.go
@@ -50,6 +50,7 @@ type journald struct {
 	Units              []string
 	Transports         []string
 	Identifiers        []string
+	Facilities         []int
 	SaveRemoteHostname bool
 	Parsers            parser.Config
 	Journalctl         bool
@@ -113,6 +114,7 @@ func configure(cfg *conf.C) ([]cursor.Source, cursor.Input, error) {
 		Units:              config.Units,
 		Transports:         config.Transports,
 		Identifiers:        config.Identifiers,
+		Facilities:         config.Facilities,
 		SaveRemoteHostname: config.SaveRemoteHostname,
 		Parsers:            config.Parsers,
 	}, nil
@@ -128,6 +130,7 @@ func (inp *journald) Test(src cursor.Source, ctx input.TestContext) error {
 		inp.Identifiers,
 		inp.Transports,
 		inp.Matches,
+		inp.Facilities,
 		journalctl.SeekHead,
 		"",
 		inp.Since,
@@ -158,6 +161,7 @@ func (inp *journald) Run(
 		inp.Identifiers,
 		inp.Transports,
 		inp.Matches,
+		inp.Facilities,
 		mode,
 		pos,
 		inp.Since,
diff --git a/filebeat/input/journald/pkg/journalctl/reader.go b/filebeat/input/journald/pkg/journalctl/reader.go
index 25b90d9a490..b530e942b23 100644
--- a/filebeat/input/journald/pkg/journalctl/reader.go
+++ b/filebeat/input/journald/pkg/journalctl/reader.go
@@ -137,6 +137,7 @@ func New(
 	syslogIdentifiers []string,
 	transports []string,
 	matchers journalfield.IncludeMatches,
+	facilities []int,
 	mode SeekMode,
 	cursor string,
 	since time.Duration,
@@ -166,6 +167,10 @@ func New(
 		args = append(args, fmt.Sprintf("_TRANSPORT=%s", m))
 	}
 
+	for _, facility := range facilities {
+		args = append(args, "--facility", fmt.Sprintf("%d", facility))
+	}
+
 	otherArgs := handleSeekAndCursor(mode, since, cursor)
 
 	jctl, err := newJctl(canceler, logger.Named("journalctl-runner"), "journalctl", append(args, otherArgs...)...)

From 15032343eec2a56a269822d73d07bd6c715475cd Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Fri, 20 Sep 2024 16:18:14 -0400
Subject: [PATCH 05/38] Add facility filtering to system module + journald

---
 filebeat/module/system/auth/config/auth.yml   | 35 +++++++++++++++++++
 .../module/system/syslog/config/syslog.yml    | 11 ++++++
 2 files changed, 46 insertions(+)

diff --git a/filebeat/module/system/auth/config/auth.yml b/filebeat/module/system/auth/config/auth.yml
index 466b55078af..d366f0db0ad 100644
--- a/filebeat/module/system/auth/config/auth.yml
+++ b/filebeat/module/system/auth/config/auth.yml
@@ -1,3 +1,16 @@
+{{ define "journald" }}
+type: journald
+id: system-auth
+facilities:
+  - 4
+  - 10
+tags:
+  - journald
+  - auth
+{{ end }}
+
+{{define "log-files" }}
+
 type: log
 paths:
 {{ range $i, $path := .paths }}
@@ -15,3 +28,25 @@ processors:
 tags: {{ .tags | tojson }}
 
 publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}
+
+{{ end }}
+
+{{ $journaldDetected := false }}
+
+{{if eq .builtin.osFamily "debian" }}
+  {{if eq .builtin.osVersion "12 (bookworm)" }}
+    {{ $journaldDetected = true }}
+  {{  end  }}
+{{  end  }}
+
+{{ if .use_journald }}
+  {{ template "journald" . }}
+{{ else if .use_logs }}
+  {{ template "log-files" . }}
+{{ else }}
+  {{ if $journaldDetected }}
+    {{ template "journald" . }}
+  {{ else }}
+    {{ template "log-files" . }}
+  {{ end }}
+{{ end }}
diff --git a/filebeat/module/system/syslog/config/syslog.yml b/filebeat/module/system/syslog/config/syslog.yml
index 9ebe49998ae..f7e3e9c66db 100644
--- a/filebeat/module/system/syslog/config/syslog.yml
+++ b/filebeat/module/system/syslog/config/syslog.yml
@@ -1,7 +1,18 @@
 {{ define "journald" }}
 type: journald
+id: system-syslog
+facilities:
+  - 1
+  - 2
+  - 3
+  - 5
+  - 6
+  - 7
+  - 8
+  - 9
 tags:
   - journald
+  - syslog
 {{ end }}
 
 {{define "log-files" }}

From 930027219bf2bf526b06c4ec755c723cdf61079a Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Mon, 30 Sep 2024 16:47:22 -0400
Subject: [PATCH 06/38] Different pipelines for journald and files

---
 .../system/syslog/ingest/entrypoint.yml       | 20 +++++++++++++++++++
 .../syslog/ingest/{pipeline.yml => files.yml} |  0
 .../module/system/syslog/ingest/journald.yml  |  5 +++++
 filebeat/module/system/syslog/manifest.yml    |  6 +++++-
 4 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 filebeat/module/system/syslog/ingest/entrypoint.yml
 rename filebeat/module/system/syslog/ingest/{pipeline.yml => files.yml} (100%)
 create mode 100644 filebeat/module/system/syslog/ingest/journald.yml

diff --git a/filebeat/module/system/syslog/ingest/entrypoint.yml b/filebeat/module/system/syslog/ingest/entrypoint.yml
new file mode 100644
index 00000000000..39f41138209
--- /dev/null
+++ b/filebeat/module/system/syslog/ingest/entrypoint.yml
@@ -0,0 +1,20 @@
+description: Entrypoint Pipeline for syslog Filebeat module
+processors:
+  - script:
+      source: |
+              Collection tags = ctx?.tags;
+              if(tags != null){
+                for (String tag : tags) {
+                  if (tag.toLowerCase().equals('journald')) {
+                    ctx['syslog_pipeline'] = '{< IngestPipeline "journald" >}';
+                    return
+                  }
+                }
+              }
+              ctx['syslog_pipeline'] = '{< IngestPipeline "files" >}';
+              return;
+  - pipeline:
+      name: "{{ syslog_pipeline }}"
+  - remove:
+      ignore_failure: true
+      field: "syslog_pipeline"
diff --git a/filebeat/module/system/syslog/ingest/pipeline.yml b/filebeat/module/system/syslog/ingest/files.yml
similarity index 100%
rename from filebeat/module/system/syslog/ingest/pipeline.yml
rename to filebeat/module/system/syslog/ingest/files.yml
diff --git a/filebeat/module/system/syslog/ingest/journald.yml b/filebeat/module/system/syslog/ingest/journald.yml
new file mode 100644
index 00000000000..607459e5a16
--- /dev/null
+++ b/filebeat/module/system/syslog/ingest/journald.yml
@@ -0,0 +1,5 @@
+description: Journald Pipeline for syslog Filebeat module
+processors:
+- set:
+    field: aaa
+    value: 'journald.yml'
diff --git a/filebeat/module/system/syslog/manifest.yml b/filebeat/module/system/syslog/manifest.yml
index 6268b005c58..d325a51e509 100644
--- a/filebeat/module/system/syslog/manifest.yml
+++ b/filebeat/module/system/syslog/manifest.yml
@@ -13,5 +13,9 @@ var:
   - name: use_logs
     default: false
 
-ingest_pipeline: ingest/pipeline.yml
+ingest_pipeline:
+  - ingest/entrypoint.yml
+  - ingest/files.yml
+  - ingest/journald.yml
+
 input: config/syslog.yml

From 198c632d700f368acac58c71f12ea45ffc4a58da Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Tue, 1 Oct 2024 07:53:28 -0400
Subject: [PATCH 07/38] Implement journald ingest pipeline

---
 .../module/system/syslog/ingest/journald.yml     | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/filebeat/module/system/syslog/ingest/journald.yml b/filebeat/module/system/syslog/ingest/journald.yml
index 607459e5a16..b1ba0721c0d 100644
--- a/filebeat/module/system/syslog/ingest/journald.yml
+++ b/filebeat/module/system/syslog/ingest/journald.yml
@@ -1,5 +1,17 @@
 description: Journald Pipeline for syslog Filebeat module
 processors:
 - set:
-    field: aaa
-    value: 'journald.yml'
+    field: "process.pid"
+    value: '{{ journald.pid }}'
+- set:
+    field: event.kind
+    value: event
+- append:
+    field: related.hosts
+    value: "{{host.hostname}}"
+    if: "ctx.host?.hostname != null && ctx.host?.hostname != ''"
+    allow_duplicates: false
+on_failure:
+- set:
+    field: error.message
+    value: '{{ _ingest.on_failure_message }}'

From 15e56bfcd40ee725ca5aa1f50481029c23bcd545 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Tue, 1 Oct 2024 12:00:57 -0400
Subject: [PATCH 08/38] Implement Journald system/auth ingest pipeline

---
 filebeat/module/system/auth/config/auth.yml   |   2 +
 .../module/system/auth/ingest/entrypoint.yml  |  20 ++
 .../auth/ingest/{pipeline.yml => files.yml}   |   0
 .../module/system/auth/ingest/journald.yml    | 198 ++++++++++++++++++
 filebeat/module/system/auth/manifest.yml      |   5 +-
 .../system/syslog/ingest/entrypoint.yml       |   2 +-
 .../module/system/syslog/ingest/journald.yml  |   2 +-
 7 files changed, 226 insertions(+), 3 deletions(-)
 create mode 100644 filebeat/module/system/auth/ingest/entrypoint.yml
 rename filebeat/module/system/auth/ingest/{pipeline.yml => files.yml} (100%)
 create mode 100644 filebeat/module/system/auth/ingest/journald.yml

diff --git a/filebeat/module/system/auth/config/auth.yml b/filebeat/module/system/auth/config/auth.yml
index d366f0db0ad..1d9eb5cf38e 100644
--- a/filebeat/module/system/auth/config/auth.yml
+++ b/filebeat/module/system/auth/config/auth.yml
@@ -4,6 +4,8 @@ id: system-auth
 facilities:
   - 4
   - 10
+processors:
+  - add_locale: ~
 tags:
   - journald
   - auth
diff --git a/filebeat/module/system/auth/ingest/entrypoint.yml b/filebeat/module/system/auth/ingest/entrypoint.yml
new file mode 100644
index 00000000000..13cf80e6024
--- /dev/null
+++ b/filebeat/module/system/auth/ingest/entrypoint.yml
@@ -0,0 +1,20 @@
+description: Entrypoint Pipeline for system/auth Filebeat module
+processors:
+  - script:
+      source: |
+              Collection tags = ctx?.tags;
+              if(tags != null){
+                for (String tag : tags) {
+                  if (tag.toLowerCase().equals('journald')) {
+                    ctx['auth_pipeline'] = '{< IngestPipeline "journald" >}';
+                    return
+                  }
+                }
+              }
+              ctx['auth_pipeline'] = '{< IngestPipeline "files" >}';
+              return;
+  - pipeline:
+      name: "{{ auth_pipeline }}"
+  - remove:
+      ignore_failure: true
+      field: "auth_pipeline"
diff --git a/filebeat/module/system/auth/ingest/pipeline.yml b/filebeat/module/system/auth/ingest/files.yml
similarity index 100%
rename from filebeat/module/system/auth/ingest/pipeline.yml
rename to filebeat/module/system/auth/ingest/files.yml
diff --git a/filebeat/module/system/auth/ingest/journald.yml b/filebeat/module/system/auth/ingest/journald.yml
new file mode 100644
index 00000000000..3e8421d76e5
--- /dev/null
+++ b/filebeat/module/system/auth/ingest/journald.yml
@@ -0,0 +1,198 @@
+description: Journald Pipeline for system/auth Filebeat module
+processors:
+  - set:
+      field: AAA
+      value: "journald"
+  - set:
+      field: aaaBBB
+      value: "journald"
+  - rename:
+      field: "journald.process.name"
+      target_field: process.name
+  - grok:
+      description: Grok specific auth messages.
+      tag: grok-specific-messages
+      field: message
+      ignore_missing: true
+      patterns:
+        - '^%{DATA:system.auth.ssh.event} %{DATA:system.auth.ssh.method} for (invalid user)?%{DATA:user.name} from %{IPORHOST:source.address} port %{NUMBER:source.port:long} ssh2(: %{GREEDYDATA:system.auth.ssh.signature})?'
+        - '^%{DATA:system.auth.ssh.event} user %{DATA:user.name} from %{IPORHOST:source.address}'
+        - '^Did not receive identification string from %{IPORHOST:system.auth.ssh.dropped_ip}'
+        - '^%{DATA:user.name} :( %{DATA:system.auth.sudo.error} ;)? TTY=%{DATA:system.auth.sudo.tty} ; PWD=%{DATA:system.auth.sudo.pwd} ; USER=%{DATA:system.auth.sudo.user} ; COMMAND=%{GREEDYDATA:system.auth.sudo.command}'
+        - '^new group: name=%{DATA:group.name}, GID=%{NUMBER:group.id}'
+        - '^new user: name=%{DATA:user.name}, UID=%{NUMBER:user.id}, GID=%{NUMBER:group.id}, home=%{DATA:system.auth.useradd.home}, shell=%{DATA:system.auth.useradd.shell}$'
+      ignore_failure: true
+  - grok:
+      description: Grok usernames from PAM messages.
+      tag: grok-pam-users
+      field: message
+      ignore_missing: true
+      ignore_failure: true
+      patterns:
+        - 'for user %{QUOTE}?%{DATA:_temp.foruser}%{QUOTE}? by %{QUOTE}?%{DATA:_temp.byuser}%{QUOTE}?(?:\(uid=%{NUMBER:_temp.byuid}\))?$'
+        - 'for user %{QUOTE}?%{DATA:_temp.foruser}%{QUOTE}?$'
+        - 'by user %{QUOTE}?%{DATA:_temp.byuser}%{QUOTE}?$'
+        - '%{BOUNDARY} user %{QUOTE}%{DATA:_temp.user}%{QUOTE}'
+      pattern_definitions:
+        QUOTE: "['\"]"
+        BOUNDARY: "(?<! )"
+      if: ctx.message != null && ctx.message != ""
+  - rename:
+      field: _temp.byuser
+      target_field: user.name
+      ignore_missing: true
+      ignore_failure: true
+  - rename:
+      field: _temp.byuid
+      target_field: user.id
+      ignore_missing: true
+      ignore_failure: true
+  - rename:
+      field: _temp.foruser
+      target_field: user.name
+      ignore_missing: true
+      ignore_failure: true
+      if: ctx.user?.name == null || ctx.user?.name == ""
+  - rename:
+      field: _temp.user
+      target_field: user.name
+      ignore_missing: true
+      ignore_failure: true
+      if: ctx.user?.name == null || ctx.user?.name == ""
+  - rename:
+      field: _temp.foruser
+      target_field: user.effective.name
+      ignore_missing: true
+      ignore_failure: true
+      if: ctx.user?.name != null
+  - remove:
+      field: _temp
+      ignore_missing: true
+  - convert:
+      field: source.address
+      target_field: source.ip
+      type: ip
+      ignore_missing: true
+      on_failure:
+        - set:
+            field: source.domain
+            copy_from: source.address
+            ignore_failure: true
+  - convert:
+      field: system.auth.sudo.user
+      target_field: user.effective.name
+      type: string
+      ignore_failure: true
+      if: ctx.system?.auth?.sudo?.user != null
+  - convert:
+      field: system.auth.ssh.dropped_ip
+      target_field: source.ip
+      type: ip
+      ignore_missing: true
+      on_failure:
+        - remove:
+            field: system.auth.ssh.dropped_ip
+  - geoip:
+      field: source.ip
+      target_field: source.geo
+      ignore_missing: true
+  - geoip:
+      database_file: GeoLite2-ASN.mmdb
+      field: source.ip
+      target_field: source.as
+      properties:
+        - asn
+        - organization_name
+      ignore_missing: true
+  - rename:
+      field: source.as.asn
+      target_field: source.as.number
+      ignore_missing: true
+  - rename:
+      field: source.as.organization_name
+      target_field: source.as.organization.name
+      ignore_missing: true
+  - set:
+      field: event.kind
+      value: event
+  - script:
+      description: Add event.category/action/output to SSH events.
+      tag: script-categorize-ssh-event
+      if: ctx.system?.auth?.ssh?.event != null
+      lang: painless
+      source: >-
+        if (ctx.system.auth.ssh.event == "Accepted") {
+          ctx.event.type = ["info"];
+          ctx.event.category = ["authentication", "session"];
+          ctx.event.action = "ssh_login";
+          ctx.event.outcome = "success";
+        } else if (ctx.system.auth.ssh.event == "Invalid" || ctx.system.auth.ssh.event == "Failed") {
+          ctx.event.type = ["info"];
+          ctx.event.category = ["authentication"];
+          ctx.event.action = "ssh_login";
+          ctx.event.outcome = "failure";
+        }
+  - append:
+      field: event.category
+      value: iam
+      if: ctx.process?.name != null && ['groupadd', 'groupdel', 'groupmod', 'useradd', 'userdel', 'usermod'].contains(ctx.process.name)
+  - set:
+      field: event.outcome
+      value: success
+      if: ctx.process?.name != null && (ctx.message == null || !ctx.message.contains("fail")) && ['groupadd', 'groupdel', 'groupmod', 'useradd', 'userdel', 'usermod'].contains(ctx.process.name)
+  - set:
+      field: event.outcome
+      value: failure
+      if: ctx.process?.name != null && (ctx.message != null && ctx.message.contains("fail")) && ['groupadd', 'groupdel', 'groupmod', 'useradd', 'userdel', 'usermod'].contains(ctx.process.name)
+  - append:
+      field: event.type
+      value: user
+      if: ctx.process?.name != null && ['useradd', 'userdel', 'usermod'].contains(ctx.process.name)
+  - append:
+      field: event.type
+      value: group
+      if: ctx.process?.name != null && ['groupadd', 'groupdel', 'groupmod'].contains(ctx.process.name)
+  - append:
+      field: event.type
+      value: creation
+      if: ctx.process?.name != null && ['useradd', 'groupadd'].contains(ctx.process.name)
+  - append:
+      field: event.type
+      value: deletion
+      if: ctx.process?.name != null && ['userdel', 'groupdel'].contains(ctx.process.name)
+  - append:
+      field: event.type
+      value: change
+      if: ctx.process?.name != null && ['usermod', 'groupmod'].contains(ctx.process.name)
+  - append:
+      field: related.user
+      value: "{{{ user.name }}}"
+      allow_duplicates: false
+      if: ctx.user?.name != null && ctx.user?.name != ''
+  - append:
+      field: related.user
+      value: "{{{ user.effective.name }}}"
+      allow_duplicates: false
+      if: ctx.user?.effective?.name != null && ctx.user?.effective?.name != ''
+  - append:
+      field: related.ip
+      value: "{{{ source.ip }}}"
+      allow_duplicates: false
+      if: ctx.source?.ip != null && ctx.source?.ip != ''
+  - append:
+      field: related.hosts
+      value: "{{{ host.hostname }}}"
+      allow_duplicates: false
+      if: ctx.host?.hostname != null && ctx.host?.hostname != ''
+  - set:
+      field: ecs.version
+      value: 8.0.0
+  - remove:
+      field: event.original
+      if: "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))"
+      ignore_failure: true
+      ignore_missing: true
+on_failure:
+  - set:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'
diff --git a/filebeat/module/system/auth/manifest.yml b/filebeat/module/system/auth/manifest.yml
index ee4fb78f628..86c4f89056c 100644
--- a/filebeat/module/system/auth/manifest.yml
+++ b/filebeat/module/system/auth/manifest.yml
@@ -17,5 +17,8 @@ var:
   - name: use_logs
     default: false
 
-ingest_pipeline: ingest/pipeline.yml
+ingest_pipeline:
+  - ingest/entrypoint.yml
+  - ingest/files.yml
+  - ingest/journald.yml
 input: config/auth.yml
diff --git a/filebeat/module/system/syslog/ingest/entrypoint.yml b/filebeat/module/system/syslog/ingest/entrypoint.yml
index 39f41138209..d000cacdfea 100644
--- a/filebeat/module/system/syslog/ingest/entrypoint.yml
+++ b/filebeat/module/system/syslog/ingest/entrypoint.yml
@@ -1,4 +1,4 @@
-description: Entrypoint Pipeline for syslog Filebeat module
+description: Entrypoint Pipeline for system/syslog Filebeat module
 processors:
   - script:
       source: |
diff --git a/filebeat/module/system/syslog/ingest/journald.yml b/filebeat/module/system/syslog/ingest/journald.yml
index b1ba0721c0d..ecbda96bfae 100644
--- a/filebeat/module/system/syslog/ingest/journald.yml
+++ b/filebeat/module/system/syslog/ingest/journald.yml
@@ -1,4 +1,4 @@
-description: Journald Pipeline for syslog Filebeat module
+description: Journald Pipeline for system/syslog Filebeat module
 processors:
 - set:
     field: "process.pid"

From f1d10d6c5c0313b5c98f930650654db7b433de26 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Tue, 1 Oct 2024 12:15:05 -0400
Subject: [PATCH 09/38] Add paths config for system module with journald input

---
 filebeat/module/system/auth/config/auth.yml     | 5 +++++
 filebeat/module/system/syslog/config/syslog.yml | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/filebeat/module/system/auth/config/auth.yml b/filebeat/module/system/auth/config/auth.yml
index 1d9eb5cf38e..4f9a5cbb3c7 100644
--- a/filebeat/module/system/auth/config/auth.yml
+++ b/filebeat/module/system/auth/config/auth.yml
@@ -1,6 +1,11 @@
 {{ define "journald" }}
 type: journald
 id: system-auth
+paths:
+{{ range $i, $path := .paths }}
+ - {{$path}}
+{{ end }}
+
 facilities:
   - 4
   - 10
diff --git a/filebeat/module/system/syslog/config/syslog.yml b/filebeat/module/system/syslog/config/syslog.yml
index f7e3e9c66db..ce0f8f9780f 100644
--- a/filebeat/module/system/syslog/config/syslog.yml
+++ b/filebeat/module/system/syslog/config/syslog.yml
@@ -1,6 +1,12 @@
 {{ define "journald" }}
 type: journald
 id: system-syslog
+
+paths:
+{{ range $i, $path := .paths }}
+ - {{$path}}
+{{ end }}
+
 facilities:
   - 1
   - 2

From 8e013bc9a2e1684b83f688f2322540cf0ec03630 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Tue, 1 Oct 2024 15:51:43 -0400
Subject: [PATCH 10/38] Add tests for system.auth and fix ingest pipelines

---
 .../module/system/auth/ingest/journald.yml    |  15 +-
 .../module/system/auth/test/debian-12.journal | Bin 0 -> 8388608 bytes
 .../auth/test/debian-12.journal-expected.json | 367 ++++++++++++++++++
 .../module/system/syslog/ingest/journald.yml  |   7 +
 filebeat/tests/system/test_modules.py         |  26 +-
 libbeat/tests/system/beat/beat.py             |   2 +-
 6 files changed, 405 insertions(+), 12 deletions(-)
 create mode 100644 filebeat/module/system/auth/test/debian-12.journal
 create mode 100644 filebeat/module/system/auth/test/debian-12.journal-expected.json

diff --git a/filebeat/module/system/auth/ingest/journald.yml b/filebeat/module/system/auth/ingest/journald.yml
index 3e8421d76e5..de33e88d43e 100644
--- a/filebeat/module/system/auth/ingest/journald.yml
+++ b/filebeat/module/system/auth/ingest/journald.yml
@@ -1,11 +1,8 @@
 description: Journald Pipeline for system/auth Filebeat module
 processors:
   - set:
-      field: AAA
-      value: "journald"
-  - set:
-      field: aaaBBB
-      value: "journald"
+      field: event.ingested
+      copy_from: _ingest.timestamp
   - rename:
       field: "journald.process.name"
       target_field: process.name
@@ -192,6 +189,14 @@ processors:
       if: "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))"
       ignore_failure: true
       ignore_missing: true
+  - remove:
+      description: Remove the extra fields added by the Journald input
+      field:
+        - journald
+        - process.thread
+        - syslog
+        - systemd
+
 on_failure:
   - set:
       field: error.message
diff --git a/filebeat/module/system/auth/test/debian-12.journal b/filebeat/module/system/auth/test/debian-12.journal
new file mode 100644
index 0000000000000000000000000000000000000000..3907e4565cea44695d2d7336bf717ed9b6c73f0b
GIT binary patch
literal 8388608
zcmeF)eQaIjeFyNH0KoxmbqA#>FNq0np^)Y#cH(=eGLi<9xJ_)!aab5H#!eg(MuV3C
zg-u)N%UITSQp8lqR87h@q@`7-Mq5>)qS3UpTBgCsy8Qt~Kvt@%YSlGUS?2^ucYV(J
zIph)=JJ^oz^~Vx?@44rBe$Vgu+~Z?Av7MD2A6va*Mdyk_`R(Gt|K)GnuKma>4_^1t
zzQ=yN?)tyHZ|Z;F{_*`smu_qO+fV=Ct6$za>$cB+_~#eg{nTAc9{c>a?)dr@vyNO?
zIlgX6R%qbpw)DZk`?BMQUM-~$X5{A&oS!|vzm%j8p3V*n(<?F`UYIdG8~6IuFRuT}
z>}iFc{mpm&>#obD6|QXg*}TCiefhl0^NdJO#=%?i`S&M<v&zSV{|&w!%=@W3Gg~Jz
zJA3T^#i`l($YW=+M{Cc@&PP_BpJ>MeZ)UGcWMzMc4rk{hE6<Pgc>k}mdXXcYUpc=2
zjLbW-^89EY7whuZKhM#wUs>;tLbhIH<@s7ap0hC9e`Kxi*ZxLV;6Q%Aj$HCacK?YS
z-PH<(y5{V9jXYWXo%#64lZ|)&c!8Zqv)427__O1Gv@iesA+oZA=VxcvM`Y#su|D3H
zU;mL~z20Q6zwh<z`iz|H9%H@#?Pq82UxlVTN4Q{rLpCpRgwqYL5V&Jj<{4RWdh#7k
z%RIIZ^ZHzye|;7?Qm}#i>xamb&F^o_um3zN#~1VaS!Ct;LcIS)zHNXf-i^SX{Oh5}
zcT=kx<_=tzU5}CbXJ*Hd)v$+&)Z_Lk`TZx)iPYPv^is_KJSp;2YK-Qbok#MoNAeua
z+NV<M%zV<0{Lf!crG_~K2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5Fk+d
z0(HeC-DG6#@7N9r5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7e?+XW8fe}5kN
z_7R>TK!5;&$tX})pMQT<o|DnQo(T{jK!5-N0t5&UAV7e?hy~8dzMd{bj<|pc1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0%IxAFgr=h
zM~>xMY7-zpfB*pk!xPx?W+@#QIlNg$5g<T-009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5Fjudfqiq5bXeqY<`_eO009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72%KJljWe_F|BF1m-B_If0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB=DN5|}e3
zN!yLArrz~RfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009EEE6`EOejYxuc6VxL1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1V%2fdtUbaHIXB)U<LsK1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkLHwgvXg&3+y;
zvbJ|?cLWF!AV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1jbk3z|m5=VC49&ZZ!e~
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UATT_Ejti1>VC3*-8AX5q0RjXF5Ewmy-REbYk3^1MWt9jJAV7cs0Rj_K
zpud=X{u4PdyVMl{0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNApO#*diWdDA0WHt4!
zR{{hG5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
zPOm`e{3LB4^7M9Nbpiwk5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5ST0i`>xHte=Tyd?AtyG5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyQ0)TSuT0V{
zL{|HL^iO~Q0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXFOniaT
z2ea>AjGXu#>yQ8e0t5&UAV7cs0Rkr$*flHr`X=(kqdZH1009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z6HTCaw3N0KInnyl4*>!M2oNAZfB*pk1PBlyK!5-N0t5(5Oo16!CTU}l6SGTQ5g<T-
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5U5gt#w2Sz
zvP!q1Z2|-c5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfIzhfY`ir4d5*|x>06%!2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5Fk)p0(%x^Ki?i%UES-J009C7
z2oNAZfB=E96xi34eZ3GlmTRd^fB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UATV-)V*c;dM~=LL
z83YIrAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkKc0tlR&WKBd)fR?mCfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+0D)Q%D4w1D
zeQabc?8zPo5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0Rq2H
zV9wP^dOGsgjdhLy0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72vn;;{mdk7J+fN&p>F~N2oNAZfB*pk1PBlyFrEVa*JNK$M~>&()*?WF009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBnQeu0DMCFv$2tA9s!
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXFjJLp!bCPt)$njp^dISg%AV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5;&u@=~WX_77xIo9i`Pk;b{(<RXGf$V-4dAj<rE&&1r2oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0;4Z*
zaAA@bjU4?IR3t!v009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkL{odh<%
zUP@0zzSB6*6Cgl<009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfIw{t)LoUN8;Y#0-PsKR0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkL{-3uJNI!TK}zWa(Q5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+z@Wg!IobDTMN%O^fB*pk
z1PBlyK!5-N0t5&UAV6UF0(+-tf4&wu{Fz1)AV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkLHwge8nUP?C<S#7&pGB-(Ej;yx+^-F*N0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!CvH
z73g?xl5Re7@=Dk_0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfIu}0)HNh&+mY3{2R#!YK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oRX40(;+^{XX!>iQ1>W2oNAZfB*pk1PD~4
zz}~a-&$sie#y#kn009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZ;PeU9UzVhcN1nb;tW1Ca0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF)QZ6N^OAHck+rff`yfDo009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5;&5ei(B
zWD_DsINfjp1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBnQO@W=~Ch5i^Yjc-&MSuVS
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfWWB;)LoJNJaXiz)G&tt0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0@Wz6V?p-w){)h?2R#!Y
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfWXKF
z_D)ICNs%M3U<LsK1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+0D<unSbJ^u^RbcRx3ZN85FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV6R=
z1@>K${rq_3Xx3JX009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyFdTvYH%jTS$l=T}h5!Kq1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+0D;LVFmO$hZai{wD%dpv0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UATXW+
zrD@skKZ+dBwNJFx-b=E6B2P5Na|8&SSfKR2{QWu46OZyN0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk6H%bpl>L6u$cfmao(K>iK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UATSXGmdww-|2lFa^rQy@1PBly
zK!5-N0t5&UAV7cs0RjXjr@+1ovOlkkoSX_{x9g3+Dy79E$8IH+2@oJafB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7csfoc(GI4?<CjjWcw^+|vL0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+0D%YUv)`u{NrV6a0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z0D<ZiIP^v-Z9cMkccOCw1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1gc$NS0PEa5LxZ}(LVtK
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
zf$<brGClkGoXGK9+gbz&5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNApI|6&=C+TJ)YiDP6LVy4P0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5IC{G1BXlLiO3U=@+<)Y1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+0D(-PczKdOh~z?m009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkKcLJQ2wzTc$~IiZ`?9039Z2oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV6UB1$H+kY0=2hUqM9z1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyQ2PQ)
znv-;sk+r{LJ0w7W009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5Fl_&VAmN*
zdJuW+j7J0r5FkK+0D<ZhxMN}V`AuYX?n2iD2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK%lw>4jd_^8;Gp#-RPbG0RjXF5FkK+009C7CaS=m8QJfrkDRD|>WcsY
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pkl>+q(lJu#_%JYs15FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009D{
zEwHB{NlQkKc762-5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pkJI+c{gh(O;2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0Rpux@X+ie-C$&G@7C@J5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+0D<8M)LojS!y<<>#~1<x2oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfWSxu_Pi(i_mUz<
zGS^rF1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfWTM?4AduS*~qb2
zLrnq%2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PF|V
zz|PCF?|+UwS<Q`8v+<E98}B>;0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlq4}nAHW<L)fIUZ|Tg8%^n
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PD}{!0rzwY0Ht-*1vuU5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C7YD?gutFzya6<J%mvl{{g2oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkLH8U#w`Bx#$G)zGsZ2@oJafB*pk1PBlyK!5-N0t5&UAV7cs
z0RjZxDv<qsPoWU`)^i>cAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV8pc1ok&)zegpqdOFuB
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkJx6WDoK
zl0Jy!LVy4P0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB=CIXgE?zA4bOWk^lh$1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB=Ef7g%y;
zk`|2|{S{OsK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7Cc40syushk^LLVm2d=;5
z?_Q|v`+>UTxTj)XJlXw`_V%vs)*BYD?`vMyyJ-EoQcquRQ{#eCQrxhvxv98l;rd0%
zhMx6{@(EM(Eatgx+mv(v;)Y**A?hueo~;*kW4(Lx0bBm4|B1u>%l|jVM@FA@zmd(K
zo}VaPm=w+|Kki<&blHm5wwA$G7xoSIxuLIVe)EQ=zMjTXW8Z?F4Lv>0jq^7wTwm%L
zoEm*L=5=2DhkN#JxS;c;{IJk)q?A5<OWpK1`n@e5cyZq^Z=L(eCwIiW$mq9N(QkkB
z+qtH#t94aN_v&Ts9W9HuKDhPXzK@qDM_=K&v-sdkcQ$waOVm9OeH}NyP>8-d^MSX1
zvsm}cXYPDG=0!$dYxBP9@)NtueVtK$+|k+E-r3r9^WwaL=qFy!PhQ#l$Gh%od@Sni
zX~<rWm=}Gt<pZ`&`O?v6e|cm<jE{^y9;)c$VBSafn(_--UNqLfHlMiXx&Pew$n`TG
ziaL8Q$*-sK_`&BY*Z<rz1BYLG`tkpZ@sY9q?uzwiT$DL<FF*163%>S+kA45i&-^6n
z)X&V<FOMI5F4kY44><e>SAOsCb1Tk?@sY9qfr{&+qr854J+E$A+1j>dZTGVFwyu`7
zU5oGAyzZXO8#Zn3Tc6enm+UGn6#nWDzx`z4rboXU^$)#~U%wS~qQ7<dz%}nV^iRLo
z`S_P&US#w)koR|XeqwvMzrnS;SKqw4t7X*<-K$r&E{p5;LtF3Ow5~558T}1i$Df%0
zsi`;q=(VW7YgX=dT%BWnz4^dzKl1QjuYaZY_hMdT^w;p4S)I6!_r>eCY-vY#%Z)d-
zEbD5$sb%r}4MT5Ph06Z^aqnke-26W?TcZA+`FVfG)j8JR&H2Emru^_n4^Mmb9sO41
z{e|B^?pNOS%J${mH!fY)x^nQ{ttqb;eKqID^=}kzKj*9`+M}<!OS8Tz<_}$W(bu2<
zbldkHo%i>_64MLe)?eXPyg0w^yE>P)t?p>=>>9i$-F?rU6@A4!^3gB9Fz4k97kn)W
z@1B=?4b9Ka#PxQ2KJdlI?yq0>>ZPBGd6CiA&b+T_`H79?z6NXL`)$3UrF`4Gv9+ah
z@z$*y%kO02m91VV?EiUh!<MdZyc~7wipO~!o1YJe{^Gv*yMK1g6{XKLzvKO4Uqyer
z^8U*2r>j=wJq?zQzUJoZbUpjS_18a}Y|0M{{dr&Myz-OL$1VAQ4{ZM8%!^-Ha8Znp
z45uGg^znT3(XzH>@x1%CZke~Wchly18B%$2^b_~dr@uLS#%n9TzANe;h<?iR2cL_6
z;`4`juQlKE<|F%iVti!uQ~#dKIbOH=@_l)*#?XCY+49czH64rRWgqFXJH=poAKKct
z<^H&99P2Z#{{w|3KYeNWzYfHD^$YUrEbbdw-JyP?!7W$KX>WV<tFi5vK6L$;D*9bf
z+3%XR*7Cc+JNCCQuXz1}_g{Qr_ram-Wk+RygLTSd!!zEW3NL*BKc4#MrPmELmOlv3
zJM#Ww1B1t@=dx8dls_=EES^31(q7kaf6tv;dN$wNa7+J|P50k6d+2qJkJrmTapqOG
z-#hDxSZB%5eJ!gKeZ|Lvu9cr}?(OXOL5z=#zP9ImP0vp}RCY^0Uae?f-PN{qRm<YM
zqq*z*dN=iKo;yFgW5hn@=kp%8YwMwn#aH6CSJ-t%{<=n;d|dRmEkFK~Z+!Q;TYhW%
zoB82TM1S!_%!}ip>#()$ruJn^yIR}Z20v9?*VMGIr~KB~+t}BX%<oN_8jC%Pnu-fc
z&BbD}VbPH1Z|8-28w-oxeDLMRqi%6g#r1ex{bR5D+I+(PXTI}qKe_eaKOFNTPu72a
z|LZ9CykOD7#!`63{dnyKw|}K~+PD5R>K(i~>+9IO>`b`Cjp(9}{y+Qn11DEi9}0Ym
z5F>wHiB?3ab_}8*CYhO?-JJ<Wj3oRG1WX_iwPCZnAt50fk`0MUt1Z|@5kxHyDiu^p
zrAQU{v=|kH7DZ|+g(80Ny{h<+YC#$i+dwP4d+yxd?CvBm!>51V`@GNhd_H$(@6NgB
zocq1!o_p@O=iYtrBYWQ0?)S#_J(eeRVV5kOf8xpWmW*yF*J|ZTZEk;kZr@<JNGQq~
z{gj*T+3|}T&p7|OZS_|98n2yF&USiH&bx|q?)~8>@80`!Kl+y_Uwn5fXI8u=^N(3L
zZ~pM`=!Wspk@AMkE3;0@+R=BESB-6KpFXQLj-6euR%Tab*Jjts8^$({m+Ot%V7;83
zWwp8Gg$ru^{nci9$+7cm{R4B?R@a`jddt|cbB^uX(pNok<uQwoJ7#3?oUI$zE;;4+
z^<(o-s*Jwn_|uMEaQ4~9#s1GJ3Vi&!`*;5CcTT)2%752jYyXRKw%dug9(|;I?$KB8
zciO%YKfb%|_lkB+X>AeZi1z;n^`#&E!c{N%e5p7N5B9gpk+w@)g#V@@!vpX5$zQ$w
zRR=FCR@+})%duqfsc$}N;fgmeoWCf)-)SG=dDX$%Ky$EfU~sT8(AQs?+D^Qw$l-yl
z_uT!(lm6tv$nfMwQO;*fw-qzp%cSt}{BvS|{%wydMy{VZt#tS!e}3J|vfsXQ-p&8;
z{)dk`^pbxcpZ4}OPk!^Z1^a#Sdv8DUdt0Aq<oAH-erxr=HA*|OWkc4dPW|dje%UBh
zo@$it$(Gemr<&c&@@bY1{gq~Ed$z3Jqgk4swP&eKd*hy2dG~6TF3Fb0v}URD{47qk
z#C7t}qI?g$q_tnkbM?Miycaf0H@vvj=BFre9UgiAv^~!J%<1j=kjj}t+9rj2vh7lc
zj$h@_qF)#H@qH^tS5*fFhF6Xb4Am>m!N%}#b)d3xpw^%Dk%y{7`PLI&(eA$Q&+mM6
z>))PsS@Cmgzp|CccW06BUPXkoo?jQ@Iz6RboYy}*TI;XZYr~c5P<?2mGPJ6{xvDuZ
z+Nd}CYeQL^8uc$K+@9CoTHbl}KRpupC({%n|M-7w7wZ%4Usm6$m3F$({%yJAH4i^g
z+I(-sPsb^R9@Cwu&5MV}%jIghTAy3#n_C|!=c!CMeyCV~)8B8q=$OYJjngWx6X~aJ
z`R&?{4Q<-AWo+ZfZkn-XZFY5_F}t39Wo=g8nDzJfRV#U8)={ogiuHYuy6N5%Zdmqb
z#cEzp)8F07mA5mwY-`K#j~#sY7ngqZ@|lAlh;&okPoZnN&v<^Pc4Kg`S*_Ow1}oKO
z(SCKF@6q1v-23%kJL}+SrP`m39GLPw;-3##_ocJmc-aU3@{F4g`Hd$JsvJ3e@%cZV
zF`CAE{=?^bHnz1rTN-<3=X<u4_Gy+b&z2q8(s{n8ajO)PL!9f4tPSXlm&S{FiI>K2
zdWo0DS9*z;#zA_Cm&Pl4iI>I=dWo0r-+PId?xTB&m+otOiI?s(dx@9s_j-w!?#FtG
zm+q5#iI?tAdWn}u%04>Jug-dv`t7?*FV5d+cOSjv@F&l?=qGVon%C{LU8=K_Lu?oS
zo6_#qs=KtiKcDmMBk%dmzc?u3=jThd(qp>M(C+p(%0+@vp7#{%r%%6N!J=bc@IQ;y
z{M<}`cgru@-Q(7uJG5@iNO^O1yILL}-85cqbs2Zl*47)@;CSR8?d#K*f9Pi~{LJ5e
zGxAUELNECj?Q1633XyKyM}Bnl6IVX+?rUP0A@6tely1j;<mUBj*N<&k-@cEGe4-tH
z>7v=UU9$cDd~6`4pW3vZ^6B1=_cdybO0BOiPp`8bkM%#e`H{RG|N8P5zcfYcY{%bx
z)mh)2w)K$H|0C^q-d`))@EfxG-0Ax_OIx#LXSSR?BWv5UrSm*W{i_rvx8aw+bk}%!
zq}{{|=aC}9rC+=A#<%V@V`jup`KFNif+_5OVCy?v(t5hqt>`$O8^^{b1_iR;BcC|0
zU$pF^{m*^RDG#JHQ%L)pe;4^QI`T>DDW9q5bzeK(sOOjd_KX?ZAL)y3V{SJ&-7`AU
zP3w92)BQ?zWpCAjiSkB2?V@ed_SviNQ%~lF%s$ewnVfF?KlU@$i}LQay%?BV+ohit
z9hKLgc*qOhRo!rTq?77F3UM5^b?ir4Px}$=#nD4+)}_16$-T7vm^^c{F)+|qYj@FN
zKjQp5>9F5B`jNX1e`Q{X>?7616rw!&O7;=k#rle_=U;zgV6fWE#yj#&qF#NxNFep$
zQ@CUMSME#wsDD5G(Yy?u=ihaIc*oL@|MhP*{<F@%@{5|KZQ1f*wlsdNS-Lh`8k6pa
zqFx;QvO7QazCXP0yjCeodEE4O>Pt-yoi5K_FZwFwV&m8@j>AhHI`SP4z4gNO^PE(s
z6uRZt!*OU<n*GhbMysXoJPvVRb;6oy-$=*df_>)9O!;;mhYNr9iX(=0jvw-0aU9Yy
zIQf8P>Go`icCdB#nM%?M$sx6W?|DsjKRmlxx~nnuIK*~w-`lxetpDGN7sos5*U~Tl
z{$;Bd4F4?3mG(b{w2zZRY#0CQQoriuB4TV8^=sd=KfT{8k2+ySq?4>u=$2nE^{Za3
zRr{I)d3v4oE4-h&b|9}`jT2Vvwtn6Bi5>fn9=+EK|EucP4Ou%{o^<`}tY6Pox6+Qq
ze*9-{x4U|rBX-H}zk9o9I_J8%be^NJZ{4<w{3gebzn|?m{CDRUW!l~Mvz2pq@#BC0
zKWrDrZ+FKd+ND#99X{xZmB(H%w&A_8|7kolg_OqR5ZlH7@_8K9N+q60#qaHOkNoUu
z%m4WP_I+6zV@;uJx@msKZqj{Qk@1|JH(&RaX&=42SZ#krx({a8rW8`2Erqn6%C=(u
zsSA!<x*~fvpUu9QltsiF%wv~I_nmhAN#`uwcU`esS{?I1rf%QvkF6*o-f-T{SMIUj
z8GjSo#dnlz`kbldO6z&KvI|N+-(vBylNP>tLN&@24-y~Tu;YY(`s4Sv`^lxwc^2*M
zTRF$^SXC6{eP`eM@E0E2@{K508tYCW%2(+qUs|71zSew@belXY9iEsH68Q`l2_IN`
z)8BpUp`SlpthT=*pXD9-r1dHJoVp}qXk|7lGRaa2k9fd#+v003e);mt9*qp97xR_c
z&jTmY$)iL$<N3=8U*2QSmFK>*J<lOM3rHc#nXhCYv0bdke5iTFgW~x8^diFlzVj~@
zU%da(Kacq7Swaet?t41+Kdq-Uihf0V-bgm2org$2=2={QR{32QUj5j{*01TaRj(rb
z_<w8{>qYt#^CaeN+B`Bgv47#R@Pi*Ze$ExAKOEbo=N~C_OTU;Wk*AsBNB-gR#YYF8
z_{{RhuT8(Dke;ce&^6umyoY?+!!GGB&r`|fN%dWM<Bqr7aZ9n<{_2{3>%3l)Jx<IX
z9nY&rJ!|!*N~L=rxaE>xKjQpYEv+ub1&a2h*luEf&o6TR`T@7BS^1@RemV-0o*$*q
zwLH-t#Jq}h#uc+FI!?Yhn?^TnS~IqOR(<xS;js;)dHS91FTds9<F8zM%jW#YNgq9z
zqb<|gIDA^QI=f$g%lF@P>Zi7!6G`tpytSY0^RU=H%GD}msWkr$m(4oxmoI%hwoA{}
zQs}u{t$7@~2t+>7&ma8o(`$eGOMmdEkx%M}_L5I=zU+2<p*pv}QZ5pV{BA1N-+S-a
z`!C+{ir*+!^ZVQMcenkD@rCx2>$&Bn+4Qju<D2Hx%14w>UbbM~oYiAzkIspSAxD%`
z3pXzxdpM$;W+}}-DT|Y42&FS+^z5PGP31YG<HKn(PCj2~MLyB67+{QY$MyRDbJpE=
z#Ty=eRg^p3pZ8Mk);MN=qgHGf>24_2w+`&HZu-t^K2off(*1u5-8|akUa6TXKl9#1
zelalh{3B1l{HB@v9uWDZ=Qcg%7w6s7=b6>o=*n89UKy!3s`Y_Y!$Zyf!RBbCuQu4I
z4>bD++U;E2=l$}rGxxamJ9B;(`KNoH-tvF8=jrLWSoWZ=uhtxFwxr`e?}j3y=NI39
zw0zMWX&mAHC&y=`e|3%{+%@y&vD?4;4>RIEFFp58&%D#~?)Ero_6#A-f6e<oSwADq
z=}gzxG$%OCQ(T=bcV$a?W;Py>E&CswjSXZ=<yF~twoE@H8%xNR17Dqu^<>NRtS|XY
z{pwT?p6z}rj&HQ{`z(0d5C7<S{nr$`o9CbYPH9XIv0eOcYI{Ae5x=i2B7AVw4=>#^
zr~Y>lKkZ`*-O}Clx_aiuvCSKXMv8&o$mg^o;eo-=fBpBaIONsEYVO!eKCSEPMB0&V
z^grvjJ#YDuD;GZ$>84}TQ@ZWzYd){Aok64@<I3M#w)I=9{{Di4BK<Um*Gu|^Piqvo
zJ~6Hw?em2n9eL<^+s^%5q?_u`b4Yi$?Q?T(eV6t*+PS@7{^YIK?D?IT_LbMuUh*rR
z*JOLp3gHts3KuVW{L~{>-T2Dl=e+Lslx~dgx8`+*e|grK*|eofHGd?P(uw?{fARa{
zBma2&()AyV{L(p?Lbv+bzAit9{zc<i`WG|q-uw06eCNfFMLAMC@SMsK{fnYQ5&Iea
zgl~;3IPOzB_q;69Pi@R|N`Fc}VPa1rpSW%u_O_?aTDR}_uZ(<ByY-y%nR?wA>hBvJ
zYSu>vYeS9taJ4ctv}&L>vZ`;evT9ZTXkWd3Jl7W)p8vxy&Uw+3pNnQ9Z$o>@Kl%;p
zN4J#o$}_jTe(3DcdFfH+>&nH=bakTs#C59qwvGLlE?R#_k$v7q_mW@t@yNkOWw5`|
z*KFM&#dRufv||3!2hKn3yXiXhl|$a0KjZAYPQ77!<41jG%zYrPQ=N0QI<Hxs*Q)$F
zmG#wc&z3_E%dS(|lIBjPd5PDixrtdnbwjqK{_67AW%07*jkB_AT(+bT*Q?I)?9TJ+
z|MhrL&*MI9^^M<t!-K<5eLmmG?4vc$Et_B8F`ggWMZ6X5`Tz6I8r!^a{ZP^HMZDET
z#BcxOy2nnr>fxWpcF8}5Zt3rO9c@i0ADNZCtFUJMNaPdaK#T79orC|!k8j*B@=3?I
zmwbx*)cm!qNIPv8=|_A1j&J?y+VcFX+D@td^pt-4db)1S%3@OdNPHLjvb+2qf6-oF
z`^ffLk$ql2d&;kU{pc;fGg6{i*yHNQH!fTBjp+X5eZchpZpUfGl=o)l)v~#Ml}fF$
zD*WPs-ABH%@pZ%BedzF%W(w(COQCD}(GQR7)71A0rX07)uNXxB0eIeDE#2|!|8nzT
zd8XM%I>%G!Isevmqv!mN{_M679XfcxrFkZkKDy<1)ZzsTR~&uZqU=?xjl*;Dy59O6
znN{50&mK<6#eH|yl;`2votOMz`@bHvs8}tP`da(fPOtbOT%sTM)z_Z){EL2b+l=;h
z#UI_unGdIB<EF*!XS+Nx|M}<FZ+mZ}Z|;&v_u8U7#dhuU>(nB`>%V^CYyQ_)2jaFd
zHtTwP^8L$SlxXxPi%ysC-o0t`)?eHd-K0{bKFK9*SL75fF+bz_*=t{W-NPS#qFs>U
zk8Un4?^91YYF=@;R%{v{+pwZNAk$gC!yde6>0XDP7Q>jO+b5Ur=q#O%@+~gbUwGnc
zXKZ=u2fMr<(XD(-vt!m*op|3NPRL~+tJH7(<<pPE{+`j_a?0Z8{|cXziwHZ$-dFGc
z{!_md@$+kFw$d&Cyx*J^AkvHe*2vJzTV8SJZP!P7>H3>O*Yu)&nA+bOsAlhbG;5W?
zYTr<O)!<Mg>uHVjXKw`$)f$5<s}udLrA3CHnD^nWt6%ZC`NeAct6Tm>cQw6ZlJ{8S
z_(nzk?2j%zb<LZ89K#=_8wOhYHL+bQtMG^urvB;MKY85&pSiVNkm8SS<yo|F{(@{6
zs5;nJ$+w8|%r3Uy{Ja-W+yBVDe=X8|<6x^it?eeRdlwWD_P=rby+67Cr=MuYFZx5>
z$`Sq0C9M&;a-*EJWoKqHWyUs-&n_<;S~I?8{h9fk<_#OihO<bco66(az|Ph+<9SiT
zBl@Q^zwy>9Zh6Pc-WBDDep$D2bnl-wYSsQ)vr(z%Nq6>7Ur=QD(@%c+d#Qi=>V-ee
zo4C&Y=@<4sc7F9OSHJz4`lspnN*eo*F_rWlWqM~Zy&ss~$xH8RrFT)&dvE!>Wm$Wf
z+RW5mr8Xg*kLlfw^d3^GL+QAscS_<tiE!~vfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAVA>%v_l6n00000gZ!<(dlW(j
z3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@
z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VK
zfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5
zV8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM
z7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*
z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd
z0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA
zz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEj
zFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r
z3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@
z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VK
zfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5
zV8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM
z7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*
z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd
z0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA
zz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEj
zFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r
z3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@
z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VK
zfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5
zV8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM
z7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*
z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd
z0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA
zz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEj
zFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r
z3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@
z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VK
zfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5
zV8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM
z7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*
z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd
z0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA
zz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEj
zFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r
z3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@
z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VK
zfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5
zV8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM
z7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*
z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd
z0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA
zz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEj
zFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r
z3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@
z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VK
zfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5
zV8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM
z7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*
z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd
z0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA
zz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEj
zFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r
z3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@
z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VK
zfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5
zV8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM
z7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*
z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd
z0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA
zz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEj
zFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r
z3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@
z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VK
zfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5
zV8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM
z7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*
z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd
z0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA
zz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEj
zFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r
z3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@
z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VK
zfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5
zV8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM
z7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*
z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd
z0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA
zz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEj
zFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r
z3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@
z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VK
zfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5
zV8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM
z7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*
z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd
z0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA
zz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEj
zFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r
z3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@
z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VK
zfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5
zV8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM
z7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*
z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd
z0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA
tz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*4+MY3q{{#R

literal 0
HcmV?d00001

diff --git a/filebeat/module/system/auth/test/debian-12.journal-expected.json b/filebeat/module/system/auth/test/debian-12.journal-expected.json
new file mode 100644
index 00000000000..8bca8480c2a
--- /dev/null
+++ b/filebeat/module/system/auth/test/debian-12.journal-expected.json
@@ -0,0 +1,367 @@
+[
+    {
+        "event.action": "ssh_login",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.dataset": "system.auth",
+        "event.kind": "event",
+        "event.module": "system",
+        "event.outcome": "success",
+        "event.timezone": "-02:00",
+        "event.type": [
+            "info"
+        ],
+        "fileset.name": "auth",
+        "host.hostname": "vagrant-debian-12",
+        "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
+        "input.type": "journald",
+        "log.syslog.facility.code": 4,
+        "log.syslog.priority": 6,
+        "message": "Accepted password for vagrant from 192.168.42.119 port 55310 ssh2",
+        "process.args": [
+            "\"sshd: vagrant [priv]\""
+        ],
+        "process.args_count": 1,
+        "process.command_line": "\"sshd: vagrant [priv]\"",
+        "process.name": "sshd",
+        "process.pid": 1710,
+        "related.hosts": [
+            "vagrant-debian-12"
+        ],
+        "related.ip": [
+            "192.168.42.119"
+        ],
+        "related.user": [
+            "vagrant"
+        ],
+        "service.type": "system",
+        "source.address": "192.168.42.119",
+        "source.ip": "192.168.42.119",
+        "source.port": 55310,
+        "system.auth.ssh.event": "Accepted",
+        "system.auth.ssh.method": "password",
+        "tags": [
+            "auth",
+            "journald"
+        ],
+        "user.group.id": "0",
+        "user.id": "0",
+        "user.name": "vagrant"
+    },
+    {
+        "event.action": "ssh_login",
+        "event.category": [
+            "authentication"
+        ],
+        "event.dataset": "system.auth",
+        "event.kind": "event",
+        "event.module": "system",
+        "event.outcome": "failure",
+        "event.timezone": "-02:00",
+        "event.type": [
+            "info"
+        ],
+        "fileset.name": "auth",
+        "host.hostname": "vagrant-debian-12",
+        "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
+        "input.type": "journald",
+        "log.syslog.facility.code": 4,
+        "log.syslog.priority": 6,
+        "message": "Invalid user test from 192.168.42.119 port 48890",
+        "process.args": [
+            "\"sshd: unknown [priv]\""
+        ],
+        "process.args_count": 1,
+        "process.command_line": "\"sshd: unknown [priv]\"",
+        "process.name": "sshd",
+        "process.pid": 1721,
+        "related.hosts": [
+            "vagrant-debian-12"
+        ],
+        "related.ip": [
+            "192.168.42.119"
+        ],
+        "related.user": [
+            "test"
+        ],
+        "service.type": "system",
+        "source.address": "192.168.42.119",
+        "source.ip": "192.168.42.119",
+        "system.auth.ssh.event": "Invalid",
+        "tags": [
+            "auth",
+            "journald"
+        ],
+        "user.group.id": "0",
+        "user.id": "0",
+        "user.name": "test"
+    },
+    {
+        "event.action": "ssh_login",
+        "event.category": [
+            "authentication"
+        ],
+        "event.dataset": "system.auth",
+        "event.kind": "event",
+        "event.module": "system",
+        "event.outcome": "failure",
+        "event.timezone": "-02:00",
+        "event.type": [
+            "info"
+        ],
+        "fileset.name": "auth",
+        "host.hostname": "vagrant-debian-12",
+        "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
+        "input.type": "journald",
+        "log.syslog.facility.code": 4,
+        "log.syslog.priority": 6,
+        "message": "Failed password for root from 192.168.42.119 port 46632 ssh2",
+        "process.args": [
+            "\"sshd: root [priv]\""
+        ],
+        "process.args_count": 1,
+        "process.command_line": "\"sshd: root [priv]\"",
+        "process.name": "sshd",
+        "process.pid": 1723,
+        "related.hosts": [
+            "vagrant-debian-12"
+        ],
+        "related.ip": [
+            "192.168.42.119"
+        ],
+        "related.user": [
+            "root"
+        ],
+        "service.type": "system",
+        "source.address": "192.168.42.119",
+        "source.ip": "192.168.42.119",
+        "source.port": 46632,
+        "system.auth.ssh.event": "Failed",
+        "system.auth.ssh.method": "password",
+        "tags": [
+            "auth",
+            "journald"
+        ],
+        "user.group.id": "0",
+        "user.id": "0",
+        "user.name": "root"
+    },
+    {
+        "event.action": "ssh_login",
+        "event.category": [
+            "authentication"
+        ],
+        "event.dataset": "system.auth",
+        "event.kind": "event",
+        "event.module": "system",
+        "event.outcome": "failure",
+        "event.timezone": "-02:00",
+        "event.type": [
+            "info"
+        ],
+        "fileset.name": "auth",
+        "host.hostname": "vagrant-debian-12",
+        "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
+        "input.type": "journald",
+        "log.syslog.facility.code": 4,
+        "log.syslog.priority": 6,
+        "message": "Failed password for root from 192.168.42.119 port 46632 ssh2",
+        "process.args": [
+            "\"sshd: root [priv]\""
+        ],
+        "process.args_count": 1,
+        "process.command_line": "\"sshd: root [priv]\"",
+        "process.name": "sshd",
+        "process.pid": 1723,
+        "related.hosts": [
+            "vagrant-debian-12"
+        ],
+        "related.ip": [
+            "192.168.42.119"
+        ],
+        "related.user": [
+            "root"
+        ],
+        "service.type": "system",
+        "source.address": "192.168.42.119",
+        "source.ip": "192.168.42.119",
+        "source.port": 46632,
+        "system.auth.ssh.event": "Failed",
+        "system.auth.ssh.method": "password",
+        "tags": [
+            "auth",
+            "journald"
+        ],
+        "user.group.id": "0",
+        "user.id": "0",
+        "user.name": "root"
+    },
+    {
+        "event.action": "ssh_login",
+        "event.category": [
+            "authentication"
+        ],
+        "event.dataset": "system.auth",
+        "event.kind": "event",
+        "event.module": "system",
+        "event.outcome": "failure",
+        "event.timezone": "-02:00",
+        "event.type": [
+            "info"
+        ],
+        "fileset.name": "auth",
+        "host.hostname": "vagrant-debian-12",
+        "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
+        "input.type": "journald",
+        "log.syslog.facility.code": 4,
+        "log.syslog.priority": 6,
+        "message": "Failed password for root from 192.168.42.119 port 46632 ssh2",
+        "process.args": [
+            "\"sshd: root [priv]\""
+        ],
+        "process.args_count": 1,
+        "process.command_line": "\"sshd: root [priv]\"",
+        "process.name": "sshd",
+        "process.pid": 1723,
+        "related.hosts": [
+            "vagrant-debian-12"
+        ],
+        "related.ip": [
+            "192.168.42.119"
+        ],
+        "related.user": [
+            "root"
+        ],
+        "service.type": "system",
+        "source.address": "192.168.42.119",
+        "source.ip": "192.168.42.119",
+        "source.port": 46632,
+        "system.auth.ssh.event": "Failed",
+        "system.auth.ssh.method": "password",
+        "tags": [
+            "auth",
+            "journald"
+        ],
+        "user.group.id": "0",
+        "user.id": "0",
+        "user.name": "root"
+    },
+    {
+        "event.dataset": "system.auth",
+        "event.kind": "event",
+        "event.module": "system",
+        "event.timezone": "-02:00",
+        "fileset.name": "auth",
+        "host.hostname": "vagrant-debian-12",
+        "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
+        "input.type": "journald",
+        "log.syslog.facility.code": 10,
+        "log.syslog.priority": 5,
+        "message": " vagrant : TTY=pts/2 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/emacs /etc/ssh/sshd_config",
+        "process.args": [
+            "sudo",
+            "emacs",
+            "/etc/ssh/sshd_config"
+        ],
+        "process.args_count": 3,
+        "process.command_line": "sudo emacs /etc/ssh/sshd_config",
+        "process.name": "sudo",
+        "process.pid": 1582,
+        "related.hosts": [
+            "vagrant-debian-12"
+        ],
+        "related.user": [
+            " vagrant",
+            "root"
+        ],
+        "service.type": "system",
+        "system.auth.sudo.command": "/usr/bin/emacs /etc/ssh/sshd_config",
+        "system.auth.sudo.pwd": "/home/vagrant",
+        "system.auth.sudo.tty": "pts/2",
+        "system.auth.sudo.user": "root",
+        "tags": [
+            "auth",
+            "journald"
+        ],
+        "user.effective.name": "root",
+        "user.group.id": "1000",
+        "user.id": "1000",
+        "user.name": " vagrant"
+    },
+    {
+        "event.category": [
+            "iam"
+        ],
+        "event.dataset": "system.auth",
+        "event.kind": "event",
+        "event.module": "system",
+        "event.outcome": "success",
+        "event.timezone": "-02:00",
+        "event.type": [
+            "creation",
+            "group"
+        ],
+        "fileset.name": "auth",
+        "group.id": "1001",
+        "group.name": "test",
+        "host.hostname": "vagrant-debian-12",
+        "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
+        "input.type": "journald",
+        "log.syslog.facility.code": 10,
+        "log.syslog.priority": 6,
+        "message": "new group: name=test, GID=1001",
+        "process.args": [
+            "/sbin/groupadd",
+            "-g",
+            "1001",
+            "test"
+        ],
+        "process.args_count": 4,
+        "process.command_line": "/sbin/groupadd -g 1001 test",
+        "process.name": "groupadd",
+        "process.pid": 1743,
+        "related.hosts": [
+            "vagrant-debian-12"
+        ],
+        "service.type": "system",
+        "tags": [
+            "auth",
+            "journald"
+        ],
+        "user.effective.group.id": "0",
+        "user.effective.id": "0",
+        "user.id": "1000"
+    },
+    {
+        "event.dataset": "system.auth",
+        "event.kind": "event",
+        "event.module": "system",
+        "event.timezone": "-02:00",
+        "fileset.name": "auth",
+        "host.hostname": "vagrant-debian-12",
+        "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
+        "input.type": "journald",
+        "log.syslog.facility.code": 4,
+        "log.syslog.priority": 6,
+        "message": "Session 8 logged out. Waiting for processes to exit.",
+        "process.args": [
+            "/lib/systemd/systemd-logind"
+        ],
+        "process.args_count": 1,
+        "process.command_line": "/lib/systemd/systemd-logind",
+        "process.name": "systemd-logind",
+        "process.pid": 316,
+        "related.hosts": [
+            "vagrant-debian-12"
+        ],
+        "service.type": "system",
+        "tags": [
+            "auth",
+            "journald"
+        ],
+        "user.group.id": "0",
+        "user.id": "0"
+    }
+]
\ No newline at end of file
diff --git a/filebeat/module/system/syslog/ingest/journald.yml b/filebeat/module/system/syslog/ingest/journald.yml
index ecbda96bfae..224dc9bd90d 100644
--- a/filebeat/module/system/syslog/ingest/journald.yml
+++ b/filebeat/module/system/syslog/ingest/journald.yml
@@ -11,6 +11,13 @@ processors:
     value: "{{host.hostname}}"
     if: "ctx.host?.hostname != null && ctx.host?.hostname != ''"
     allow_duplicates: false
+  - remove:
+      description: Remove the extra fields added by the Journald input
+      field:
+        - journald
+        - process.thread
+        - syslog
+        - systemd
 on_failure:
 - set:
     field: error.message
diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py
index a78bcdecbe9..f535711250e 100644
--- a/filebeat/tests/system/test_modules.py
+++ b/filebeat/tests/system/test_modules.py
@@ -189,6 +189,12 @@ def run_on_file(self, module, fileset, test_file, cfgfile):
             cmd.append("{module}.{fileset}.var.format=json".format(
                 module=module, fileset=fileset))
 
+        if ".journal" in test_file:
+            cmd.remove("-once")
+            cmd.append("-M")
+            cmd.append("{module}.{fileset}.var.use_journald=true".format(
+                module=module, fileset=fileset))
+
         output_path = os.path.join(self.working_dir)
         # Runs inside a with block to ensure file is closed afterwards
         with open(os.path.join(output_path, "output.log"), "ab") as output:
@@ -201,12 +207,20 @@ def run_on_file(self, module, fileset, test_file, cfgfile):
             local_env = os.environ.copy()
             local_env["TZ"] = 'Etc/GMT+2'
 
-            subprocess.Popen(cmd,
-                             env=local_env,
-                             stdin=None,
-                             stdout=output,
-                             stderr=subprocess.STDOUT,
-                             bufsize=0).wait()
+            proc = subprocess.Popen(cmd,
+                                    env=local_env,
+                                    stdin=None,
+                                    stdout=output,
+                                    stderr=subprocess.STDOUT,
+                                    bufsize=0)
+            # The journald input (used by some modules like 'system') does not
+            # support the -once flag, hence we run Filebeat for at most
+            # 15 seconds, if it does not finish, then we try to gracefully
+            # terminate it.
+            try:
+                proc.wait(15)
+            except subprocess.TimeoutExpired:
+                proc.terminate()
 
         # List of errors to check in filebeat output logs
         errors = ["error loading pipeline for fileset"]
diff --git a/libbeat/tests/system/beat/beat.py b/libbeat/tests/system/beat/beat.py
index bc1126402cd..74d5ab62816 100644
--- a/libbeat/tests/system/beat/beat.py
+++ b/libbeat/tests/system/beat/beat.py
@@ -851,7 +851,7 @@ def is_documented(key, docs):
                 is_documented_aliases.append(key)
 
         if undocumented_keys:
-            raise Exception(f"Keys {undocumented_keys} not documented in event {str(evt)}")
+            raise Exception(f"Keys:\n\n{undocumented_keys}\n\nnot documented in event:\n\n{str(evt)}\n")
 
         if is_documented_aliases:
             raise Exception(f"Keys {is_documented_aliases} documented as aliases!")

From e6905f5d0154697a58945c29ad84200cdc5e8a85 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Tue, 1 Oct 2024 16:43:01 -0400
Subject: [PATCH 11/38] Use .log and .journal files in tests

---
 filebeat/tests/system/test_modules.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py
index f535711250e..be1898baa9c 100644
--- a/filebeat/tests/system/test_modules.py
+++ b/filebeat/tests/system/test_modules.py
@@ -107,8 +107,11 @@ def load_fileset_test_cases():
             if not os.path.isfile(os.path.join(path, fileset, "manifest.yml")):
                 continue
 
-            test_files = glob.glob(os.path.join(modules_dir, module,
-                                                fileset, "test", os.getenv("TESTING_FILEBEAT_FILEPATTERN", "*.log")))
+            test_files_extensions = os.getenv("TESTING_FILEBEAT_FILEPATTERN", "*.log,*.journal").split(",")
+            test_files = []
+            for ext in test_files_extensions:
+                test_files.extend(glob.glob(os.path.join(modules_dir, module,
+                                                         fileset, "test", ext)))
             for test_file in test_files:
                 test_cases.append([module, fileset, test_file])
 

From 84e25547dfcf4f4119cb3a6d0a5daa51bc705682 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Tue, 1 Oct 2024 17:05:38 -0400
Subject: [PATCH 12/38] fix syslog journald ingest pipeline

---
 filebeat/module/system/syslog/ingest/journald.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/filebeat/module/system/syslog/ingest/journald.yml b/filebeat/module/system/syslog/ingest/journald.yml
index 224dc9bd90d..a9eaf777a04 100644
--- a/filebeat/module/system/syslog/ingest/journald.yml
+++ b/filebeat/module/system/syslog/ingest/journald.yml
@@ -11,13 +11,13 @@ processors:
     value: "{{host.hostname}}"
     if: "ctx.host?.hostname != null && ctx.host?.hostname != ''"
     allow_duplicates: false
-  - remove:
-      description: Remove the extra fields added by the Journald input
-      field:
-        - journald
-        - process.thread
-        - syslog
-        - systemd
+- remove:
+    description: Remove the extra fields added by the Journald input
+    field:
+      - journald
+      - process.thread
+      - syslog
+      - systemd
 on_failure:
 - set:
     field: error.message

From 1841a02365715d8a583ae8cfe263f61f422042b5 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Tue, 1 Oct 2024 18:29:56 -0400
Subject: [PATCH 13/38] Add journald tests for system.syslog

---
 .../module/system/auth/ingest/journald.yml    |   1 +
 .../module/system/syslog/config/syslog.yml    |   4 +
 .../module/system/syslog/ingest/journald.yml  |   5 ++
 .../system/syslog/test/debian12.journal       | Bin 0 -> 8388608 bytes
 .../test/debian12.journal-expected.json       |  72 ++++++++++++++++++
 5 files changed, 82 insertions(+)
 create mode 100644 filebeat/module/system/syslog/test/debian12.journal
 create mode 100644 filebeat/module/system/syslog/test/debian12.journal-expected.json

diff --git a/filebeat/module/system/auth/ingest/journald.yml b/filebeat/module/system/auth/ingest/journald.yml
index de33e88d43e..07c5a554b26 100644
--- a/filebeat/module/system/auth/ingest/journald.yml
+++ b/filebeat/module/system/auth/ingest/journald.yml
@@ -191,6 +191,7 @@ processors:
       ignore_missing: true
   - remove:
       description: Remove the extra fields added by the Journald input
+      ignore_missing: true
       field:
         - journald
         - process.thread
diff --git a/filebeat/module/system/syslog/config/syslog.yml b/filebeat/module/system/syslog/config/syslog.yml
index ce0f8f9780f..71145385846 100644
--- a/filebeat/module/system/syslog/config/syslog.yml
+++ b/filebeat/module/system/syslog/config/syslog.yml
@@ -8,6 +8,7 @@ paths:
 {{ end }}
 
 facilities:
+  - 0
   - 1
   - 2
   - 3
@@ -16,6 +17,9 @@ facilities:
   - 7
   - 8
   - 9
+  - 11
+  - 12
+  - 15
 tags:
   - journald
   - syslog
diff --git a/filebeat/module/system/syslog/ingest/journald.yml b/filebeat/module/system/syslog/ingest/journald.yml
index a9eaf777a04..5d011784154 100644
--- a/filebeat/module/system/syslog/ingest/journald.yml
+++ b/filebeat/module/system/syslog/ingest/journald.yml
@@ -1,5 +1,8 @@
 description: Journald Pipeline for system/syslog Filebeat module
 processors:
+- set:
+    field: event.ingested
+    copy_from: _ingest.timestamp
 - set:
     field: "process.pid"
     value: '{{ journald.pid }}'
@@ -13,11 +16,13 @@ processors:
     allow_duplicates: false
 - remove:
     description: Remove the extra fields added by the Journald input
+    ignore_missing: true
     field:
       - journald
       - process.thread
       - syslog
       - systemd
+      - message_id
 on_failure:
 - set:
     field: error.message
diff --git a/filebeat/module/system/syslog/test/debian12.journal b/filebeat/module/system/syslog/test/debian12.journal
new file mode 100644
index 0000000000000000000000000000000000000000..9f6f5a754e1a35e2a3c46ee6035d9e044ccbc729
GIT binary patch
literal 8388608
zcmeF)dytjoeFyMGkc)`bSgi39QKO-g2)kUCb85GW%K~fIOZTD>G0WKtvJqHd@is;w
ziJjstVN%nWWX5V8jTMQ`#2O~rk+jp+jME0wi8cMBO>Cl5lPa;Pt{~WR-uL}2?%K&p
zaAASZ{^9Su=Y5{%_kBL^xdOtX#!ogcT-da*toU<A=|9=ewENDyV$(M+UH$l&jZdCa
zyJf?tS3R?L?uPpNzwqLt5BHvR<!zT1Hh=kx&n{TH<*Ao8EIqw(%;53kN2Lq(?cI>v
z=$o7#Z~V_(a^uwO{Epwv?*C9exzU;)mW>`%v*Bfr9iNW7bH^iPYtJ29_J?Dic(L)E
zv1LErlBWMyHg8H+qfCe!S$+3<rC!Ho_x~izGidk+et7EGbRSXox54&zQpc$KJKy+$
z0?Xb`JvSYjUYCJq%gUyVPVbL8`23N6+*p?GKk9+*_ujp!chm!2?@-Ubdsn)jsE0bw
zQ2jR@lU~oLLydQS{{(i9NqwX4-|Y8}K6OI6Uex!F7<kY2Z2XE7(s`T553B=6ANbME
z?Dg}ZiD{n$U(pI9SzyQR^z|<4fo8q_xb$%o^+4A<+U74CmHI_J+V+3A@Arl5^HtQ5
zzMm=C=eMXME${a1^Lo^gmT%be#QSj6K@E4lmA-yQ&1J9WQ3nnGzz?@&-+!Zi;0*>X
zn9IH|M;&zfs6SkseO`@v)Po#kfQ94I_wT5~-M%mTybyJ``yFoU_hr{3>QMPN?@3=z
zqYgFxV4ok8HQb#2`s=~&uO9&d1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5Eu@DHM?`kvQdYl
zhcyWhAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5~pfoD$4Ct;%=KFK8|K!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!CvEEl@r&{qtK<5AWSbPk;ac0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNB!V^1zYh)RS20RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfWZC;Y#*ObhDY6>xyBM8K!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oN~h1U8RK|9<bNN8A4GmjD3*1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!CvEEU@jE^xq?kdN}Vzb^-(l5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB=Ev7ubGmK4}tl_&e%AfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72n-g;os>`RiaPkbV*&&S5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5;&0~1(rV*2+%M?J9B
z%qBp9009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UATYcFQ;$ji|JbO*+s*0(2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oM-K0uLRR
zPr^hUImsj;K!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0!OaEns;)^=As_CJGC<c1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF9NhwU
zPs%3%QIBp7yC*<^009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkL{Km__G<&)`A4`eNK2@oJafB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5ctgkJ9g!g0a1VRXlDr!
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZAO!j*<dd6G<9?L@0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009DrTA*=nE{PEJQ0LK~009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&U7=D5Aqw-0UsKeh;2Lc2L5FkK+009C72oNAZfB*pk1PBlyKwzW^>>Qi^enHfc
zmQNl61PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZVB`r*JvROO3Zjm@gaZ>jc0!sr>cF#(2oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBl~k_F1g=acP4J(BloZv+SsAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UIGP1EkI5(7k9ss)*gF9N1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB=ERUEqb|(?1Us^>E*h`~(OPAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF96Eu<vH7HV)I*m<X95HW5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfWW~K*f=hqG>Up~y6QrJ009C72oNAZfB*pk1PBl~
zcmg}$$tBIA9=y&v5g<T-009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C=s=&et`DANRkJNqI7XbnU2oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBn=AAzZRa>?+h`!m;A0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAVA>A
z5V-!W^xrdzdSvX%E(j1HK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0tAi}fyJZq$yTBsDf_Yy0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&Q78w6_F1ah};PZ|N5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&U`0WMyM(2~sQGffD%p^d7009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBl~7y_H$&LwT4
z9*mxP5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7csf#DXIvMZOgh&tT;
ztWSUd0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5;&LnW}OET6QFdZ=>f
zOMn0Y0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5I9r<xk>q?b<{(ZLtg>}2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyKw#tw?AV)2!bKgqNhKpdfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyP*yf7Ls*;D
z>t4Th?S}t);<JNoc23MEcisCtX&s#nC><YDyxn$5Lqkhj?Yyd4h02P2d45K&tD}9^
zoY@_P_V$jh$~nttcT}{`E-#;z%`43*{gkJr?AeCD`sQP=-v6`gu<ZJ`a>>nDH*&7e
z2Hbno|6W(S?W-S+@lhk^GlO!Lj+2~qbE_BD*4LDx&hD!0?8q(enpH7p`K+$O%-qbb
z8HMGA!kn2E%V&4y3Z*q8=gh3Ze^>SVwD%)-oE`n9?8<WPTQ@lsc{{R!6+J(jb@8-u
zKZtozBk#^EZ}cl2m)2-o*wEZkKew)?>e|9p>k6yaU(ngr-d$LILB)(@i5OpzEqLFR
zt-D8epZ%j)f5nOE_3B?II}!P=%#M4vUj3uJ^|$<K%!?ZNPR-Vd>s~reJeykUTWafS
z+M25y8f&V0Z|Gg$wW>Hda#dyvU9stoyFT%)>377sYj$UD1Lp60JT_$mpZnY&edor%
z{odl37d3KSJSbP`xYWC`skWi1wq;3G79jG(<89POw|;r_^e?q;IyUtg|8|-u=7rCa
ztl`AEA58wjqT0>TKWgNN<Cqu6%}bgWH7sbGKexJeQ7KM5jv~*TY~Yqvm)4wh{^Vaj
zls(UKlhRy+=J!8e3)#F&tIxmj!7X#2iGESvXRg|LHO0#}zqY0+yL6q|0+BCGQM@iU
z)_rxu(<eU=>)$;v-@bLS0pU=e9p}c~b<aDKFPt9pqYjm`t+n_>Enc+9^NDQYEf<Yi
z|62XtTVtIad$Pw<aeV2%!Tle;`)`(Bee%-27$0@W{tN#9{u8&|_U0S^cFHefoyNUc
z|Kj-4ebGNWmsQl=_sXLiPml3YhwR^6v#7Sdb#YsDLw!rl;+CpwR(JHQUf#XBtMj<h
z8sU<5FDpC#<)t5<{9wcDvHp(8HE5m4SC<W3`>m$F&$iyv9P^?Mm9M49Q+n-*93Rgn
z)_?P3T_68q;XAR;ns?HK#qr5q(f?D~fSZ2$-9LHl`M-|0hnQA2RR6Y?rn&XajSWpL
zRiEj(X5H$-%5-YvNna()%1-*H&z(80Z0Cn#;TMiiAKClnr)MHpJZ|ToFmCzR#-4X}
z%!@i?uErE5a>V2Iu|4<v`zz-@dseKosVvJ;9ACOG`nP5Srv6^fKkWSTd$-2;s6+Oz
zZm6q!*K;~@T#zmB@XEC-+dp(g|Knu*s4PcmUU5w1=*q^wuzTlok6-ud%h5mTkU44=
z*Hlfvrgz=+mEG;r)3=AtsKrGhSNLo>{;69oy6eP~WBtvMtGG_-zQ}b&HsJT?{Kwxl
zb>H|eF+S>$xvJ~t6`xqeY`yK>tEYFb?oK~hM4ot`sQmf^-`=_P;{NMD^_Xx<=SQCQ
ztnqVqK6*>jsb5+ZIie1oXKrI#&HVW_)h)G`)l^k1@Bc|xh+Of0I(yIQr=0VZH~u-+
z-`1b&-Rtc0iq9br-rCyt$ey=fig{6o%vXFPYN@H4*H*otsiC#8DiNF3+tIToeS}25
zct6Yk>!(&8_sH!NWBtXWGq-{3^k2_q*}&88T{7YGXWX_e=0$zq`C991TdGQzGYuEH
zW@igMf9FN7+;ZWJpTxR-gL9SU7f;4@{d6|)@5e2EU~S($`~UhB`)yuSTU}Fi!L;6$
z-5o`;$Q9S~lQ(bp{*%w{XpCH&#|-jH=I_h3EE{;)t!?N2&+V6&A`kc(%B#9zUQOHl
z+C{~WZ0kCvcl505n*N!d_GulFD?U$tqy3FDu3!4};#hoY_Ias)es&_f;&tnkE6ZP8
zwRmOvq>9PK`o3}{Ps}-$rFV?Md0xJ~@}<|`JoAQFa{IgUl;&k8BF|OX@l(yWFMIlr
zS6v(PqQ0*@^IPkyi*GOOZC$In*SB@{tnO-C)z#ZuxT@<t`BqH%?#*{Uytn`JSmW6A
zI;LL5bq3|TJUebaZ^rpscTK%Nazz~~-=z(gv^CW<w=Qa_D&^|W6YqQf_{5VN$Gkar
zLjQVMo_+JuGvO6LlP>&=>tFre<-dq|QHRP?TYp(Y_1u=)hWg|i)~w1x*YaHX@{Z**
zW|imi?G+U>W*0hVSIp>|Ju{bk*XO!;em*+s4?h3vj;mjcejCT7egoDmo{YRpvVrR+
zKk>+#({?=-^P&!wH+i|Zs%!oF8>X!<tSjEgCdT6~-j^=<)z{m8{I!+^v2OYJG*|X=
z(Vr(C|3B<|K7Y#j=Y2oMM;$6p>AJKmDSeY#-?OGTDRRX7(UZM*&AV{Sx0l9x+p`=o
zFI;-F0lTLy`Nf%+t=b*qqYjm$uBN$p?t<iNa=x>oP$<lp(^*+wF{`}2GhaEga`vp5
zxk90HM){0f`U(~~<8im~>>JLzsry%3SDcVKEu4_nee0%4B5(YH!|kX2^5>Jfm%J7^
zqrT6)Rn0}VHC>%k(u+Ce-B)(X1ydIFT-CjLO5?hoRcqGwPAjb)x#Nq;&vSpd;;xT8
z`FQlroireK|8;K42F!h-@Rfy6-B=srqYjm~biIn75G(W9g^e6ZsNy0mKm4<stNxE2
z`+1G4hywr~&;;wHC`y$IZdGVO37a%Yx5XT4X~iFHN?Spt64SV8(rohDZA^*?DrnJy
zQpH31AJjxdJb3bAK&X02=}GV)7PNSfiU)HL@qOREF=1)VrN_^Mm$#Fh_nkMNotZZ?
zC;$2>#k+WC>p5EYt+xO4JKs0@_Qk6MD}SW?>AK!?3?CkP?$DmS`53bM*<u|Ze-0nn
zz5n1~&yL<5wVql}b!Tm0pr^XM2$`PqiL!vD`}g%Pb-uVIl~*m-uQ!j|%9-{NQio0L
z;Qi%KJ5D{^)p70jXYPpqJw0;%qYu7+^627Mzr1mD^TFG%ZRnmJzIXn$*dL0$m*xD7
zy@Xi5pU=;2`8qJxg0UWpwNI=&uIFdWvty1M^U0XQ#e6B|B=P=_cWu1a;$0Hs_4WLW
zaVPqC^si{UEBP6}L8@O@S>bJ|;^j5GYx&;IrLx_mdc9D7KQ{2#^z1?!Rr2>?xh{%(
z;;7!;x+dpHM~u~V%HU+ZIbClQxmVjkihu3=-gB2{Us@`^E==NcivN6D{76Uqwta?J
zau-K>{+G-2*^3K*Uiolpu}l`;@j1nRvn_t4*Ti4lCn&3t;!l<VH*Nf^KD(*&yA(fN
zQ~Z=p_oZ}dZ~KQ13>_Id@YJ5+)rP#iuiD?&*H>gsuIW8|YQsIXM}M9FJH@$F?kD|E
zydrBVKW&&@=zVMN#<9*~O&%Gdy~MHJbC=`c;GS&ybk?Zvs+^vim>C_Pm_A;a$tt5+
zBVW{3#+oBj^~$kV$HwZ-$}9ERd<I$R8K|D=uXdz<G+vapI-V___;@AD`%&k6t$y3y
zj~>}@_3{^+C%(Q>KZ><+>_5dG&q{uNo{!--YwuCN)Yjt>ZbiPbD#hhi#9RA(>32)}
z4%xdue)8?>x20)MF`h)hYwwA4x-UM*@!x*x;IS;5oXeW!iZA6m(aP4**Zs{u^Jgdb
zmC3?0KCc_U9G7p@o_qUhJ9m^5^i<xtvViXF!TGx`%<oR+#cvnKdgY~dI5S>vPK`8%
z^OgFp%Axx4iF`k|8Sm59|0~C{*?joPnw705v$=Y6c%;$DMn`6{=GIn;?d>t8AMg6|
z=YtP*b^NgSK#{S%J^uF2ncDJ}a|@|GrZIhOTa3Nz=%4XUzFE6yujj4K*Q%wz1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF
z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0{^x{#{vKV004vh
zt*5c05HeuEfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA
zz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEj
zFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r
z3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@
z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VK
zfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5
zV8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM
z7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*
z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd
z0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA
zz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEj
zFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r
z3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@
z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VK
zfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5
zV8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM
z7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*
z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd
z0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA
zz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEj
zFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r
z3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@
z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VK
zfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5
zV8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM
z7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*
z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd
z0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA
zz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEj
zFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r
z3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@
z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VK
zfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5
zV8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM
z7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*
z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd
z0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA
zz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEj
zFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r
z3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@
z0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VK
zfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5
zV8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM
z7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*
z1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd
z0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwA
zz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM7%*VKfB^#r3>YwAz<>b*1`HT5V8DO@0|pHI
F1_DFgaufgn

literal 0
HcmV?d00001

diff --git a/filebeat/module/system/syslog/test/debian12.journal-expected.json b/filebeat/module/system/syslog/test/debian12.journal-expected.json
new file mode 100644
index 00000000000..dddd935e553
--- /dev/null
+++ b/filebeat/module/system/syslog/test/debian12.journal-expected.json
@@ -0,0 +1,72 @@
+[
+    {
+        "event.dataset": "system.syslog",
+        "event.kind": "event",
+        "event.module": "system",
+        "fileset.name": "syslog",
+        "host.hostname": "vagrant-debian-12",
+        "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
+        "input.type": "journald",
+        "log.syslog.facility.code": 3,
+        "log.syslog.priority": 6,
+        "message": "Stopped target getty.target - Login Prompts.",
+        "process.args": [
+            "/sbin/init"
+        ],
+        "process.args_count": 1,
+        "process.command_line": "/sbin/init",
+        "process.pid": "1",
+        "related.hosts": [
+            "vagrant-debian-12"
+        ],
+        "service.type": "system",
+        "tags": [
+            "journald",
+            "syslog"
+        ],
+        "user.group.id": "0",
+        "user.id": "0"
+    },
+    {
+        "event.dataset": "system.syslog",
+        "event.kind": "event",
+        "event.module": "system",
+        "fileset.name": "syslog",
+        "host.hostname": "vagrant-debian-12",
+        "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
+        "input.type": "journald",
+        "log.syslog.facility.code": 0,
+        "log.syslog.priority": 6,
+        "message": "Console: switching to colour frame buffer device 160x50",
+        "process.pid": "",
+        "related.hosts": [
+            "vagrant-debian-12"
+        ],
+        "service.type": "system",
+        "tags": [
+            "journald",
+            "syslog"
+        ]
+    },
+    {
+        "event.dataset": "system.syslog",
+        "event.kind": "event",
+        "event.module": "system",
+        "fileset.name": "syslog",
+        "host.hostname": "bookworm",
+        "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
+        "input.type": "journald",
+        "log.syslog.facility.code": 0,
+        "log.syslog.priority": 6,
+        "message": "thermal_sys: Registered thermal governor 'power_allocator'",
+        "process.pid": "",
+        "related.hosts": [
+            "bookworm"
+        ],
+        "service.type": "system",
+        "tags": [
+            "journald",
+            "syslog"
+        ]
+    }
+]
\ No newline at end of file

From ae126c8214acba7d41a4079219c05439bc743680 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Wed, 2 Oct 2024 09:21:14 -0400
Subject: [PATCH 14/38] Fix lint issues, update docs and changelog

---
 CHANGELOG.next.asciidoc                           |  1 +
 filebeat/docs/include/var-paths.asciidoc          |  6 +++++-
 filebeat/docs/inputs/input-journald.asciidoc      |  7 +++++++
 filebeat/docs/modules/system.asciidoc             |  4 ++--
 filebeat/fileset/fileset.go                       | 11 +++++------
 filebeat/module/system/_meta/config.reference.yml |  4 ++--
 6 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index d3022fce790..46ad0c0733e 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -324,6 +324,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 - Improved GCS input documentation. {pull}41143[41143]
 - Add CSV decoding capacity to azureblobstorage input {pull}40978[40978]
 - Add CSV decoding capacity to gcs input {pull}40979[40979]
+- Jounrald input now supports filtering by facilities {pull}41061[41061]
 
 *Auditbeat*
 
diff --git a/filebeat/docs/include/var-paths.asciidoc b/filebeat/docs/include/var-paths.asciidoc
index dae14a9e22b..37008094afe 100644
--- a/filebeat/docs/include/var-paths.asciidoc
+++ b/filebeat/docs/include/var-paths.asciidoc
@@ -6,4 +6,8 @@ are also supported here. For example, you can use wildcards to fetch all files
 from a predefined level of subdirectories: `/path/to/log/*/*.log`. This
 fetches all `.log` files from the subfolders of `/path/to/log`. It does not
 fetch log files from the `/path/to/log` folder itself. If this setting is left
-empty, {beatname_uc} will choose log paths based on your operating system.
\ No newline at end of file
+empty, {beatname_uc} will choose log paths based on your operating system.
+ifdef::journald[]
+When Jounrald is used, `var.paths` defines which journal files should
+be read, if left unset the default journal will be used.
+endif::[]
diff --git a/filebeat/docs/inputs/input-journald.asciidoc b/filebeat/docs/inputs/input-journald.asciidoc
index a4433e67ce0..a0402d4e583 100644
--- a/filebeat/docs/inputs/input-journald.asciidoc
+++ b/filebeat/docs/inputs/input-journald.asciidoc
@@ -169,6 +169,13 @@ Valid transports:
 * stdout: messages from a service's standard output or error output
 * kernel: messages from the kernel
 
+[float]
+[id="{beatname_lc}-input-{type}-facilities"]
+==== `facilities`
+
+Filter entries by facilities, facilities must be specified using their
+numeric code.
+
 [float]
 [id="{beatname_lc}-input-{type}-include-matches"]
 ==== `include_matches`
diff --git a/filebeat/docs/modules/system.asciidoc b/filebeat/docs/modules/system.asciidoc
index fcdf8f2a993..0bffeb04a0a 100644
--- a/filebeat/docs/modules/system.asciidoc
+++ b/filebeat/docs/modules/system.asciidoc
@@ -23,7 +23,7 @@ include::../include/gs-link.asciidoc[]
 === Compatibility
 
 This module was tested with logs from OSes like Ubuntu 12.04, Centos 7, and
-macOS Sierra.
+macOS Sierra. For Debian 12 Journald is used to read the system logs.
 
 This module is not available for Windows.
 
@@ -69,7 +69,7 @@ include::../include/use-journald.asciidoc[]
 
 [float]
 ==== `auth` fileset settings
-
+:journald:
 include::../include/var-paths.asciidoc[]
 
 include::../include/use-journald.asciidoc[]
diff --git a/filebeat/fileset/fileset.go b/filebeat/fileset/fileset.go
index b21ae9a778a..68766699b16 100644
--- a/filebeat/fileset/fileset.go
+++ b/filebeat/fileset/fileset.go
@@ -24,7 +24,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -145,11 +144,11 @@ type ProcessorRequirement struct {
 func (fs *Fileset) readManifest() (*manifest, error) {
 	cfg, err := common.LoadFile(filepath.Join(fs.modulePath, fs.name, "manifest.yml"))
 	if err != nil {
-		return nil, fmt.Errorf("Error reading manifest file: %v", err)
+		return nil, fmt.Errorf("Error reading manifest file: %w", err)
 	}
 	manifest, err := newManifest(cfg)
 	if err != nil {
-		return nil, fmt.Errorf("Error unpacking manifest: %v", err)
+		return nil, fmt.Errorf("Error unpacking manifest: %w", err)
 	}
 	return manifest, nil
 }
@@ -248,7 +247,7 @@ func resolveVariable(vars map[string]interface{}, value interface{}) (interface{
 			if ok {
 				transf, err := ApplyTemplate(vars, s, false)
 				if err != nil {
-					return nil, fmt.Errorf("array: %v", err)
+					return nil, fmt.Errorf("array: %w", err)
 				}
 				transformed = append(transformed, transf)
 			} else {
@@ -359,7 +358,7 @@ func (fs *Fileset) getInputConfig() (*conf.C, error) {
 	if err != nil {
 		return nil, fmt.Errorf("Error expanding vars on the input path: %w", err)
 	}
-	contents, err := ioutil.ReadFile(filepath.Join(fs.modulePath, fs.name, path))
+	contents, err := os.ReadFile(filepath.Join(fs.modulePath, fs.name, path))
 	if err != nil {
 		return nil, fmt.Errorf("Error reading input file %s: %w", path, err)
 	}
@@ -445,7 +444,7 @@ func (fs *Fileset) GetPipelines(esVersion version.V) (pipelines []pipeline, err
 			return nil, fmt.Errorf("Error expanding vars on the ingest pipeline path: %w", err)
 		}
 
-		strContents, err := ioutil.ReadFile(filepath.Join(fs.modulePath, fs.name, path))
+		strContents, err := os.ReadFile(filepath.Join(fs.modulePath, fs.name, path))
 		if err != nil {
 			return nil, fmt.Errorf("Error reading pipeline file %s: %w", path, err)
 		}
diff --git a/filebeat/module/system/_meta/config.reference.yml b/filebeat/module/system/_meta/config.reference.yml
index 5c82be06848..e8bbb81077d 100644
--- a/filebeat/module/system/_meta/config.reference.yml
+++ b/filebeat/module/system/_meta/config.reference.yml
@@ -3,7 +3,7 @@
   #syslog:
     #enabled: true
 
-    # Set custom paths for the log files. If left empty,
+    # Set custom paths for log or journal files. If left empty,
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 
@@ -26,7 +26,7 @@
   #auth:
     #enabled: true
 
-    # Set custom paths for the log files. If left empty,
+    # Set custom paths for log or journal files. If left empty,
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 

From 4b0657288a26597c19d1536251668f5d03b16762 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Wed, 2 Oct 2024 10:31:47 -0400
Subject: [PATCH 15/38] fix tests and improve docs

---
 CHANGELOG-developer.next.asciidoc                   |  1 +
 filebeat/docs/include/var-paths.asciidoc            |  4 ----
 filebeat/docs/modules/system.asciidoc               |  2 +-
 filebeat/fileset/fileset.go                         |  3 +++
 filebeat/module/system/_meta/config.reference.yml   |  7 +++++++
 filebeat/module/system/_meta/config.yml             |  7 +++++++
 filebeat/module/system/auth/config/auth.yml         | 12 +++---------
 .../auth/test/debian-12.journal-expected.json       |  8 --------
 filebeat/module/system/syslog/config/syslog.yml     |  7 ++-----
 filebeat/tests/system/test_modules.py               | 13 ++++++++++---
 10 files changed, 34 insertions(+), 30 deletions(-)

diff --git a/CHANGELOG-developer.next.asciidoc b/CHANGELOG-developer.next.asciidoc
index 92d93f88b98..1ed05fc255a 100644
--- a/CHANGELOG-developer.next.asciidoc
+++ b/CHANGELOG-developer.next.asciidoc
@@ -207,6 +207,7 @@ The list below covers the major changes between 7.0.0-rc2 and main only.
 - Added filebeat debug histograms for s3 object size and events per processed s3 object. {pull}40775[40775]
 - Simplified GCS input state checkpoint calculation logic. {issue}40878[40878] {pull}40937[40937] 
 - Simplified Azure Blob Storage input state checkpoint calculation logic. {issue}40674[40674] {pull}40936[40936]
+- Filebeat module template now support 'append' function {pull}41061[41061]
 
 ==== Deprecated
 
diff --git a/filebeat/docs/include/var-paths.asciidoc b/filebeat/docs/include/var-paths.asciidoc
index 37008094afe..ea6f7d1c6ae 100644
--- a/filebeat/docs/include/var-paths.asciidoc
+++ b/filebeat/docs/include/var-paths.asciidoc
@@ -7,7 +7,3 @@ from a predefined level of subdirectories: `/path/to/log/*/*.log`. This
 fetches all `.log` files from the subfolders of `/path/to/log`. It does not
 fetch log files from the `/path/to/log` folder itself. If this setting is left
 empty, {beatname_uc} will choose log paths based on your operating system.
-ifdef::journald[]
-When Jounrald is used, `var.paths` defines which journal files should
-be read, if left unset the default journal will be used.
-endif::[]
diff --git a/filebeat/docs/modules/system.asciidoc b/filebeat/docs/modules/system.asciidoc
index 0bffeb04a0a..88cb1f78a1c 100644
--- a/filebeat/docs/modules/system.asciidoc
+++ b/filebeat/docs/modules/system.asciidoc
@@ -69,7 +69,7 @@ include::../include/use-journald.asciidoc[]
 
 [float]
 ==== `auth` fileset settings
-:journald:
+
 include::../include/var-paths.asciidoc[]
 
 include::../include/use-journald.asciidoc[]
diff --git a/filebeat/fileset/fileset.go b/filebeat/fileset/fileset.go
index 68766699b16..03e7d4237c6 100644
--- a/filebeat/fileset/fileset.go
+++ b/filebeat/fileset/fileset.go
@@ -317,6 +317,9 @@ func getTemplateFunctions(vars map[string]interface{}) (template.FuncMap, error)
 				builtinVars["beatVersion"].(string),
 			)
 		},
+		"append": func(s []any, vals ...any) []any {
+			return append(s, vals...)
+		},
 	}, nil
 }
 
diff --git a/filebeat/module/system/_meta/config.reference.yml b/filebeat/module/system/_meta/config.reference.yml
index e8bbb81077d..054109098d7 100644
--- a/filebeat/module/system/_meta/config.reference.yml
+++ b/filebeat/module/system/_meta/config.reference.yml
@@ -41,6 +41,13 @@
     # to collect system logs. If both are true,
     # then journald is used.
 
+    # A list of tags to include in events. Including 'forwarded'
+    # indicates that the events did not originate on this host and
+    # causes host.name to not be added to events. Include
+    # 'preserve_orginal_event' causes the pipeline to retain the raw log
+    # in event.original. Defaults to [].
+    #var.tags
+
     # Input configuration (advanced). Any input configuration option
     # can be added under this section.
     #input:
diff --git a/filebeat/module/system/_meta/config.yml b/filebeat/module/system/_meta/config.yml
index 7dbbbf3e7e4..feb8db0410b 100644
--- a/filebeat/module/system/_meta/config.yml
+++ b/filebeat/module/system/_meta/config.yml
@@ -36,3 +36,10 @@
     # Filebeat will autodetect whether use journald
     # to collect system logs. If both are true,
     # then journald is used.
+
+    # A list of tags to include in events. Including forwarded
+    # indicates that the events did not originate on this host and
+    # causes host.name to not be added to events. Include
+    # preserve_orginal_event causes the pipeline to retain the raw log
+    # in event.original. Defaults to [].
+    #var.tags
diff --git a/filebeat/module/system/auth/config/auth.yml b/filebeat/module/system/auth/config/auth.yml
index 4f9a5cbb3c7..a8ee771c883 100644
--- a/filebeat/module/system/auth/config/auth.yml
+++ b/filebeat/module/system/auth/config/auth.yml
@@ -1,19 +1,13 @@
 {{ define "journald" }}
 type: journald
 id: system-auth
-paths:
-{{ range $i, $path := .paths }}
- - {{$path}}
-{{ end }}
 
 facilities:
   - 4
   - 10
-processors:
-  - add_locale: ~
-tags:
-  - journald
-  - auth
+
+tags: {{ append .tags "journald" "auth" | tojson }}
+
 {{ end }}
 
 {{define "log-files" }}
diff --git a/filebeat/module/system/auth/test/debian-12.journal-expected.json b/filebeat/module/system/auth/test/debian-12.journal-expected.json
index 8bca8480c2a..d5185954234 100644
--- a/filebeat/module/system/auth/test/debian-12.journal-expected.json
+++ b/filebeat/module/system/auth/test/debian-12.journal-expected.json
@@ -9,7 +9,6 @@
         "event.kind": "event",
         "event.module": "system",
         "event.outcome": "success",
-        "event.timezone": "-02:00",
         "event.type": [
             "info"
         ],
@@ -59,7 +58,6 @@
         "event.kind": "event",
         "event.module": "system",
         "event.outcome": "failure",
-        "event.timezone": "-02:00",
         "event.type": [
             "info"
         ],
@@ -107,7 +105,6 @@
         "event.kind": "event",
         "event.module": "system",
         "event.outcome": "failure",
-        "event.timezone": "-02:00",
         "event.type": [
             "info"
         ],
@@ -157,7 +154,6 @@
         "event.kind": "event",
         "event.module": "system",
         "event.outcome": "failure",
-        "event.timezone": "-02:00",
         "event.type": [
             "info"
         ],
@@ -207,7 +203,6 @@
         "event.kind": "event",
         "event.module": "system",
         "event.outcome": "failure",
-        "event.timezone": "-02:00",
         "event.type": [
             "info"
         ],
@@ -252,7 +247,6 @@
         "event.dataset": "system.auth",
         "event.kind": "event",
         "event.module": "system",
-        "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "vagrant-debian-12",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
@@ -298,7 +292,6 @@
         "event.kind": "event",
         "event.module": "system",
         "event.outcome": "success",
-        "event.timezone": "-02:00",
         "event.type": [
             "creation",
             "group"
@@ -338,7 +331,6 @@
         "event.dataset": "system.auth",
         "event.kind": "event",
         "event.module": "system",
-        "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "vagrant-debian-12",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
diff --git a/filebeat/module/system/syslog/config/syslog.yml b/filebeat/module/system/syslog/config/syslog.yml
index 71145385846..86e940d5da7 100644
--- a/filebeat/module/system/syslog/config/syslog.yml
+++ b/filebeat/module/system/syslog/config/syslog.yml
@@ -2,11 +2,6 @@
 type: journald
 id: system-syslog
 
-paths:
-{{ range $i, $path := .paths }}
- - {{$path}}
-{{ end }}
-
 facilities:
   - 0
   - 1
@@ -20,9 +15,11 @@ facilities:
   - 11
   - 12
   - 15
+
 tags:
   - journald
   - syslog
+
 {{ end }}
 
 {{define "log-files" }}
diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py
index be1898baa9c..65428a13bb5 100644
--- a/filebeat/tests/system/test_modules.py
+++ b/filebeat/tests/system/test_modules.py
@@ -178,8 +178,6 @@ def run_on_file(self, module, fileset, test_file, cfgfile):
                 module=module, fileset=fileset),
             "-M", "{module}.{fileset}.var.input=file".format(
                 module=module, fileset=fileset),
-            "-M", "{module}.{fileset}.var.paths=[{test_file}]".format(
-                module=module, fileset=fileset, test_file=test_file),
             "-M", "*.*.input.close_eof=true",
         ]
         # allow connecting older versions of Elasticsearch
@@ -197,11 +195,20 @@ def run_on_file(self, module, fileset, test_file, cfgfile):
             cmd.append("-M")
             cmd.append("{module}.{fileset}.var.use_journald=true".format(
                 module=module, fileset=fileset))
+            cmd.append("-M")
+            cmd.append("{module}.{fileset}.input.paths=[{test_file}]".format(
+                module=module, fileset=fileset, test_file=test_file))
+        else:
+            cmd.append("-M")
+            cmd.append("{module}.{fileset}.var.paths=[{test_file}]".format(
+                module=module, fileset=fileset, test_file=test_file))
 
         output_path = os.path.join(self.working_dir)
         # Runs inside a with block to ensure file is closed afterwards
         with open(os.path.join(output_path, "output.log"), "ab") as output:
-            output.write(bytes(" ".join(cmd) + "\n", "utf-8"))
+            output.write(bytes("Command run: ", "utf-8"))
+            output.write(bytes(" ".join(cmd) + "\n\n", "utf-8"))
+            output.flush()
 
             # Use a fixed timezone so results don't vary depending on the environment
             # Don't use UTC to avoid hiding that non-UTC timezones are not being converted as needed,

From dd7b43a9f0eabd83afa0772bf7ed72cdbec9c267 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Wed, 2 Oct 2024 10:48:35 -0400
Subject: [PATCH 16/38] Improve template documentation

---
 filebeat/module/system/auth/config/auth.yml     | 17 +++++++++++++++++
 filebeat/module/system/syslog/config/syslog.yml | 17 +++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/filebeat/module/system/auth/config/auth.yml b/filebeat/module/system/auth/config/auth.yml
index a8ee771c883..7fe0440dfda 100644
--- a/filebeat/module/system/auth/config/auth.yml
+++ b/filebeat/module/system/auth/config/auth.yml
@@ -1,3 +1,20 @@
+{{/*
+ We use the template to detect the OS and select the correct input:
+ log or journald. Here is how it works:
+
+ First we define two blocks, 'journald'  and 'log-files', each one
+ containing the configuration for the journald input and log input,
+ respectively. Then we define the variable '$journaldDetected' as
+ false and check OS version and OS family, if journald should be used,
+ we set '$journaldDetected' to true. The last step is an if/else block
+ to decide which input to use based on the user defined
+ 'use_journald', 'use_logs' and '$journaldDetected' that we set.
+
+ 'use_journald', 'use_logs' take precedence over '$journaldDetected',
+ if both 'use_journald', 'use_logs' are set to true, then journald is
+ used.
+*/}}
+
 {{ define "journald" }}
 type: journald
 id: system-auth
diff --git a/filebeat/module/system/syslog/config/syslog.yml b/filebeat/module/system/syslog/config/syslog.yml
index 86e940d5da7..507861c2a10 100644
--- a/filebeat/module/system/syslog/config/syslog.yml
+++ b/filebeat/module/system/syslog/config/syslog.yml
@@ -1,3 +1,20 @@
+{{/*
+ We use the template to detect the OS and select the correct input:
+ log or journald. Here is how it works:
+
+ First we define two blocks, 'journald'  and 'log-files', each one
+ containing the configuration for the journald input and log input,
+ respectively. Then we define the variable '$journaldDetected' as
+ false and check OS version and OS family, if journald should be used,
+ we set '$journaldDetected' to true. The last step is an if/else block
+ to decide which input to use based on the user defined
+ 'use_journald', 'use_logs' and '$journaldDetected' that we set.
+
+ 'use_journald', 'use_logs' take precedence over '$journaldDetected',
+ if both 'use_journald', 'use_logs' are set to true, then journald is
+ used.
+*/}}
+
 {{ define "journald" }}
 type: journald
 id: system-syslog

From 24f9895b4ab84a76c15d3e6f59742b0dab83843b Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Wed, 2 Oct 2024 12:46:12 -0400
Subject: [PATCH 17/38] Update docs and tests

---
 filebeat/filebeat.reference.yml               |  7 +++
 filebeat/input/journald/README.md             | 57 +++++++++++++++++++
 .../journald/pkg/journalctl/reader_test.go    |  2 +-
 .../module/system/_meta/config.reference.yml  |  4 +-
 filebeat/module/system/_meta/docs.asciidoc    |  2 +-
 filebeat/modules.d/system.yml.disabled        |  7 +++
 6 files changed, 75 insertions(+), 4 deletions(-)
 create mode 100644 filebeat/input/journald/README.md

diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml
index c4df2ce7c31..be9785324ea 100644
--- a/filebeat/filebeat.reference.yml
+++ b/filebeat/filebeat.reference.yml
@@ -55,6 +55,13 @@ filebeat.modules:
     # to collect system logs. If both are true,
     # then journald is used.
 
+    # A list of tags to include in events. Including 'forwarded'
+    # indicates that the events did not originate on this host and
+    # causes host.name to not be added to events. Include
+    # 'preserve_orginal_event' causes the pipeline to retain the raw log
+    # in event.original. Defaults to [].
+    #var.tags
+
     # Input configuration (advanced). Any input configuration option
     # can be added under this section.
     #input:
diff --git a/filebeat/input/journald/README.md b/filebeat/input/journald/README.md
new file mode 100644
index 00000000000..67038bd7623
--- /dev/null
+++ b/filebeat/input/journald/README.md
@@ -0,0 +1,57 @@
+# Journald input
+
+The Journald input reads journal entries by calling `journalctl`.
+
+## Adding entries to the journal
+The easiest way to add entries to the journal is to use `systemd-cat`:
+```
+root@vagrant-debian-12:~/filebeat# echo "Hello Journal!" | systemd-cat
+root@vagrant-debian-12:~/filebeat# journalctl -n 1
+Oct 02 04:17:01 vagrant-debian-12 CRON[1912]: pam_unix(cron:session): session closed for user root
+```
+
+The syslog identifier can be specified with the `-t` parameter:
+```
+root@vagrant-debian-12:~/filebeat# echo "Hello Journal!" | systemd-cat -t my-test
+root@vagrant-debian-12:~/filebeat# journalctl -n 1
+Oct 02 04:17:50 vagrant-debian-12 my-test[1924]: Hello Journal!
+```
+
+## Crafting a journal file
+The easiest way to craft a journal file with the entries you need is
+to use
+[`systemd-journald-remote`](https://www.freedesktop.org/software/systemd/man/latest/systemd-journal-remote.service.html).
+First we need to export some entries to a file:
+```
+root@vagrant-debian-12:~/filebeat# journalctl -g "Hello" -o export >export
+```
+One good thing of the `-o export` is that you can just concatenate the
+output of any number of runs and the result will be a valid file.
+
+Then you can use `systemd-journald-remote` to generate the journal
+file:
+```
+root@vagrant-debian-12:~/filebeat# /usr/lib/systemd/systemd-journal-remote -o example.journal export
+Finishing after writing 2 entries
+``
+Or you can run as a one liner:
+```
+root@vagrant-debian-12:~/filebeat# journalctl -g "Hello" -o export | /usr/lib/systemd/systemd-journal-remote -o example.journal -
+```
+
+Then you can read the newly created file:
+```
+root@vagrant-debian-12:~/filebeat# journalctl --file ./example.journal
+Oct 02 04:16:54 vagrant-debian-12 unknown[1908]: Hello Journal!
+Oct 02 04:17:50 vagrant-debian-12 my-test[1924]: Hello Journal!
+root@vagrant-debian-12:~/filebeat# 
+```
+
+Bear in mind that `systemd-journal-remote` will **append** to the
+output file.
+
+## References
+- https://systemd.io/JOURNAL_NATIVE_PROTOCOL/
+- https://www.freedesktop.org/software/systemd/man/latest/journalctl.html
+- https://www.freedesktop.org/software/systemd/man/latest/systemd-cat.html
+- https://www.freedesktop.org/software/systemd/man/latest/systemd-journal-remote.service.html
diff --git a/filebeat/input/journald/pkg/journalctl/reader_test.go b/filebeat/input/journald/pkg/journalctl/reader_test.go
index 2cd29e83a35..af3837fd09c 100644
--- a/filebeat/input/journald/pkg/journalctl/reader_test.go
+++ b/filebeat/input/journald/pkg/journalctl/reader_test.go
@@ -97,7 +97,7 @@ func TestRestartsJournalctlOnError(t *testing.T) {
 		return &mock, nil
 	}
 
-	reader, err := New(logp.L(), ctx, nil, nil, nil, journalfield.IncludeMatches{}, SeekHead, "", 0, "", factory)
+	reader, err := New(logp.L(), ctx, nil, nil, nil, journalfield.IncludeMatches{}, []int{}, SeekHead, "", 0, "", factory)
 	if err != nil {
 		t.Fatalf("cannot instantiate journalctl reader: %s", err)
 	}
diff --git a/filebeat/module/system/_meta/config.reference.yml b/filebeat/module/system/_meta/config.reference.yml
index 054109098d7..fe23d4eb897 100644
--- a/filebeat/module/system/_meta/config.reference.yml
+++ b/filebeat/module/system/_meta/config.reference.yml
@@ -3,7 +3,7 @@
   #syslog:
     #enabled: true
 
-    # Set custom paths for log or journal files. If left empty,
+    # Set custom paths for the log files. If left empty,
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 
@@ -26,7 +26,7 @@
   #auth:
     #enabled: true
 
-    # Set custom paths for log or journal files. If left empty,
+    # Set custom paths for the log files. If left empty,
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 
diff --git a/filebeat/module/system/_meta/docs.asciidoc b/filebeat/module/system/_meta/docs.asciidoc
index 72c16e8c0af..1aaca678963 100644
--- a/filebeat/module/system/_meta/docs.asciidoc
+++ b/filebeat/module/system/_meta/docs.asciidoc
@@ -16,7 +16,7 @@ include::../include/gs-link.asciidoc[]
 === Compatibility
 
 This module was tested with logs from OSes like Ubuntu 12.04, Centos 7, and
-macOS Sierra.
+macOS Sierra. For Debian 12 Journald is used to read the system logs.
 
 This module is not available for Windows.
 
diff --git a/filebeat/modules.d/system.yml.disabled b/filebeat/modules.d/system.yml.disabled
index 52652448907..d1391881532 100644
--- a/filebeat/modules.d/system.yml.disabled
+++ b/filebeat/modules.d/system.yml.disabled
@@ -39,3 +39,10 @@
     # Filebeat will autodetect whether use journald
     # to collect system logs. If both are true,
     # then journald is used.
+
+    # A list of tags to include in events. Including forwarded
+    # indicates that the events did not originate on this host and
+    # causes host.name to not be added to events. Include
+    # preserve_orginal_event causes the pipeline to retain the raw log
+    # in event.original. Defaults to [].
+    #var.tags

From f14f41c698a4e07a2af1a98e5a0eef5bf04b5c13 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Wed, 2 Oct 2024 17:07:50 -0400
Subject: [PATCH 18/38] update generated files

---
 x-pack/filebeat/filebeat.reference.yml | 29 ++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml
index 09a540aa21e..c38e14bc0ba 100644
--- a/x-pack/filebeat/filebeat.reference.yml
+++ b/x-pack/filebeat/filebeat.reference.yml
@@ -21,6 +21,17 @@ filebeat.modules:
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 
+    # Force using journald to collect system logs
+    #var.use_journald: true|false
+
+    # Force using log files to collect system logs
+    #var.use_logs: true|false
+
+    # If use_journald and use_logs are false, then
+    # Filebeat will autodetect whether use journald
+    # to collect system logs. If both are true,
+    # then journald is used.
+
     # Input configuration (advanced). Any input configuration option
     # can be added under this section.
     #input:
@@ -33,6 +44,24 @@ filebeat.modules:
     # Filebeat will choose the paths depending on your OS.
     #var.paths:
 
+    # Force using journald to collect system logs
+    #var.use_journald: true|false
+
+    # Force using log files to collect system logs
+    #var.use_logs: true|false
+
+    # If use_journald and use_logs are false, then
+    # Filebeat will autodetect whether use journald
+    # to collect system logs. If both are true,
+    # then journald is used.
+
+    # A list of tags to include in events. Including 'forwarded'
+    # indicates that the events did not originate on this host and
+    # causes host.name to not be added to events. Include
+    # 'preserve_orginal_event' causes the pipeline to retain the raw log
+    # in event.original. Defaults to [].
+    #var.tags
+
     # Input configuration (advanced). Any input configuration option
     # can be added under this section.
     #input:

From d7d37d6dfa85f39ce2529868365699e1d2fd3812 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Wed, 2 Oct 2024 17:21:28 -0400
Subject: [PATCH 19/38] Fix lint issues

---
 filebeat/fileset/fileset.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/filebeat/fileset/fileset.go b/filebeat/fileset/fileset.go
index 03e7d4237c6..3282e819d12 100644
--- a/filebeat/fileset/fileset.go
+++ b/filebeat/fileset/fileset.go
@@ -184,7 +184,7 @@ func (fs *Fileset) evaluateVars(info beat.Info) (map[string]interface{}, error)
 
 		vars[name], err = resolveVariable(vars, value)
 		if err != nil {
-			return nil, fmt.Errorf("Error resolving variables on %s: %v", name, err)
+			return nil, fmt.Errorf("Error resolving variables on %s: %w", name, err)
 		}
 	}
 
@@ -471,7 +471,11 @@ func (fs *Fileset) GetPipelines(esVersion version.V) (pipelines []pipeline, err
 			if err != nil {
 				return nil, fmt.Errorf("Failed to sanitize the YAML pipeline file: %s: %w", path, err)
 			}
-			content = newContent.(map[string]interface{})
+			var ok bool
+			content, ok = newContent.(map[string]interface{})
+			if !ok {
+				return nil, errors.New("cannot convert newContent to map[string]interface{}")
+			}
 		default:
 			return nil, fmt.Errorf("Unsupported extension '%s' for pipeline file: %s", extension, path)
 		}

From fcc6cac373083a802f3638536c05bb07e36bedfc Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Thu, 3 Oct 2024 11:31:35 -0400
Subject: [PATCH 20/38] Update journal files to a compatible format

---
 filebeat/module/system/README.md              |  12 +++++
 .../module/system/auth/test/debian-12.export  | Bin 0 -> 8838 bytes
 .../module/system/auth/test/debian-12.journal | Bin 8388608 -> 8388608 bytes
 .../auth/test/debian-12.journal-expected.json |  51 ++++++++++++++++++
 .../system/syslog/test/debian-12.export       | Bin 0 -> 2133 bytes
 .../{debian12.journal => debian-12.journal}   | Bin 8388608 -> 8388608 bytes
 ...d.json => debian-12.journal-expected.json} |   0
 7 files changed, 63 insertions(+)
 create mode 100644 filebeat/module/system/README.md
 create mode 100644 filebeat/module/system/auth/test/debian-12.export
 create mode 100644 filebeat/module/system/syslog/test/debian-12.export
 rename filebeat/module/system/syslog/test/{debian12.journal => debian-12.journal} (99%)
 rename filebeat/module/system/syslog/test/{debian12.journal-expected.json => debian-12.journal-expected.json} (100%)

diff --git a/filebeat/module/system/README.md b/filebeat/module/system/README.md
new file mode 100644
index 00000000000..8e73abf62aa
--- /dev/null
+++ b/filebeat/module/system/README.md
@@ -0,0 +1,12 @@
+# Journald tests (Debian 12)
+The tests for the journald input (currently only used for Debian 12
+testing require journal files (test files ending in `.journal`), those
+files are generated using `systemd-journal-remote` (see the [Journald
+input README.md](../../input/journald/README.md) for more details) as
+a dataset the `.export` files are used. Those files are the raw output
+of `journalctl -o export`. They are added here because journal files
+format change with different versions of journald, which can cause
+`journalclt` to fail reading them, which leads to test failures. So if
+tests start failing because `journalctl` cannot read the journal files
+as expected, new ones can easily be generated with the current version
+used for testing.
diff --git a/filebeat/module/system/auth/test/debian-12.export b/filebeat/module/system/auth/test/debian-12.export
new file mode 100644
index 0000000000000000000000000000000000000000..583416f6c7b5e59569802999863ba1873e41600e
GIT binary patch
literal 8838
zcmeI2TXW(@7RUEl`z2I)UPIs2jY|(KmTgi7Ib7yasV!Bj)$)+B!3%h1^6mGuuC{|Q
zB)h3(V;(@LyQOZ?zjOH?l4LNSOyfzo34@#%MzTCmR5LBO3ak{A=1K(|5o=EuAwEq*
zn%W!-VNxqJLn@HQV1ZIWIL>p8_32%Rjn*l%hNP$4P!OVxU@Ao<Pfx#v7K?yq7Hfhs
z#?stNl1bFRnhi%$;@+mS{^&Zy0TC*oA_!m(FaUau;&D8S$HT$nZiHe&kq8tEpvyG+
zVLTs&xH(LQXRofyOa2+hGuQLArFqGyKe!x@BiET*kr|m=hJ&10O(nHN=UN98=RA|z
zOD6Miv8w4HzK+7p&zr5i^R6eucru)Q4274>;WEfeF3OK-bTu5$KO}>AJc~Zeyubgg
zd_649YMC#VHuJn>`f)moMrX<NYB;E`+1cDKjP;U1|2m1z&!fR?_$~_J*Qj3}jJk?1
zlJovxc;)WRyks`%kEhr1WacJzySl0S49_B%_4zP@EwTBO!BykYs5*>3L}B+~v+i!v
z#j;yA*Ap6COyc=<*e#b?PRVuYZ0!0=F}=Fyd_07kK5iL|&S2?L_?^3C&;O!t)_S@1
zf4pBWzWnPuFS(4TvvGeEg;mQ*X48dUo?y~Gkm2}UJm}Ac@!0)1hB2<;MN?{-!l_~u
zX~7Ve0YWMl^=hx7FA<!|`b4_}r}o|_#7CsZS&s(32U~O6zlg%VG4_6IGynb}g$MuH
z{_N+gbu;UHy}I);>Yxtk5dVI)-ug_EfcdaE((|J;!Z}v{^s-O5=zYeYfBN)wb=ke7
zUnw4?7xC~S3;z9W{dxMs_sdm(jO@qn-(8;F-3`5@oozCW=aWJ7DmefyY?`AOCkHYv
z1=ATN1>sa^qp3kUmq57S7+WbR%aNoxg&qFFJcB@CMnr%J3gD;QNjR7ouq>Fk_6qOz
z@C|Q=c)fT3I(Tzq31^HLguzv1u<y9am9Ua2PP9<<6LG-c0HgYQOLuIxzK?y(dWiOz
z*hRPAY`(76*$%iB>0lu{3_gJ50&&hMMg`&}ro~<NQ`+o)te85MQhFez3Ue+^)>3Ls
zDii}sxh6c2NMyOtD(4QW-F~>3CzV7Z${fqP{4gU(5=EtIDW%Qf8>N2+N{@H4$5BY|
zD-?3sQaD_G(YK4te}L%0-`dUAFWu@6@|ctgwq=Pr+$4DxO*||=FIQieZ8Wjhb+((G
zP<kws>@X+^wwCMM)KF&B@KhQKP*NFWMrp*Ep-O28BKJVar3kQ6)IqlkN-h);Qc2m6
z=mNjWi@rhm7lraUAM4es4YjL8p@Ioacym;>?DU|bM;>|5bG^8A(eY#dS={7hgoU7_
za-Of!S?+p><Bz42A4n%5IZ7pK=wwKM$8@PHI82sHfoX~%2bSr6Iu%kJ@{X5MR~}G~
zB$F+Yq3c@4xNmg6(OKle2hv&RroV~3{fJZKL$<vy?R37A7rUNHd@P;fP&#?eQYu?I
zA@>9o2I#~D+@=s5nH*`Hx%l(tfELKa1T(NAFZj+tKwip;Yp>Ey5NzJ){1d54|AT<`
zSNhK1gHCoBoo?4tC61*tIE+q=!9nVb*K``n4429{I&o%9V35c`DkjFoq%YG6xiqB+
zIel+uWJ?s0fkL7cdc#)!{p0ygFdGL*yD!VPzZ7ftN}^6y#t4Dwa>{af)SsUXX9<YF
zATc*5YehDGKaM7a8eMj-&zB;z%fU`uL#;E{&GRXYD*K#NZH>Ck>twGHrCJr{vBdn4
zt!jz6IBX>5LSZgWl~bRB`U>K%%V6sJ*OIfFU?n&|n`?JtH=D(3dBQpyv$_Y3ydJyb
za-}Z)Yyk9k%K6T)7xy^$#2W5K0PguSkl63Hn=bKB{p<H<VfWMO&UR~A`_y+2E-XCz
zsqf_V{uuf=UEM9(-f6S(yLM}wd|s&RNl^f}siJW%0gF1x-M}OA_YJ8R{8S&u#HIu>
zsK7|fL~gX=fwG8_Kr*2?xVl$8y<?Q9KpibG%foC5$)F&`O=C;4oC`^%vn83NT7ZSH
zAl#==ciC%8K;sIy1iSZwEeW8;g#z~2mb3};AJ3LFg#Ehu(SOaz{7wd?;_tB)NuC;n
zrgZbjtlX?u5BEB&t5@yU#=I02tmb@mmonL9w6<M4saHMbBH^ZQgJM|~tFP&w+&~ow
z;X=J??amQ4OTJ{YV0+e7Ke1WA81R&N&8gLjWdYHW8H}{f1(bVffbyJM${I_yv|s&V
z89jfg?`-Jww}1GRF9DbPs%a>ZqlzCJW~c*ALvAz1iKxR2iw)DnW?&k4rYTnxGt4B?
z>3#uC63mH`)Wr_F1T+a2GLTZXk$>0<-2Zo`q25zFO3TkF1Sh;Nx^8RBKdm0tOMP1d
z^$5|jPMn=U>3OlNL4AI*!S!~LR+Z(f{%l89)#L8oPETs%1ZqbJs*dpIgL>69m{051
zMa{mR<V&UO-JJ&US(Ka)ub@i5Hr-;G<$HEgMI{~M6(JPFV^wV66@!Xexa7F}c0L~u
z!fHga*{<%BGL)IYFp6PoI!ja>)Ju7ay}(ckS5RTa@VAaU(6HT6#^Emt8e-@aGp`DT
z+<uncRn$L&-~<Oywyh(ZX&Dpw(uY;tfV8)I*mnH)da+$BZ;JBR{d#4flim1Rh(^9G
Oww(j4L`5HBp7$S{U>%nL

literal 0
HcmV?d00001

diff --git a/filebeat/module/system/auth/test/debian-12.journal b/filebeat/module/system/auth/test/debian-12.journal
index 3907e4565cea44695d2d7336bf717ed9b6c73f0b..3195198e604154f8bd87062eb5c023fe2edd6f7d 100644
GIT binary patch
delta 20352
zcmeHOdstNE)}H}^c^QOZxQcRDKtW}+f!Ue@-WU{QKupvOHBIbtLQe*H%7IG3OD1t_
z<M9$|CEgOlubFNpJ)OYncra72)bLA-Qa|D8<^}b8_w4t#!P$61zUuo2o=4a0{jT3y
z?_Td(>%A8i7WOKn|IDeTNmGo*OrwJSxe5QVKi8i|9Esgzocs6GNf-LQ|Jh}~<&F>j
zvT)L@)%ouoXno|RV<Rv7K6>!sM1D=p?6(F4UkkA3S16gFTV~sj79a7s@Ee2ehej;d
zD(bz(f{HPm?Z=0urNPR)(*428d8J1qwGiVZaw(d;%W53oBAV+=OxYrJJW)l7SQB5`
z>av5Bv%+#(m`|#1h^$qXj9U&aN@8*Xv+^;A?|9>T;Tp9eL3~GP*&^k9b;xM(nNs?!
zSC@|xpDC>_QcqR($#oH5fEGlG&jtL^6~473q!+`Ng)04sYM}U}vYa*cPF9k}n_`U`
z%Z{q@iP2dsHS(n);l*Wz%8;@;2b0>$szfQR!g^wKU~HDqXNLJHN#Qk7NTDU^L`<!c
zG_mp~o|f+*O;^R@CcZT@askn_iI18xrE7klE4Rd_Dpt)Bg($nEY`-H<N*HfRwbGT^
zOQRGEDb%}`7+KwowC)Skg-K!=rGnjvKeM$zPi@^msu;A2LL*5X`_MY!Lz78jw1`dQ
zTMxS@t1FnvDW#$YsIMf7#gqz7P~Gg4SgNjP?Letzj=>=^*pg>(@bB{f9|sT<tD(u}
z4TLnuh-#WG)OC_alSWtZxzW<9)h@V9n(sk*(gbyKI%#J3W&!_QDhXlyAp(EAmRuRe
zs%=Ty6_~%27zc^ZM$6WD!)t?yl{K5y68co!f_O5UHNouSjMH(JjMMS8I#Qt*F%_1g
zG9OF0{Wl&`krw7rErLh+nMfjQvP6q+MA)>=JE&DWiE%ho&pGT`tFsr=5=b<xG8&;W
zk@Ex&jYi$bT7uHwHu8`l65=cB39;;d)45pHuBXmNy-q8ZQED%1nzM@8R$-yG&0pLO
z6kAlIA|<SKN`%(=ZVk~e$JJOe-V1MtC#J!oc$1}ci_^4+h?P0A)w1=02!6P|M7gKr
zx~fh0G8y;Us<_0HROrMv6_%ve!*_W9wiLPC-}g;{J85R2ME%skDbht9#SBZSy<vY}
z-5sUf^jDjhb5Pp3-h*!HSQe#}cFr@}n;2QjHd+>)bNtnV6tcWhXgM3;T<lI-SR1r-
zzYPxcB~}&}Rv|7L29i3~Gt^m<EI!5m7Fss84>2&WF?7{y3bg7<mYyi>{2M#kP5%31
zFLf--os_mqIHDqz%rccW%S5(&U!4;vXW67&$R>W1+RHj>sB<OtEF|mgLozpjsJuk)
zR#`I6c*JvR{}JLdr9wUQE~JVjjw*|kI842WRW0(-*fP2$JCSCVxo9Rl9oOJauCVle
z#nz7rRZDaxc`QBV3F)yRh!ilU0*T2#xUAmMN;LkWbd9CvT#QSRx-vj~rnKEU;#Yp`
zLFyyK(t1m4oyro`xgBzyNnxDGS7@oRsvBQy=i}8Rmt~*a&a;oGtImy-vs_y)<l6YY
z#GlFZ7i7i{SLZSNQ7YE7y2`~}Nh%5Z0E_1_zXdrYgpCkFEOdnM-3Vf2u4oioF;Y(|
z9l>8T$|d=Q_NwNph;@iqX64WJ<^0-<I=1@V{*H1{=dmFMrS>-NinL!mNFwX05<Bmy
zI+5a{u4ne5)Lv_Zh8UT(je@l;F~rKe)hc*v<Tld6BA~@S0xF$J>`>86u@>cgr((|D
zPKjEgVMf+isF531lM2>b(@al$>ljkP#)c&pIyT&~%3eYz-(wql)H_(p-*Gp2*z+GE
z#KfA;)WxRD){qL;$yErQ+_Y~<qo?>;jh4`mJ`H8|O5~Nwc2i#&DPkzKH?o}nh&w4{
z0aa)pPzG;xEK7Biw#zz5)KN?arS0$K(mTG1@E}zz4yuGWSdgV|W==?{Amw}jDP+m3
z&^~!}l+^KeR4;WEOQw`|wJsec{Q19^1*uE?#5SVz?&`dy4>2*vH3^REmqc<|a?TZ!
zb8%qjK4S1v*RjD4rR_TZ?XO~9s_3GZ-fk~pxapt{VV^^3yXeV%Nj8h%Y$1Yc%Sj%a
znb0mFGm;M>iELz(D2!}e5<0K??F!{QWmPU$NFkd76$(?Nj*?1T)rqV>p;V~dR7Z6z
zn{ZOvUSCm<a{ws_5*w$$vdFEM-!F2FU42ucw3IZ2)w`+Jv2dZ(Uf*whouF%i4=G?X
zrh;NRW3sd!_L%k`$EJk=yuq8(3{IZs;gz3|<H%;v5~*Ty*yi5irxKxrUrxB;W(UR;
z%V_eRe{TNNyz^!Ds6ZR$j7d+=%1IfAS^A@lA?<x@;p^w(^1%-Zl_BmORMNtnw4|}d
zl*!|%s8Ra)aeV$YgU<8m<Go_rn&#XCu!ev8nju&}l|8?5<l3=y-+ozyVo>PF?x=(J
zxo(K|{Qg`+rpx!IgTZR$Gp<vK6WMd^2SuAJ7DxG_7!(rMF^MXnfZu!F5N=)-)z5l*
z-ttetitfvlnUbEFk~JNMnZOvz20S~+Z$elx_(7qfuA>TCm@}1Hgth`2B!&Twh4eiW
z_(i(800NM}1%U9*UUBR<;YSBVd)I>>6p9rdVvE?mjTYu4cdnRQ@_frxpToCAe7Zt`
zp_l*=UPAHxB8NhMcwAIebM;H?Q6f-mV2VZW)88-*_dM#fW=VO!A72Eom4E66ZKj#*
zdA;w7ons#;J%wUWNX%mrU4#PuIF+b<-Tlj&kt;3Bz-o-*18y3EbTinC%gKJ*BEFc9
zN3ba%vJ%$eTXmc-UwqRLs{K4MF6`ReuXls_%1HhlDpQ}qUMyT+vgYK;vM*2$3Ykr}
zRnzB|A$q?1y~S(3SoYk0uwv*rW%`uV^yHigNn=w|sZ&WdhN=|R(CX?_&m95|6sr6+
z9U7P4OI2yx4%R%@=Xm;Zu=<bSf4D_0avytfe@NW+k9BKWP!0-_CMMFER}SR*te?U8
zYSXqSFI>20%;#8D${Vr%SuR3~E|<u@fB&UHR}D#^kXQnVLc#j;T=;bN3oEL>d|d4e
zPK+FL#-^vG(U)+wDU3n?+Tuqq&rZ0bs~v&{zGfh8MYEFYGyUN5=#{S?IJ6TwFsR8H
zpFLi92OSF;!-mxxRQ(SxoeX|Ze8m+>N5(KNf)94!Lg&1<Izm-ju&fZgSaHaq?V2?{
zZCuXS<jnM`CP~+H#yB))=!_K)jtm736uM&Bz|fgr)SrIO2ZFBGW=)BzesKR<@S?+)
zbWNR{l0^&gT{(>La#*CVTJZy-7H}y7a+xj%zSNWR<7Yc^A+y4J*Hq^AeK`Wm=;3n4
zrj1Lb*&I3$xHCq(?KSJ4wxtPR1d8veU^>K9aNd!lsUZFz6XUG?p8>muAJ~fv)}dqB
zR>|kjyKnvw6oWz{o|Sx2FD~6@$I>VNC*$2)(ns1xw)_pk_2F;!;#_qm#vh@nQ&l{g
z{WRd9a<NHHT%=ZG=r!y3sqIoMT^YtNb>f0_a~N*sG_yHt!+<jo11cAH)QL-&vps$N
zk8?e<PJ#{Vcq|KKrKF9Yl9iNZf_V=y#->L;-P-&9KKKa0CG+Bil2208FMi3HTQ>dZ
z%~wyH9<=3KlwllARZK}r9xu5Gy2wp#CpW0}ZhjT~pz=>y<ibTx-*Y}_*s_m2`-2UG
z{T$Qnoy8-Jfjd&x{I1umH^2`n7q4^U2Jk^DF3juLy*064o~XVAUOJxRue)%;;=Y3d
z!=6LTT(H`8hmG_0ggGmsFCN&{k7DgNG)xJtgB@3Yb^=2kjH0k+iXjdbbTJ&kyuQ}V
zMiW?bLf4PATJ*?Rqe4fC6>4;ISaC)lg_Sb&FIW>rCxGdr87UmgTS&lIBt^Q!034|e
zON~fB7*-=iU=odR#>xePku7PP6$m4&6d?{U%Z9^ZQ3%e3l_YorIskFgLZN8vCw6D>
ziYPbnIm%n4g|@Y%k?lzi=^`a!+4;r%V^Z=)%^{%KM-<>Bq>CWl&y^b(N{2YMzqJnf
zQLB902C+v47Ve|?Ij%GzUh&|1^Dnq^>QF@enX=}6`@g7_hK8^L1JI3z*wB?s+V%9D
zs*9@7YY+|#F<zsZ%MMLpg)^UwdA4z6m?wB)J;vLl=KMnuPrgrFc27EL(1RD2WxNJA
z&fsuJ$uD-};>_K4^xwzN&8NES=)aGjn@5KJrlYeZJ-89}e&8Bd>_p3BFA1%SNjh2(
zE2_3uGSg<Vcl62-=GdJ&xI*FIS1h;3DMIfaXG@pa-2e){Rn<+LDom=Vn67UR;X8lf
z>~^5dx4Vk7-VtXOYjP)(YQm+O-j%}KuHsmCr9hH9)K#FZItmHr-@khmHRp8`Sl3Nl
z$bj1_YF2c$4GV4ub{SXyA8}4LXX76U-~t_Ke?a$~1NpoFPBSNpEsdg+xKlMTut0|~
zciWTaFNR#~%i2eQYymvpEBRIrI;2InG52Lx>$Qeidr*v|B8MGyr9+^<XgIA7s{n0T
zADudQhMNW~5|AAGwuVdAp+{+Z>8qxh#?So#L!OeuI8R#B9L9Go^UdRjckJE(7}BR4
zMyCuzb?B28p826+Q%#mMxJDL~!{``q5Ff7Pe1tw~gtn)TqJ5NX@MYI0VY2|<hkatW
z6*lDID%cH#4`8(xjf?#kTdO(JW)p(Ke>xgV9BQ@a>1MWUieSK0YsuD;p>q$%W5GfJ
zHNeLPipjuHoL&}qasE04(wV_q*Uui8un&HQPXsns!qPzU;m>$+u4cHl*M*;-dnVz-
z4}rz!0$TwrV-O}Lqjd4ZhO=jU2ck2e+<im(i~;XM9?T1Q?7f3R$(Q=l@Z93fY4y*u
zx7CV?Pb6la-3~C?0^r7umEkXWb5o?CndnjQwq`-!_Ml;l>VQI|l2`iCpxN#t2F*J@
zJweljpuq_icqw+E;Ca|ihc{uX1Kxn095gUCvu&+*FKsq^H`<kExaJ+2e*?`1ff#+@
zz0Hf_B`=s+_OFx~X9_<@G4#k`)C&@XtU1Q7#{vET2e5B&>@J~QaeBelV54b^VT7KI
zrehQ>hrC%aRLp}d?2rLH6^W6EKarTrYP5c~JlvgEoV_z1{p|DSub+JYEB^|74C;g`
z(}9XV*Y1pIu|MDX@9SC8+!Eg`ht26DI^(uJJ<j+iIHQL3!Dv@(W!f4nj<(pHoDnV8
zxf2c$JWdsD@4<f<DEv;EZjX(@wrc%x%-#CnzIUp-7|(iJokQ=)ge1Uwj!+M^@&4`t
zJ!Q&iQc1As`ZJ5}*1A&i!T|5NEnmE|Fy-b&Bq^-6!iVu*$zKhma~Htgi@5*hRgcvP
zD8{0!9F`Hp1?z<!6X7q)`pSnpW)&?IpW6SIV4Rq~ZQHf{-XJboJ7(35rO%x4F9UN(
zB>zJY7o^7|&G5vd=OVVfa1iC75NWtg<oIAJa%SU(hN8uvxSQDN*s4hW*<iZU_5j0P
zJ(9CdpPIiBqOhV2k$Ja?JWoYRd#l^FPO`RL{u0AqNKgP;c^fn>gd47HE4chn&7}ft
z!YL}F_?JSs2pzTz{^?ip;K@(cN(R6JIYdGS?OsBtsWaL0sQp*R?A!QQIf}9D4Or9d
zH3{XyrM=517c@@}x{xpJ$6!SqP>7_1Wx98n@Yf~t9&cYOMz!DEeIWZUKYtttW~`#i
zg^)1nSg3aWt6L_1y>ogXU|4LI!{&r>k<yOS6E{ceFFgDHY`{R}uo?=}PW>>+sruYU
zxe}X>zZOP!oc_jM-239%_~fhGq}_fj@yo?!gmdXq<&QtUc8}Hc=o1hNDu<m6=Z0!m
z@A}&-1zUf50c_3p@B#g4EoQM7!;Wt7JKX=Br=)Ur(nl_i?q3d-RzU7M_FreuKeg;S
zVCc`}FuDQ~&bRgFymh-6bM2;``x*xyM{p@HP?KX*25@F69js{>a9A5({5Di#z%Pd>
zBWPp8?z4Oy=R0pYSpyj65pvk{2s(1gXMDG+J}EZ8b$&2lI4UZK*|s6Ri{J)IQ-FXs
zlCsj@pY|58=-lO4x_UB@UmVH#Iw&0YRgv8odfD$x*)P!B?>yPBP2fxl%hBeGI4gqe
zi!-rEt2i5ooQOl>NN6}3jVy)JHb^lzFM-^FYZ78YFy}AFZ43lA&Ql|5ak>=Yh!a<c
zrz`9P76JwL6X5B%O#&Cj{REp^ngzccB6bjPI2;d!C*h<oTm(m2(d-zzW0UvBiIskr
zUfA3Scfbc=jD+_Bj{hi(^Wr~<;)rzaW$D@|<E2u!ZD51JWN;x<4%K1fEaOD){_h9A
z`72;Bs~om)APpBpV|mfG1ACXwmd;nf`f?aOpAjjo|17?-|7nYV*nDWi>|72D9YnRw
zVSK-gjz2KyjZdXBJ!l&_%$7zr4WelT!-KX_zvf0CTyPF5(QI<;_kzlKjPGTy`U}zZ
z4(%N;Yi&6!DVpX3Wa~XYP5i|8^YI<f2CtLD_D6Tf*4mnbQ)(Sg`vC^$l*70fYEES3
z!_Qnu3p{<i8Zh{<97eNpApcejU0_D$iq_Ya9XvAmTVUa?a;$PNU0{BQ@p(3{R5s46
z#iIgYA%_(W?l8mr^!e2CCAHP@(1u`;!&(Q^8K%a8A2y^LX$}Jt9RI@*va1{Rc4^T(
z<G1qS|26H|r#akL5|e>>b0aR#AiQx}7;%eZ?+8d-T0^Aa#0f$O7eb`4U{@#L@3=}~
zbL1)1lW}VfE{b~s@IBmcgFoR;1snzUHsArmyu@GGBFu+^@AkJeWxx=vV4XF!-;UiL
za4R$yZlL15lK*}vjhor*dHpfXi=XaXH3r2nvK%IiD*3swoUab^hBIw#3A;c3;0Um2
z5IJ^#ELDkovU_LS=nrPUwG=S4n;hn;qj3Y+swl7JrJCH$fGJpW$zeqT3^PG})3YUB
zD-_Z}8u+ywMh`(o>M%+??{3Om^qE^Uw80tVFnS^`S*ql`<%=JF&c}BXU~myR?C7u#
z-)33**UdxTJDdj?s2r9woSvn6v*Nj{kwdP%1~yzx8=F3Ee9nZF)bXqU{VMhxqQCXl
zo%^cSV&FjKYQ7&%&pBCNiTOv%*P5TfM(?NEeomb-K9inlmX1-SF^0jV3lo-CZX5-E
zP`UU;_t4>fwNq-=lIX?g^cAMj{H}ZG0hPQUPBpOTl;O(-*{NSa2B=(?QqRR}H!c_+
zGym6L;VX*9(fmX`9keGiT)!Xxc47OE7hZ-KP`S9RdM<eSJx@M8dfy|%rC`FHqAc-%
zm-OXECTCw$^O=(yS3;WtsYNb6G>-F=I-Z#1hXa=yCajQZgDbM^5I^24`9*Qm$x`wB
z_3@(p^LnFO$6JM5TWcJ(bNv0Lckh3GlGN&ziTt2=YMV(67^ZifIr&6CwIqlAkc%sd
zr(SU@^MSLTfqTw@o!<1b{Y)L7G;Tc2MsPap>b(8n>1msNUYGhiWJS4nVxZ#yY^ZAZ
ze`R0(rS&G%AbHARr3SH^{M_*W&`n|$f}LwKpTdk@I>_cIng{2~a4`}2nqIK8eIgPu
zjsqjP;^;22CXS;b9pX-unCHxjOE`y%42H9^NKHr<$T^5=BnRAuMKt5$G$InQfRMuJ
zM_UX`p+SI~Rq$?HDpfGIg~Pz_a5@u?f-5ZWfbQHY>B`-c9-bZx^jM(B0zDS!u|SUn
YdMwamfgTI=SfIxOJr?Mm1@^oCFJ;fFeE<Le

delta 13699
zcmeHOdstP~wqF|oH%vVO3L?r&LO@hD?>$unl<gxyP(jI56hZNkqGoDYV2Yt;id<Y&
z$I{G;+6%3Od?aNWos)`{U9GF)vrIF56;k3EW34%syRFMSx9)#ueINez9CN(poMXPH
zg@uLoh45F9oHls)z=6XCO7L~Uf5cbNt?$YCJs-}Mzn>8Q;vBonV;`$+PAnL*VbSS#
zw#@b&v#i%o9@9RYk|00-(YWn_zD-`X{6>SSsIj>~`O)aErVG!Ql^>pJzME9nPR*z_
zbLGe0k`iBoXUSGyLvG38pi)1BG2m!>E;&FZ{^3_IM2z;T2w<tJ!JV1x)HI-y&U8@I
zfRNtE8gHq#0hRoQn`#;m(iT>GTTKIEy0p$Y4ea|dlTqk3qMlqfPEyl=r3S|vEI3+C
z1HKzx5pBongd>3R)Ul4a%owY30D^`<RxZ+j?;0GV4XnIbH4O+1MXW{?4G_}q>}Y3I
z0U)I3u$tdgen2ppYhX3M3c{~~P~1|LkfKl`n&tbcX+SV(F|cvIDgh7(js|B(HC?O-
z1hPy~TY!p!Mp0@&NC&d~NTD!Nb<rd|0EB!GXR_ZCD<#9gDn%^;Lam+a&={b~6W02u
z>00^JLp;9J#j%kU8-z;+UOLo%A2W#t0t6F9th`CoT9cA~x86OWWKlvzRYHZKu<g4E
z73-d6Mw6-n5ZlI=)d>P15ZoP^(M52$AfbO7XAw1$1Ex1FV}7FU0fA7~lC2Uo1Bfcl
zv6^621t1V^1Uco2vg9dc0Z)!Xl!(Fr0+T~LOA`?f2!xCPwkb?i0|<m7&MLdB1VA8I
z7O*-ICV)WLC$lsUl>-n(jBHaop`#rVZWvj<C@&xoqUSSX3zY*92$mJhEJOf-@O~Fo
z(@o_71VYCDu;MN%0T4NYnYpV<00hF3R&1RJCO{w*O=l+IDIn_bV4gw;;G*z~s_+WK
zN^GJ55zZoxq(~Iq7tZqhRpo%FypL05j7q4KO9FTp2sJWR6Q$AsfoaYxCzD_@5!2?C
z&P?TznBtT-Gl`f41fh+mS#XHT0ch=1m$BQ69!hJ&@<Y{ZKrOp;oc(@Q-&V~4)H19C
zZ%J#m%2{OryeG^4v8+}U6cF4wXV3gPs4{>+c>e~g7kvg02>~ombTU976dhv5AXNlV
zn2B!7>P4{tfvYT#<%s|V1VTnzR_&yU0V3gT)*uuELRWjAC5X@i1cq~KS(>XV0SJU6
zrOYS>6hI(2jAqq>0}u$gj8%*32GptmS}%q(7t!|tfi+_(D;5<B2!t-Ov#5C~RAH!K
z<)SSCfuX23GX{!+2O=Rij;)GN34oe4txdEaV1LaNRxSD>APBqnVwoc30f7+Rht&x6
zfI!HY$@0aB3y6fZRSA(Xb*(_1sW&r=p%YLUm#V!*?RqQPS}?P_N&rORbY>Fa3kZZc
z-C07o$^i(3jqO;C=-GfMVkk8^xGajPsEVmDEW?g-zJmFQN&^HIOA4DOhB81P<fgL*
z;WQu+94u^|7{mdAP!`D&L?8eHA!8-06pjD_!4l5qiCGd52<}fY(?hDOfIv9k*;({`
z$@fmhgM%Y3uuY<C0|Mv1T9zQ@JwUCEuq@lyIx#8%0_zbY8z({^5Y48sIx*M-0%6YI
zSf!`x2cWgGuLm<15ek67dgC)zDPk26WlPv9F~|d2%PujpLNVF{0&B)*W)!^?5D0;j
zS!Ekxw+#}C7P3ZB?SMeI(T$ah8Uj?N$~>_i00agY`Wr+v0|Fs;6Wb&PR6roO4`zj;
z3j+dS&O&Au;|U-TzUv^`O;Q@t0*e<>wSbVnZz(GmeGJgLh%tkipQuSdU=7S+31YPY
zsIiJ3v&Jar-!vNwW-2Q$NgBzQG{$>Z91}?m=7}{D5ybM3l2TUR)YSB>K}m5rxv>+n
zV{#^#$LD58MMjvpY2t*~C{s*yP7I$oJ|{*<*a<YLI8mBVU|^+5*UCsE1uiKjgO3Y_
zSx@Iz-OL|wgZK%_QDbYh6`e$e*^5i|a!QlApX;~VW>in~7<QaQ{N(jbX5Y9mBHbzX
z=h594?p#ILgrwPIqd8yEe51)6>RN7^e|%Exu+K=OP7ePSG!GN$(R)nB&lgYnm9hy*
zbEeR26d9X9a|^lXS93tY!Y;ATteX-klL$q8+OR>X!v>{4Le(=wFccUzHy`-9DT4S3
z$yA|@sd_X8Oj#MwhR`U~KHXHoiBjdEuku#Mdlr%+8Us-PX|@h5|Ge?$^}VnELi~i}
zz$P09JUe1ppZ?9<u^{5Tvccc%T>JxxxQNwO)_~ue$`K4VpX~C*%|ip7iJy>6)!8&y
z8kn*NrmW$X<UvC+GPC-n4oSCUrpL{hK4Hf6iE^7;<_@lFpZa*GG-Ay@Qq~~zThNpf
zL^`8Q!|rS4uWzPoLbBN?Y_=2`#bDD;UUADDSx`PV{8_vH=dY6pt*x?#KQcVsl9H4)
zJb6$*%bgm{7K|USUa~&tWcE~&BP5f4e^Vo#qNfIH6qvI5C8lLr`uDf=OCL1C5+}zt
zoBiG1tzP!+^eaAKM*S+o<tfc(pSVXv`a{Fn^Gh7h=$3DwFh=ETRLZxz*&OQT@|!f)
z*`X?xR2%)}CTrCzE*5;TChRS8lh`CGN4`xtOr0<?Qf`Cl<}Js9Pk2SVM>3nj<Yl+P
z>#>6Ht^9<`gfsrnQa&N6E*GjDMMfT|Hps_Ob?r~tezVedoFEaSsmzOak^OpdWAvz{
zp@HV*vAVHbW21H*sx6zt0}9d)oXv?pz$cSdTCGFKrKA9ndd;JPp~Li-eL9_t=t%s8
zRDkboEFDElz?5alw8VwYnLR6PcJ}1yVY6rFDV;-ZW8kj2d-rtqyq>&$9VvsYk@6FT
z@CP|Tb3oYj*crE0*N!KCLUO`IOpsKIF0dRj$WI%1zk)g`;o|WD|7;`?nyIze?l)jq
zYDSu7l5ETh3Qire<{cV!NL-5vvyI7tXcD+Iy%|FWrN_;dW9_)VTYN<OPF`8{T63+6
zkf+#jpSVe+_SiRHe)wr(Pf8L}`Nj!j<PD|`@@_jGnLA*vebCs)eXB@>mUUVEQj%aS
zu~1dgFp-}8d~Eixw9~{-NT!N~DJPLp2<3uVss)d9oi}B6L!Rkm6p5^pOImPWt{%5Y
zQqhimhaPn+zD3!Dq?yv>ktCmL!Bg92M@lib=AU?-vSC{#e;ds^%46-hGtU&{+Rr~Z
z_`~SKy@-oYU-^snJZN&J$JjTs9Y1=G*lC{v16y+HfUGoi_`VZx)Gazbd@$gW{g>K=
zO!E5X{2h4w<ZX2gH@1#jv;|Hy6bah33Uld$QY^#M6I0Tt3TlPk!)ISR=v;N~XEH;m
zZ|)-pE{}hB+L6X*Po%s`?6e{SE5j29ShSd?*}l~8iT)c}k7z~wg!*Q-I`W|LXQI+y
z+VN`p58z-&k)S;yRUegRw$SIf_rk|x9ts#q>IwDDgtz1a+>XwxJGgVmf7cUxnps}f
zlJ~G%C&@cna-V_|3%397vWxwKSN-<5<Cw`!U++n3{o1K9lTP7w0T-CKT*uuiZY*){
zgj*3jIKhJfIKGhbl(QTz;f@54MsQ1p>tsBhz|DZNCWTcxuGDdVg?o40P>Mliq7*DV
z!_z_husnIKfYFUhm9XEUdZ1A&XPKkjq_;<D)lK^vl)<kK<nW_;#{_%k7V=v+&5>HK
zrM|WFz5SQxeLg}~_~9Q~Ka;9Pp~^upVA@_j9?iYv+fF>hpW4EH({8`U4L@8WJ#gft
z{LGULjJG#Pva1_!CqL%QnLl-fxqE{y-jwDXCK1}mXd>g?c%XdHnY;Oy2%f%Q6t5U?
z{W8UaQk$5iiMTSJ<v&z#x9Yd;@ZidkZ;7N*@4w?-&$zEYDZ6;1?9=kjvCk7XZTU6b
zR~V1Sn2Bh`V+#I~xPXlho?hU7NI7GHtrQ*(;FgLe910Cw(<{EKVNsyOg&E?-mJyfe
zR*brQxZr*eK3px|%~x=@VO-VT&3HE-E=eDR50{a;d>Fn|HMscGWwheMb=!mR;Uesh
z_>}I0OR7I&#C%*MJqRDJa2|vY79nc)wH_nx6$`j@co2mO6Z}J+p3=6lg;O?ud970K
z3{Gg61}GX0F0Tr0nz`ZvE%lTLM?oCWtUr=dh6i75?RYKhczoU1_q~Xf4j}c#VW^1Z
zg@S*SadA@e0H-x14u_`7Pkr&v-1q=a!^Z9Mk}Ga+fBrRz(|Mh~cw$>vt<aL|rQG$e
zTq@Yuoy6&oT3@`REf3=~40TBEv1e8F5pB0Z=PUZ+SK5kksokF(mz23mj7fMhgx3jp
z4u^+AcxH;HqP8J{Qwx6R9!ymQ5{5%L9RAueQgsMMjgLZrcDQB#*uV8r2iMNTPlvTQ
z58~${j>>SmhaaYK^{OsQ<%u4=a~y?X+mS0=o+uo8RAGdFwBs&1!?e+5MqTo558g43
zf}!jgSJ&!Gku+T@b%E;0opClQFl{HdZqGYv(Y&JAkvT+GG?5o{OG7G%PBkIP5X}Md
zg7&;!9L+|(Qv#iy3ePVmUThZpNJp`a8<@6}_qFH4wZIw@vZVi|+E9N|L1)~gg6MbL
zIOWB=%CkMWJI;E`JpaPz!sA{%Cx=T13GZz1ss|62$u=z!0y^zqyY$5`7YN@vE6kX{
zD6{@ZP}JSuy?8sV;O)=H&p-d@a_!7SJHgh~0R>lP`pzABOxB;7>8*Q|b(yiec;5vl
z;&PZb?@&O!rV#Exf_rd@u8^sWdcBF{{v@9k-deZ(cNJ0tP|Kx%@|>KPG~o*Aq1!zi
z8mvE64m-0N_0xQ;TCUY&Z?yLBH`tW~=py0XN>ImEAGPJK`usn(9G=$0y_V8)ZO|91
zR+D|bdB{D93^_&H!cn@rZ1U!w4^F(N&X%YXVg>YdxT8<FqZxTHt`?vRM7$L}|ChvF
z9%kJ%chF{4ubbHe7thEqqPC=4I&{|hqd=1654ymtO5?Cs{5vBuUq7PF>9`NWPhZ?A
zi2KU*ec((hta1C6eU2|3v^HZcTMr!$KRN`#v_T#d#6#V_9P#FmnU+@5lzjLn&qsbK
z2+mis1fg=l_E+p$kNYR(6OvoTu-~i3v_bw6RoCY?4F2KuW!khL`N~~`d6&3}LdVj_
z4qx1Hb?#TBlCJ7WwaG>`rVVmYFb~yEZat;Ght{6IcAHcXl8Q_l6__^2=Yn~p+n&^o
zFL-Clmr2CvCwC3uT{!Ld2Y+H`pZ&y>+VLda=8|fXyVINtL%46;C_(>r|NE&gxb(k9
zY`BfakHiaYJj1j>J`%zMI30j)nBw=;@(ovKkqWpz`ke}*-|--%D-Y5NU|Cu6aM;VE
zE)pAV-ti+3h<-<WVONMpD!|UmF*o1NyuOLp=t+dW_+hl3Dfrh$zOuF9k-fV}oKRmp
zBot1a4j<jMs$;K3F~m-n;aQ0pNrTeikbn5_L8)*rLQXFdj0Ze+P0s%C$u~%jE{*lg
zZ4KqAT4B9+9e((gsk`QoIHA6HcsCw4+4#umr!p$4XA*m3s9MF^Nv80Zyv-GiiGAem
zp0_$&Cpo%v)HnALnA6r<v8!)Sedfde+Dzg&T;r!N?%$oq@@;~@=<tkXFEsf0ilnkO
zxxe_*?z})7sE*8>_T|fcE<Qx!xWu`?IPU>*l`r_`#jt6{#*L*Uj;n_Ii!bc~&eH_m
zGJaI~w$80QNSq!==$HLU57_$9=Hu4YNp_n~glV%jz2dl!IO8Gm>M-tMS1HL`!mQSa
zcuIyRWOzEJt%G0#iC0|8qawI#$NM0Be1TVdcsZR1f3@(3@09TN8Xs5S<uBgT<4rWa
zl)&c<_yPxC^5ByZS{kVXh$P2*b0>xlThFz4@vC({mNfe8-&;g)q)MWDaul%sC@v-W
zSU5CMw#ZvK@od@Lu&6`CicaIFFCG#B;W<L^$HabcV9CpYT|`nT@BPJ>Mu2siaiaFL
z$c)cUJx}6TRreJyyTU!>pCY&`r)|-xk@JpC{9>^esh}4t`UMD&1P^FwxBR7?^DT;>
zs3LKCBA_q6FcLzPW^!lmrrjIuPxK*iY)}03#V??Bnu1?QzMj!*;#PkWr^i_O;yenh
z(@6N-<2m2eq)%T-;`Dq+UwnO()kx@i(7E^5Prh)K#OY;%zPNuh4Er>)9m`1?RMBWJ
zlQ_LU(HDo2&0Ag*&E2#v9x}Rl%CuIeUm+dzqD@~1+=lqbzeMv8K3xbcI=eHhZBrG6
zq|&c2OJB#(7^p-VCiv)C(Phcg_mT_ra!X$v&Q3$*(=jkiyeG*`F;>Hb?ZLY3kYPJi
zD8mFCI^aV^eDj8{OYrgqZ$y-*CosvtBR2^r8+;0dF97ic7(GA~!$pC1d`N|`b)Lo*
zI%fQ9`DnntN2NcgVH%!jNs_nqc%S+S%^#4X>a~P)*IrVQvqvs@Xio^vJRxxWyJ=U4
zzIyRTlBcJjwtG>sE6JOC!nihC@F(wG81T36x3(s6dXT6u?$iscQ@@^ntj$!v#8)-%
zv0d@g7a!jXLXyO<w{`eOX?1r>O7Pn555zx1@o@?hEd4iJpEWZ1D;naJi3_vzt%vsp
z=jmXgbl<FQ6HcBF721>lyuUcCuRP`Ty`lcd<pm$7H+1}YdkE>EcYOLT7~-rdp#M9?
zCBd;C+M^;;qc1)=j>o%gYFu@u`WLTcVwWQ29dX=8n=3x;x}fEXvBj=hzWAZ9)~OHN
z>|J}axX2vYb2y37^SO-SmSOO8N?V|22!`GVmIr<FX-ow16Y85;3T7ssJUBad_l<2d
zxJ&dFv0rMEB?~X9g&qo7I%Isa$JDM{F0Q^wW(f7oxyJKYw~+d}bcf&(+Ffx?lsqaP
zDvREKxTSP;o!flou8V4YwVUI)@A#2xO;NjV-M&O#(0jpjafwXcrwN9J8B3$0Pd7hJ
z{Pf~Z-;93(Z?8=tIpaI;^4Y)VO%kU!()!}c1oB)0Od#n(Xnox3d3ioniKK(@J~|S3
zklQ=w$}%SR{hk)PQe}+nl?W9`aT4`L&1+jc-rh~>2=&!YPK0Qi)56`+CEmFmvD4ek
zWJ_X_W!RnV&|<;hvi0$z3rBujukpkDfS<mZ3yH7@py{vkSC78DYksGvNSvk?eQ{;_
zTisWk{<ieJ&-918eB2DviWwi$<HLV^O@ohF@D&EWYsJ?ltKbiwnoHQZF!J#sImQlN
xqvIQLd~A+Yfw%YcLSOj2D6XO^uEMaWt@fJuKR@6<TKuOH{@qG|C(l2B@h{4x&gK9B

diff --git a/filebeat/module/system/auth/test/debian-12.journal-expected.json b/filebeat/module/system/auth/test/debian-12.journal-expected.json
index d5185954234..884f23cc39c 100644
--- a/filebeat/module/system/auth/test/debian-12.journal-expected.json
+++ b/filebeat/module/system/auth/test/debian-12.journal-expected.json
@@ -1,4 +1,55 @@
 [
+    {
+        "event.action": "ssh_login",
+        "event.category": [
+            "authentication",
+            "session"
+        ],
+        "event.dataset": "system.auth",
+        "event.kind": "event",
+        "event.module": "system",
+        "event.outcome": "success",
+        "event.type": [
+            "info"
+        ],
+        "fileset.name": "auth",
+        "host.hostname": "vagrant-debian-12",
+        "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
+        "input.type": "journald",
+        "log.syslog.facility.code": 4,
+        "log.syslog.priority": 6,
+        "message": "Accepted publickey for vagrant from 10.0.2.2 port 48274 ssh2: ED25519 SHA256:k1kjhwoH/H3w31MbGOIGd7qxrkSQJnoAN0eYJVHDmmI",
+        "process.args": [
+            "\"sshd: vagrant [priv]\""
+        ],
+        "process.args_count": 1,
+        "process.command_line": "\"sshd: vagrant [priv]\"",
+        "process.name": "sshd",
+        "process.pid": 26538,
+        "related.hosts": [
+            "vagrant-debian-12"
+        ],
+        "related.ip": [
+            "10.0.2.2"
+        ],
+        "related.user": [
+            "vagrant"
+        ],
+        "service.type": "system",
+        "source.address": "10.0.2.2",
+        "source.ip": "10.0.2.2",
+        "source.port": 48274,
+        "system.auth.ssh.event": "Accepted",
+        "system.auth.ssh.method": "publickey",
+        "system.auth.ssh.signature": "ED25519 SHA256:k1kjhwoH/H3w31MbGOIGd7qxrkSQJnoAN0eYJVHDmmI",
+        "tags": [
+            "auth",
+            "journald"
+        ],
+        "user.group.id": "0",
+        "user.id": "0",
+        "user.name": "vagrant"
+    },
     {
         "event.action": "ssh_login",
         "event.category": [
diff --git a/filebeat/module/system/syslog/test/debian-12.export b/filebeat/module/system/syslog/test/debian-12.export
new file mode 100644
index 0000000000000000000000000000000000000000..780bd46990ecb0fac4928a097badc42b60e820d0
GIT binary patch
literal 2133
zcmdT_U2~f_6y0a-pWv-eiS>mL_2|LHBxT12FW^q{q>(_lv^L5BN!ov3*^ZsePC994
zUv_x_=IZF{-gC~CGFs<FmWx4PqY$cn&3UM)Vn$O)In)|s8Y&$$(^jCV7H$ZIFvQ$c
zng)KQw5|*b8oxr?hmcNp0zpo-F@{e^!7vFBgsQ3`uczNcphAv(zhMR&7#a?w%;VXj
zOqQ|Szlw6UTnQB5fFq7z$QeV}cc^8SW@VNp(F+)*gd&Crrw&lWf2ZrEK<8hX%-_5e
zkRP(F+#}z*7m&+Y^f5`}J=iy_u6Sc83L0t@;lyCoC>0RY_%&BRe$0w8oh@VWpf<hg
z#*5nMR&^H$1DUVW!+nb=Tg77dK8$7uR(X=;NqH+6C~k{Ib}g@FQL@-a$SIP{V>k0E
ziCw)8vuYsM?l=(0>*J@07fHIlkx`bG@l6T-{NwoCca`m$wlg&VrGvUGmH8|!R#{$(
zFZRCg)E3CqaU{x?%jXT^n^;Wlhkmkc_2g;W(-+8SId?lc#Gu=5(su3WVzZTuudd>#
zOg_Z|HRlINceOHJ&Si9+XX}+XOt>5>duN`<)@f3T{Yw8FC>BW+i;K%)+g1id**un4
z$--r@uO^l4&E$*Km(_9LaHxRsC)hfT+%>f{yLObd?Tp-+VNe?b{>nZ$1{Ui@DfV%Y
zq@S{ARwh|`C^TitG#oZngDG^%K#q;7_7OHd;T(d)VK-(Rzh923cRz;(%iDcnM|%ex
zql?+~fiz)_lu|gT8AKH7I%I_TlyIeL3^8XXtSH>XJ5zhd1-+N6dl%lqZraXU^>%kR
z4wr}RT-jLYNKj<!Jc{2I6ePf@<ad;he@*#>@DTb(*|VnMp-Z3APWBaIA#z?)BSV~d
z?DhIn*%KCokYnc(4)vPs2?+v<$XV#ZY3fP-|69$!kmFa=cV>Ii{MiNIDe}Svo}j0~
zznUxxeM;$>T#@YtyEX5<;jta7&uzEyM(b5}>rB9FdbKm2zHb`Sd$oCRI`a^N-+cJH
zgdx91807j#9UcgSeQ2;|kdev}Mk%f^sv+S4=e}`{`V+!1pF`#|KR_Yd)9SSxAnq6i
zpF4wd)c*uw-f9H@juht>q^<q>X#3sSAYRK6raTPLnI_|B)9=()I>UeO<z~~mCe`mf
d=@|Dm_QBEA_TIZY`)GQpwp&}N(f02E_yJXOb)o<O

literal 0
HcmV?d00001

diff --git a/filebeat/module/system/syslog/test/debian12.journal b/filebeat/module/system/syslog/test/debian-12.journal
similarity index 99%
rename from filebeat/module/system/syslog/test/debian12.journal
rename to filebeat/module/system/syslog/test/debian-12.journal
index 9f6f5a754e1a35e2a3c46ee6035d9e044ccbc729..f4c01a22c3f7d2cb59d2c973c0b3d66f78bf5586 100644
GIT binary patch
delta 6218
zcmeHLe^gXe9_InVT!tU>24O~l1{B3|m6;T09<93&;(&@wfWoNl4C)$WrIm*4o?_I^
zAx)QYs)uPN9u3m<gpfT-i)Cw9t!yP};o#~*9+TW`u^*<QvUhm*Gg)uj+;jSKIp^`6
z`@Wz1x!?P}-}}Aa`&=$pu!}xbvura9b8-rD0_b13?;rbHHRhe;1J>CiH%48&zq&H|
zr0&U}MVHEF-n*gV(5n}hZay)iv}W_B_pA%{9{QweL7Xl4`}hEk5e-%i{pgR8+paT~
zp&uGquMRjqTvj9w_pBcqm>A({n(j4nDzA!5Bwg2KaF_R<7&lqP2}96T-gdP_TvuhC
z%X`nTV$wG#xB9$oTnZT%DkH~vJ<)nqpxg-Xav^4-ACQ51$#k5PI8wv3H4>koKFkqS
zn2c6=Jz+XBE(k=XARRGYllvMaPf|(+N1SX>CmmEG)kMZtd-sRxNY51++aq37C)X1j
zn~6<a{VUbs5iQI>$OdLrgEy0o+H-^T^{x)qk(^+eH>a7`-p7$6k#h5h<mrx2;YbTJ
zszvk}MJ^AM)tANIM<Y6=+MIYzAZcOKXz`kY%%qDEc2UAmZiJKdfb0v98Tz~?I(nB%
zZgq)uMPZ%9!kQNE#ZWUTW6&}RO%bc3`3&L;k?}6cv?acnYwnBLagww!*R;6z>qbiZ
zb#e7AM9-Y3m-y{k>y&0q>>q<kV}#th(Ouf1l}bCJMKvj7LzYR@g3vr-WFr`TBh+WC
z)x=7gSWf>2`%&g5%bD+&OVszp=|s;0M=z~z40As~huSffG_aQq{+Io?5fyW;%1xb1
z9h?yQdmnlR(J&`z+|;d7@1v0wYuI?k6{MdnLBB69ipP;^UY<p@RC*~gbRK0$Tttj4
z(2Tx7tACl)u=&%#WAksUA}+QxE~#B(2u-FvGtLtyqjwI4-Bi-TBEQAW&yS^#jy}|j
z^GAq>m`xcD(#ImKPiohV`bGm|lZb@{xW(;><|R+GwqiX~`dyeaf;d^kIHlh7vG*+@
zN0{|T+|+vdgwt6>9G*)JwB-^FGe|>?h&>!mG;FywzU8J*99{DGb4Ch2E)gelF`Z3!
zym<<#WieDM_5N<Mb+0-{D?5+MwOp*k#d0Zc(4L<k^sdq@r$01tq=ZFD38ExaPgHEr
zsHD1__zDB*VQbLiUjtVXaWbbkzvC2F9_eBGug8}aiZ#T=*jzrgV$1g(<oA@`XPW92
zQp>`l)*l|pYE6_p5h|Ox*aP|AoR}ScBHGQOC5deAiN3j;(}|6lVRKV6=o3hvAo>JT
zvxd26u->+9q@OKMzi)ZmO;eF<%jH}ea4_7K`NiMf`;0aHqMt4Pa*b?TkWVANdBu{&
z|I*cca8&L4yMSFT@>eaov<Fx_I=Q=j$CRaAP(y;T;X91KzDgO-nm*pQG4?_qpc?V@
zs}@7reAb@y*n)W>bIZSg8WM~>j4{xs5Mu@`leC7YN`COf%4R^Td2!x=<+ijr>;*S(
z&y913Grxo$5|nxt6!NqW3|PkV+2tkf193<11=J>99H2(dVC}Zn?7@k(ogY9A2}av@
z81t@KM%zbinEq*QN$C<m5nHx`-28&vB0JXV9tLQxN<UR^UGWa^kQf4OPHewsN#!#(
zEj?xX$A^>fx>4k>TMQ;UYd0O7zHfBTr8=k~m2BnLEoN<RLT>P#U#&X|m?~0ix^5Y3
zn$BKqDn5LAU3ixWJ*1M3zhN=(ug}>l)|5SX9<UlQ^M*y|XDe%Hn%HswBacH3sbur`
z*b=sFf9=xyubu!*CARt47O?iRvuPcz|MGkTHKdY_AGDbHj<+WlIOlJk4VX)`4^qcv
zv-aZ3R>M=Z`_xcFD%tkaZv61x+e<1J=`H}K7kdY(Z3V3Td7J6k&yHpELJg^4d)6eR
zmi}e;!1jt4>Pmn@f^!rVWX>+M<rfsm8iWp3=fK_9Pk$}64i#_c>yye+jtU0*l@qU!
z>X~J&KqC7%Y`N2X@4%kN0GFQ`)SMbqdk}a?1-qEb2`Todl`lS&yZg08fFZFvvhwqM
zl%U5}^EB)0{*dU|06e6UzMT`y_Gebtna+Hb{3c*H)E(I+LrVzyLI&9O$)9w~caK;D
zJfxDoJWxore-!ZN?F*0Xxf?K)2ac?~X|r-?XM=to1I+xb&gF4DcmQ}vCH<8^!OTxK
zMEtYlOhqSPMlmx;Fqn`FSGQHPJ>RL{3N@sXZA*|~E>(?xI(6FEB?z_voX(Cydtp&_
z-ZV#+wIF|v&F^vq)`z;I9s9Lusi22c4kH8$sr-iI>SJQaC;k<3ij~3C=((($b!6W8
zE9qOyzyhgcYo~0bo{#QI)<6909zTqoVSb|vXXR$mrG%$p^d?JX!-m0=SI`eqIZXL5
zAys?q^Xz2L`}IkHxq`(#!-U&Ri0b0-yISkdfB7=>kV-l(L`dPM@9l^(^I1~>(}+R{
z^?`%6cUt##eb7+c1U00R%@ZP+wa=Yj`NF*~{U#l-+F@dM2sJLBy%_h{^t|LJ)f1qH
zRMMG3sc{n)zIdWL`pyQxjAD5xHSQtSUiR*`U60wb*#!%r|BxQUwot*UO+9^3oxIlS
zpG!-KI8sH8!$I}>oUpfkkrI>mEs^|7Y23pqx}%PHQ~%!Z(4#0x0#JO-nVmb7&alo{
znBJIc$&1G}r2RNOM`*gyJbuU3x*G3kz)|qd$iLfBWViV@>{13ecXGk9@M|mmzCu5x
z^-mGOTKd|Ah3V(A4E|#lw~)N-!oo~zwnI*t-$v^S#;4yp;gQ}0t>ZxtsT@WK6Y}l7
zC*n6wU7TzH4An0i#=jX*kJPPE?|8m=(jnj>mGqy6Q77$H*I5^**Z7M%T*Q1%^34Ei
z04EilpL_d-zjl5NT1X}R!)h8a&qZWzE{e0i4VWcNd{-?@3^WFcSJlFlDqO@+j^d(#
zViGqQl!B;#QOBWlLKTLa5K1OoyioMiuv<2(TB=0c3Q%~Uu1D#BODGP1T*`2K<A}sT
zi!%*JBMu>)WjHnD!>4M*8r=GDTp&{;;p3i#%#6YwxfK^eBthImk;QQFKpw*7cqoxn
z(M;09Zp+98*oD~4*f!XGh;wWg+~pA0h#&+au9JwI5Ecs-D*apE_YNUc!>&cg**%Zp
z{h^3#v#k2!9penUcS4V)LI1{R`3fUn4-z7T(f&j==B#$bjY)6Cp)0}$UHj10S5fQ4
zng~IYhSR3Q+BxUB56-SbUxXO?CJw)O*i&@aBvd?4H$AcInC_8MbcL)DlOhG3m=P&h
zw0-NwFKL`H?PKVAcyWECFfmE~NEQ&VGjFZaF}P(6^l(4pxEv|ua6MvXlwkhJHy4Ud
zI3C|(;7xoRVIG>c4mWwsTf<fsbGSJaFdv_UD`^CHlen1Cw}^}TFF4ARaH~AGiW86=
zQDz-K^TbORE_E9*7i2F*B#SR=gcQ?4hU<A_*ZQ{6i++Y~aGSCl;RUm44a1#1_1@&C
zqh9it0`RV~TO}_P)1YXly?-<)ek{ZOk3p~wpSqZDes1)CcVV-}frjb)&?3sgknn?x
fd<%O2=OX`CmjD0w_Pgj!->iNrx6qGRrxX4SE@mkD

delta 5820
zcmeHLYfw~27M?r943Cz_j1J-h!5~OV3(zRs8;cdxQHBVNJQNfIqYDc`B4`$|e9Vv#
z7f~Yy*$YXPfmo;kQ6g$gBqh3~3tGDYQ@XmlwW}uTu1OS3#F3YKdTyVoS=Rf*|2tK~
z$LaH(ue(oo-`i)bR;!B@zLuq?H&Wu_lH(NcnN0t%PgsNhs)~=}-#+PLJ^PBW+45##
z=SZw2@!)%RjyG)#SX~)!uKMtUD@!t)+wWO2Cz)JE^W8W}$TniJ|6|ijw)H#S{*RyJ
zCyMTI%%R&?8KP_*v+u-WvFI7^rfwZ0C{+7~gQ{aV6Y<jsQkX`lp2f{29nU2hz_wzQ
zffEB$wQi~kHTCLAph{u`Ru`+D5R*c(0l{w|^&?U=Aowqm+5yQ11iO(`C?!51sHbtH
z*F|aov<vvTOEw_b!IL_eo#!RBSGhS5{Ao2+UT&%*1jM}Wa-@4u>J88?R_Y;<0in0K
z9LeUS2Eevi>QfxK!Nw10A73CFKOopOq=U^D5bS;rBE>6+Jsp#JpGh4e@@xQrFn}B}
zdtY!7;aNrjVHA3fq_a5#Lc?!466Y$(0@5&IW5WcLB5aHR2!vp<J3XSl?Uug&Zzp`M
z@C{UvBGxltTc3U}b5N)Bt+uNANvDt04<L|E1(OIiA3&$5d%2{0m}PR<Sxz&bbg=vb
zLd3OIq>7Cd5E|ZJN6xS%26WOq{R!z%OT7a!$Gt;@*Gi3m(5PNX^4J&wp+P^7gfcxq
z7M6RoI%ZsqG_#Ilq=@Ag5D11yQtK&c0<s92gZ|HnjX40BL$iQ%vn>kf#Kz3+NF+A4
z1p%E1*EhFid;2I)_?jY#8_NM8FoOL^FFRC#(9jq|LfPB_VIMV;R<@l1nPy2FiD0<}
zq%wy|727C)(4d}1ZotW<A3zp%X*Myj&Hz~>9ejyDv9etQ2#zN{q?ct15E`y^kvKLr
zKxoKmC82EH0ioey9w}uz91t3CUtQls(%H!XWDZ|K+=irW1L(xYTq5?z5F3jIWW<u2
zq>4oYz92d>odmL_0(2r=x=bqAF$QD~O)25oY6G&yT#<CM0}hCdSM5*5=wf?j6^c!d
zONuT3KE0Kh4(MfPrQTaw0~Pa7TPe0Y;}>eLBz<<c_2I$qF{V`H2Ke#O?;vyAlTF4m
z;xu$4qH^abWoj$MgaJ_gDSG|wjZ=0{#gIU;VSo>aUd!xR>%X596XyC2x)D*imnkcm
zgW8<<WPpE7*RVQmP?bOR8iwTgh_4UwQ=(V1hK(%+*G3Y{e}{fVl=fri71Kd&rMPF1
zpP^k<v3vi_W8u3oq)6-<gh3}WyQl0|Uu?N>J{{eNs2np&nc7Oxe~1q<bJJQrRE6(N
zgV&Nh3iq8U*_f1UOwC}gNJR$IBnjW>-&<;|!Y&Z8E3`3AA=VA?;o9cHctb#l{ug+`
z*crTdbBGTR%#0qtFl5W2=Gab*MwC~L^%5qC3x@eAI&MpXXgN2w5o2mS#SO!Jh>*w{
zc-Q?0p6lm@qaRUTyK9&aFqhBg-g%TbvJ>g}9M4KKE~0HXLF}ff_Up`ov6(jHBg%IZ
zJHiKO$(hQh{eSiS5$Ptec!VD>{F>R>vl1E}9JfwFH=?}imm_?XcFg_E3Hn1xkCEOj
za?c^%3Cu1&mTcRab|3}ai1Mn-AY7YxczVu^56oX6y+|y34r5)(>}|KddjHY&Q*+Rb
zD6iV}oDbJ&|5WDhs_317^c!PpJcKEZ<y-9Knp>v{o{DZnS=E{hA;8=^eBd7sg02K0
z8y{;~rvF~OG)4#=zy4D1@9SHTk0{?uk1*Zbw61vF8r>>Kn(^(GwJ<4x<{I}%4wJhv
z*xPe*)5H6yjwsuUxQr8`%*|uk%jfU+8H;qhC}bJZ4YUorS;YviM*Z^-$@yEpMLwc@
zH@7(<+#LB)V_R=aj3d){UC3IPuxP0<(SY5oVR}7#j+ZC<?JY!kMEP#=l|qzu?(ihv
zS8DqIjPx_&=Sm?!zz6W5ooTkC!$bGbjVQ0mse~w<@RybAJdW-nNKaRZ@haFx*{oq=
zeTMtHlPk}lA5mVmP9=nEukV@vpnTr!TS&KwH&rm$H<^9WHNCOecHkwp{HrcPxbBVZ
zmael`x=pBB<s!c2;xyRhJF|j*-nAkX{fP2|{gTRlyrzG0Y34b{YamoD4p3R#<i4vT
z?i8l4!<Q(kD&%F2YGJze{;tS-kDvN)Mt+A_riL8+hS}{YyRy$MD=a}bqP%L48Wt=s
z@T={$O(Tv+zDXla)WBd@u=teV*&!_hp$Ab8QC>D*1B3nJ>9basr?Ku1y4awB!Q$vV
z=Y3N8@cfD&(2Xds+NTkg=#G27{_Zbp3+^D@>MF*&!eH^OxIusVXwk%hcJw34%htKV
ziCfV3QP$16)FnvAYinAf(Z2S0;&1`4+O7+}A;De9N0jeosvA6}&TiblXr4=3CepF;
zh)-IOm6~C49PEvZFc_Bcga7ivLF6OKchleoNwQAe9K0>RuLTRtICpWt4U&ZSzg-i5
zyz7~t@d)J*<z<cTLX!C||7qU-DQ8b29qXI~LrO~Q5`*LEhnJz)8|Iq0_AN%_Bg%Kv
z=MG6qy;{9Jy6EXGq#t1wFHI7CXW&|3lKj?|ANelQ)`xsV`EH6mAW0V{ES`Hoz0&cJ
zjUeJ>4<St1t`G-2gh&gm66oce)>5<*rS~y<o2TUjy@HtF)=h8Tv{a)-2z{~9*A9Ir
z&<8fH8EHX5%K}>T&~k~Ei?p<X8cIPc8M@8r9-uV~Ey?IqBczL&MWJC63B?I9r1Rq8
zvfIhZOw0!!f!xTMZ<jR9bVOl=L}TbDLMI_!oT*JUvQm>{6H`n{$*Iu=IUB@7o`NnK
zHUCv*sO%|OeZejOf3U1U&Gb>4)aJyWJcXd>Y!<WQNYl^X?kj9Y2`tM{!a7QV+MH<c
z5`u&R7Bk-aSWd}!^<|VmL<zJpBXH&Q66WiQ-N*4W?$-{XyVFN};3b3!c>k}PU1spk
zRePWxi(`3NqqmU6<%xCPLevZQ39V^qsa6YL8+>VLEVrDr7hFm@f|ul36r=aY=wZL4
z;0yJf2Z-5~Zkw+u6zePg{#n;n6+YSRCx*_%If&XAs1VO<h3Uduv<*IU!Y+=~?kHF+
zSqgi?=>PKJ6Ldn9P|5gV>jP@Fb+xe=jz2@lhnMMu6|j0YLB+9pc*31mj{a-|KPxHd
ib51UaqkDNt-njqCHV8WX4uC%|{2%d0zn8=12mS*$VaoFW

diff --git a/filebeat/module/system/syslog/test/debian12.journal-expected.json b/filebeat/module/system/syslog/test/debian-12.journal-expected.json
similarity index 100%
rename from filebeat/module/system/syslog/test/debian12.journal-expected.json
rename to filebeat/module/system/syslog/test/debian-12.journal-expected.json

From fe5bdb109ab1dc0d58e10147034bd10708487203 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Thu, 3 Oct 2024 11:53:19 -0400
Subject: [PATCH 21/38] Improve system test error handling

Set Filebeat to write logs to file where the framework can find it,
this avoids the 'file not found' exception thrown when trying to print
logs on test failures form masking the actual test failure.
---
 filebeat/tests/system/config/filebeat_modules.yml.j2 | 2 ++
 filebeat/tests/system/test_modules.py                | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/filebeat/tests/system/config/filebeat_modules.yml.j2 b/filebeat/tests/system/config/filebeat_modules.yml.j2
index cde1a3c750d..7e087af5e8f 100644
--- a/filebeat/tests/system/config/filebeat_modules.yml.j2
+++ b/filebeat/tests/system/config/filebeat_modules.yml.j2
@@ -9,6 +9,8 @@ filebeat.registry:
 
 filebeat.overwrite_pipelines: true
 
+path.logs: {{ beat.working_dir }}
+
 filebeat.config.modules:
   path: {{ beat.working_dir + '/modules.d/*.yml' }}
 
diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py
index 65428a13bb5..e23424bac0f 100644
--- a/filebeat/tests/system/test_modules.py
+++ b/filebeat/tests/system/test_modules.py
@@ -169,7 +169,7 @@ def run_on_file(self, module, fileset, test_file, cfgfile):
 
         cmd = [
             self.filebeat, "-systemTest",
-            "-e", "-d", "*", "-once",
+            "-d", "*", "-once",
             "-c", cfgfile,
             "-E", "setup.ilm.enabled=false",
             "-modules={}".format(module),

From e86d97e310bbb801a73d3f6cd3d3b45dbb726688 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Tue, 8 Oct 2024 12:03:27 -0400
Subject: [PATCH 22/38] Create a new input to instantiate a jouranld or log
 input

---
 filebeat/input/default-inputs/inputs_linux.go |   2 +
 filebeat/input/journald/input.go              |   4 +-
 filebeat/input/systemlogs/input.go            | 105 ++++++++++++++++++
 3 files changed, 109 insertions(+), 2 deletions(-)
 create mode 100644 filebeat/input/systemlogs/input.go

diff --git a/filebeat/input/default-inputs/inputs_linux.go b/filebeat/input/default-inputs/inputs_linux.go
index 8eed9a3ea4f..ec37894d26a 100644
--- a/filebeat/input/default-inputs/inputs_linux.go
+++ b/filebeat/input/default-inputs/inputs_linux.go
@@ -19,6 +19,7 @@ package inputs
 
 import (
 	"github.com/elastic/beats/v7/filebeat/input/journald"
+	"github.com/elastic/beats/v7/filebeat/input/systemlogs"
 	v2 "github.com/elastic/beats/v7/filebeat/input/v2"
 	cursor "github.com/elastic/beats/v7/filebeat/input/v2/input-cursor"
 	"github.com/elastic/beats/v7/libbeat/beat"
@@ -37,6 +38,7 @@ func osInputs(info beat.Info, log *logp.Logger, components osComponents) []v2.Pl
 	zeroPlugin := v2.Plugin{}
 	if journald := journald.Plugin(log, components); journald != zeroPlugin {
 		plugins = append(plugins, journald)
+		plugins = append(plugins, systemlogs.PluginV2(log, components))
 	}
 
 	return plugins
diff --git a/filebeat/input/journald/input.go b/filebeat/input/journald/input.go
index 7bdfcc9816f..20e46bd0cc2 100644
--- a/filebeat/input/journald/input.go
+++ b/filebeat/input/journald/input.go
@@ -80,7 +80,7 @@ func Plugin(log *logp.Logger, store cursor.StateStore) input.Plugin {
 			Logger:     log,
 			StateStore: store,
 			Type:       pluginName,
-			Configure:  configure,
+			Configure:  Configure,
 		},
 	}
 }
@@ -91,7 +91,7 @@ var cursorVersion = 1
 
 func (p pathSource) Name() string { return string(p) }
 
-func configure(cfg *conf.C) ([]cursor.Source, cursor.Input, error) {
+func Configure(cfg *conf.C) ([]cursor.Source, cursor.Input, error) {
 	config := defaultConfig()
 	if err := cfg.Unpack(&config); err != nil {
 		return nil, nil, err
diff --git a/filebeat/input/systemlogs/input.go b/filebeat/input/systemlogs/input.go
new file mode 100644
index 00000000000..7210adb1f57
--- /dev/null
+++ b/filebeat/input/systemlogs/input.go
@@ -0,0 +1,105 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package systemlogs
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/elastic/beats/v7/filebeat/channel"
+	v1 "github.com/elastic/beats/v7/filebeat/input"
+	"github.com/elastic/beats/v7/filebeat/input/journald"
+	loginput "github.com/elastic/beats/v7/filebeat/input/log"
+	v2 "github.com/elastic/beats/v7/filebeat/input/v2"
+	cursor "github.com/elastic/beats/v7/filebeat/input/v2/input-cursor"
+	"github.com/elastic/beats/v7/libbeat/feature"
+	"github.com/elastic/elastic-agent-libs/config"
+	"github.com/elastic/elastic-agent-libs/logp"
+)
+
+const pluginName = "system-logs"
+
+func init() {
+	// Register an input V1, that's used by the log input
+	if err := v1.Register(pluginName, newV1Input); err != nil {
+		panic(err)
+	}
+}
+
+// newV1Input creates a new log input
+func newV1Input(
+	cfg *config.C,
+	outlet channel.Connector,
+	context v1.Context,
+) (v1.Input, error) {
+	useLogs, err := cfg.Bool("use_logs", -1)
+	if err != nil {
+		return nil, fmt.Errorf("cannot parse 'use_logs': %w", err)
+	}
+
+	if useLogs {
+		if err := cfg.SetString("type", -1, "log"); err != nil {
+			return nil, fmt.Errorf("cannot set 'type': %w", err)
+		}
+		inp, err := loginput.NewInput(cfg, outlet, context)
+		if err != nil {
+			return nil, fmt.Errorf("cannot create log input: %w", err)
+		}
+		return inp, err
+	}
+
+	return nil, v2.ErrUnknownInput
+}
+
+// PluginV2 creates a v2 plugin that will instantiate a journald
+// input if needed.
+func PluginV2(logger *logp.Logger, store cursor.StateStore) v2.Plugin {
+	logger = logger.Named(pluginName)
+
+	return v2.Plugin{
+		Name:       pluginName,
+		Stability:  feature.Stable,
+		Deprecated: false,
+		Info:       "system-logs input",
+		Doc:        "The system-logs input collects system logs on Linux by reading them from journald or traditional log files",
+		Manager: &cursor.InputManager{
+			Logger:     logger,
+			StateStore: store,
+			Type:       pluginName,
+			Configure:  configure,
+		},
+	}
+}
+
+// configure checks whether the journald input must be created and
+// delegates to journald.Configure if needed.
+func configure(cfg *config.C) ([]cursor.Source, cursor.Input, error) {
+	useJournald, err := cfg.Bool("use_journald", -1)
+	if err != nil {
+		return nil, nil, fmt.Errorf("cannot parse 'use_journald': %w", err)
+	}
+
+	if useJournald {
+		if err := cfg.SetString("type", -1, "journald"); err != nil {
+			return nil, nil, fmt.Errorf("cannot set 'type': %w", err)
+		}
+		return journald.Configure(cfg)
+	}
+
+	return nil, nil, errors.New("cannot initialise system logs")
+}

From 5c84f4a69597113dcda95d993d95432f670332dd Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Tue, 8 Oct 2024 15:42:46 -0400
Subject: [PATCH 23/38] Choose between journald and log input based on flag,
 update module

The module configuration template has been updated to use the new
input, the new input can select journald or traditional log files
based on the flags `use_journald` or `use_files`.
---
 filebeat/input/systemlogs/input.go            |  95 ++++++++++++---
 filebeat/module/system/auth/config/auth.yml   |  88 ++++----------
 .../module/system/syslog/config/syslog.yml    | 115 ++++++------------
 3 files changed, 138 insertions(+), 160 deletions(-)

diff --git a/filebeat/input/systemlogs/input.go b/filebeat/input/systemlogs/input.go
index 7210adb1f57..e745385a6f0 100644
--- a/filebeat/input/systemlogs/input.go
+++ b/filebeat/input/systemlogs/input.go
@@ -28,7 +28,7 @@ import (
 	v2 "github.com/elastic/beats/v7/filebeat/input/v2"
 	cursor "github.com/elastic/beats/v7/filebeat/input/v2/input-cursor"
 	"github.com/elastic/beats/v7/libbeat/feature"
-	"github.com/elastic/elastic-agent-libs/config"
+	conf "github.com/elastic/elastic-agent-libs/config"
 	"github.com/elastic/elastic-agent-libs/logp"
 )
 
@@ -41,21 +41,38 @@ func init() {
 	}
 }
 
+type config struct {
+	UseJournald bool    `config:"use_journald"`
+	UseFiles    bool    `config:"use_files"`
+	Files       *conf.C `config:"files" yaml:"files"`
+	Journald    *conf.C `config:"journald" yaml:"journald"`
+}
+
+func (c *config) Validate() error {
+	if c.UseFiles && c.UseJournald {
+		return errors.New("'use_journald' and 'use_files' cannot both be true")
+	}
+
+	if c.Files == nil && c.Journald == nil {
+		return errors.New("one of 'journald' or 'files' must be set")
+	}
+
+	return nil
+}
+
 // newV1Input creates a new log input
 func newV1Input(
-	cfg *config.C,
+	cfg *conf.C,
 	outlet channel.Connector,
 	context v1.Context,
 ) (v1.Input, error) {
-	useLogs, err := cfg.Bool("use_logs", -1)
+
+	useJournald, cfg, err := decide(cfg)
 	if err != nil {
-		return nil, fmt.Errorf("cannot parse 'use_logs': %w", err)
+		return nil, fmt.Errorf("cannot decide between journald and files: %w", err)
 	}
 
-	if useLogs {
-		if err := cfg.SetString("type", -1, "log"); err != nil {
-			return nil, fmt.Errorf("cannot set 'type': %w", err)
-		}
+	if !useJournald {
 		inp, err := loginput.NewInput(cfg, outlet, context)
 		if err != nil {
 			return nil, fmt.Errorf("cannot create log input: %w", err)
@@ -88,18 +105,66 @@ func PluginV2(logger *logp.Logger, store cursor.StateStore) v2.Plugin {
 
 // configure checks whether the journald input must be created and
 // delegates to journald.Configure if needed.
-func configure(cfg *config.C) ([]cursor.Source, cursor.Input, error) {
-	useJournald, err := cfg.Bool("use_journald", -1)
+func configure(cfg *conf.C) ([]cursor.Source, cursor.Input, error) {
+	useJournald, cfg, err := decide(cfg)
 	if err != nil {
-		return nil, nil, fmt.Errorf("cannot parse 'use_journald': %w", err)
+		return nil, nil, fmt.Errorf("cannot decide between journald and files: %w", err)
 	}
 
 	if useJournald {
-		if err := cfg.SetString("type", -1, "journald"); err != nil {
-			return nil, nil, fmt.Errorf("cannot set 'type': %w", err)
-		}
 		return journald.Configure(cfg)
 	}
 
-	return nil, nil, errors.New("cannot initialise system logs")
+	return nil, nil, errors.New("cannot initialise system-logs with journald input")
+}
+
+// decide returns:
+//   - use Jounrald (input V2)
+//   - the new config
+//   - error, if any
+func decide(c *conf.C) (bool, *conf.C, error) {
+	cfg := config{}
+	if err := c.Unpack(&cfg); err != nil {
+		return false, nil, err
+	}
+
+	if cfg.UseJournald {
+		cfg, err := toJournaldConfig(c)
+		return true, cfg, err
+	}
+
+	if cfg.UseFiles {
+		cfg, err := toFilesConfig(c)
+		return false, cfg, err
+	}
+
+	// TODO: implement checking the files
+
+	return false, nil, errors.New("[WIP] either set use_journald or use_files")
+}
+
+func toJournaldConfig(cfg *conf.C) (*conf.C, error) {
+	newCfg, err := cfg.Child("journald", -1)
+	if err != nil {
+		return nil, fmt.Errorf("cannot extract 'journald' block: %w", err)
+	}
+
+	if err := newCfg.SetString("type", -1, "journald"); err != nil {
+		return nil, fmt.Errorf("cannot set 'type': %w", err)
+	}
+
+	return newCfg, nil
+}
+
+func toFilesConfig(cfg *conf.C) (*conf.C, error) {
+	newCfg, err := cfg.Child("files", -1)
+	if err != nil {
+		return nil, fmt.Errorf("cannot extract 'journald' block: %w", err)
+	}
+
+	if err := newCfg.SetString("type", -1, "log"); err != nil {
+		return nil, fmt.Errorf("cannot set 'type': %w", err)
+	}
+
+	return newCfg, nil
 }
diff --git a/filebeat/module/system/auth/config/auth.yml b/filebeat/module/system/auth/config/auth.yml
index 7fe0440dfda..beabe63c873 100644
--- a/filebeat/module/system/auth/config/auth.yml
+++ b/filebeat/module/system/auth/config/auth.yml
@@ -1,70 +1,26 @@
-{{/*
- We use the template to detect the OS and select the correct input:
- log or journald. Here is how it works:
-
- First we define two blocks, 'journald'  and 'log-files', each one
- containing the configuration for the journald input and log input,
- respectively. Then we define the variable '$journaldDetected' as
- false and check OS version and OS family, if journald should be used,
- we set '$journaldDetected' to true. The last step is an if/else block
- to decide which input to use based on the user defined
- 'use_journald', 'use_logs' and '$journaldDetected' that we set.
-
- 'use_journald', 'use_logs' take precedence over '$journaldDetected',
- if both 'use_journald', 'use_logs' are set to true, then journald is
- used.
-*/}}
-
-{{ define "journald" }}
-type: journald
-id: system-auth
-
-facilities:
-  - 4
-  - 10
-
-tags: {{ append .tags "journald" "auth" | tojson }}
-
-{{ end }}
-
-{{define "log-files" }}
-
-type: log
-paths:
-{{ range $i, $path := .paths }}
- - {{$path}}
-{{ end }}
-exclude_files: [".gz$"]
-
-multiline:
-  pattern: "^\\s"
-  match: after
-
-processors:
-  - add_locale: ~
-
-tags: {{ .tags | tojson }}
-
-publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}
+type: system-logs
+journald:
+  id: system-auth
+  facilities:
+    - 4
+    - 10
+  tags: {{ append .tags "journald" "auth" | tojson }}
+
+files:
+  id: system-auth
+  paths:
+  {{ range $i, $path := .paths }}
+    - {{$path}}
+  {{ end }}
+  exclude_files: [".gz$"]
 
-{{ end }}
+  multiline:
+    pattern: "^\\s"
+    match: after
 
-{{ $journaldDetected := false }}
+  processors:
+    - add_locale: ~
 
-{{if eq .builtin.osFamily "debian" }}
-  {{if eq .builtin.osVersion "12 (bookworm)" }}
-    {{ $journaldDetected = true }}
-  {{  end  }}
-{{  end  }}
+  tags: {{ .tags | tojson }}
 
-{{ if .use_journald }}
-  {{ template "journald" . }}
-{{ else if .use_logs }}
-  {{ template "log-files" . }}
-{{ else }}
-  {{ if $journaldDetected }}
-    {{ template "journald" . }}
-  {{ else }}
-    {{ template "log-files" . }}
-  {{ end }}
-{{ end }}
+  publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}
diff --git a/filebeat/module/system/syslog/config/syslog.yml b/filebeat/module/system/syslog/config/syslog.yml
index 507861c2a10..f7cddaa007e 100644
--- a/filebeat/module/system/syslog/config/syslog.yml
+++ b/filebeat/module/system/syslog/config/syslog.yml
@@ -1,80 +1,37 @@
-{{/*
- We use the template to detect the OS and select the correct input:
- log or journald. Here is how it works:
-
- First we define two blocks, 'journald'  and 'log-files', each one
- containing the configuration for the journald input and log input,
- respectively. Then we define the variable '$journaldDetected' as
- false and check OS version and OS family, if journald should be used,
- we set '$journaldDetected' to true. The last step is an if/else block
- to decide which input to use based on the user defined
- 'use_journald', 'use_logs' and '$journaldDetected' that we set.
-
- 'use_journald', 'use_logs' take precedence over '$journaldDetected',
- if both 'use_journald', 'use_logs' are set to true, then journald is
- used.
-*/}}
-
-{{ define "journald" }}
-type: journald
-id: system-syslog
-
-facilities:
-  - 0
-  - 1
-  - 2
-  - 3
-  - 5
-  - 6
-  - 7
-  - 8
-  - 9
-  - 11
-  - 12
-  - 15
-
-tags:
-  - journald
-  - syslog
-
-{{ end }}
-
-{{define "log-files" }}
-
-type: log
-paths:
-{{ range $i, $path := .paths }}
- - {{$path}}
-{{ end }}
-exclude_files: [".gz$"]
-multiline:
-  pattern: "^\\s"
-  match: after
-processors:
-  - add_locale: ~
-  - add_fields:
-      target: ''
-      fields:
-        ecs.version: 1.12.0
-
-{{ end }}
-
-{{ $journaldDetected := false }}
-
-{{if eq .builtin.osFamily "debian" }}
-  {{if eq .builtin.osVersion "12 (bookworm)" }}
-    {{ $journaldDetected = true }}
-  {{  end  }}
-{{  end  }}
-
-{{ if .use_journald }}
-  {{ template "journald" . }}
-{{ else if .use_logs }}
-  {{ template "log-files" . }}
-{{ else }}
-  {{ if $journaldDetected }}
-    {{ template "journald" . }}
-  {{ else }}
-    {{ template "log-files" . }}
+type: system-logs
+journald:
+  id: system-syslog
+  facilities:
+    - 0
+    - 1
+    - 2
+    - 3
+    - 5
+    - 6
+    - 7
+    - 8
+    - 9
+    - 11
+    - 12
+    - 15
+  tags:
+    - journald
+    - syslog
+
+files:
+  id: system-syslog
+  paths:
+  {{ range $i, $path := .paths }}
+    - {{$path}}
   {{ end }}
-{{ end }}
+
+  exclude_files: [".gz$"]
+  multiline:
+    pattern: "^\\s"
+    match: after
+  processors:
+    - add_locale: ~
+    - add_fields:
+        target: ''
+        fields:
+          ecs.version: 1.12.0

From bcc81e55e8735875565a7f5b0d4747c73bef1af7 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Tue, 8 Oct 2024 18:17:42 -0400
Subject: [PATCH 24/38] Update configuration and docs

---
 filebeat/docs/include/use-journald.asciidoc   |  7 ++----
 filebeat/filebeat.reference.yml               | 23 +++++++++----------
 filebeat/include/list.go                      |  1 +
 .../module/system/_meta/config.reference.yml  | 23 +++++++++----------
 filebeat/module/system/_meta/config.yml       | 20 ++++++++--------
 filebeat/module/system/auth/config/auth.yml   |  8 +++++++
 filebeat/module/system/auth/manifest.yml      |  2 +-
 .../module/system/syslog/config/syslog.yml    |  9 ++++++++
 filebeat/module/system/syslog/manifest.yml    |  2 +-
 filebeat/modules.d/system.yml.disabled        | 20 ++++++++--------
 x-pack/filebeat/filebeat.reference.yml        | 23 +++++++++----------
 11 files changed, 73 insertions(+), 65 deletions(-)

diff --git a/filebeat/docs/include/use-journald.asciidoc b/filebeat/docs/include/use-journald.asciidoc
index 0c84bc67ce5..12cb33c0c6c 100644
--- a/filebeat/docs/include/use-journald.asciidoc
+++ b/filebeat/docs/include/use-journald.asciidoc
@@ -3,13 +3,10 @@
 A boolean that when set to `true` will read logs from Journald. When
 Journald is used all events contain the tag `journald`
 
-*`var.use_logs`*::
+*`var.use_files`*::
 
 A boolean that when set to `true` will read logs from the log files
 defined by `vars.paths`.
 
-If neither `var.use_journald` nor `var.use_logs` are set (or both are
+If neither `var.use_journald` nor `var.use_files` are set (or both are
 `false`) {beatname_uc} will auto-detect the source for the logs.
-
-If both `var.use_journald` and `var.use_logs` are set to `true` then
-Journald will be used.
diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml
index be9785324ea..a1af7b861d5 100644
--- a/filebeat/filebeat.reference.yml
+++ b/filebeat/filebeat.reference.yml
@@ -25,14 +25,14 @@ filebeat.modules:
     #var.use_journald: true|false
 
     # Force using log files to collect system logs
-    #var.use_logs: true|false
+    #var.use_files: true|false
 
-    # If use_journald and use_logs are false, then
-    # Filebeat will autodetect whether use journald
-    # to collect system logs. If both are true,
-    # then journald is used.
+    # If use_journald and use_files are false, then
+    # Filebeat will autodetect whether use to journald
+    # to collect system logs.
 
-    # Input configuration (advanced). Any input configuration option
+    # Input configuration (advanced).
+    # Any input configuration option
     # can be added under this section.
     #input:
 
@@ -48,19 +48,18 @@ filebeat.modules:
     #var.use_journald: true|false
 
     # Force using log files to collect system logs
-    #var.use_logs: true|false
+    #var.use_files: true|false
 
-    # If use_journald and use_logs are false, then
-    # Filebeat will autodetect whether use journald
-    # to collect system logs. If both are true,
-    # then journald is used.
+    # If use_journald and use_files are false, then
+    # Filebeat will autodetect whether use to journald
+    # to collect system logs.
 
     # A list of tags to include in events. Including 'forwarded'
     # indicates that the events did not originate on this host and
     # causes host.name to not be added to events. Include
     # 'preserve_orginal_event' causes the pipeline to retain the raw log
     # in event.original. Defaults to [].
-    #var.tags
+    #var.tags: []
 
     # Input configuration (advanced). Any input configuration option
     # can be added under this section.
diff --git a/filebeat/include/list.go b/filebeat/include/list.go
index d0c0ea511c4..e2a656a2a85 100644
--- a/filebeat/include/list.go
+++ b/filebeat/include/list.go
@@ -33,6 +33,7 @@ import (
 	_ "github.com/elastic/beats/v7/filebeat/input/redis"
 	_ "github.com/elastic/beats/v7/filebeat/input/stdin"
 	_ "github.com/elastic/beats/v7/filebeat/input/syslog"
+	_ "github.com/elastic/beats/v7/filebeat/input/systemlogs"
 	_ "github.com/elastic/beats/v7/filebeat/module/apache"
 	_ "github.com/elastic/beats/v7/filebeat/module/auditd"
 	_ "github.com/elastic/beats/v7/filebeat/module/elasticsearch"
diff --git a/filebeat/module/system/_meta/config.reference.yml b/filebeat/module/system/_meta/config.reference.yml
index fe23d4eb897..04160dfb1bf 100644
--- a/filebeat/module/system/_meta/config.reference.yml
+++ b/filebeat/module/system/_meta/config.reference.yml
@@ -11,14 +11,14 @@
     #var.use_journald: true|false
 
     # Force using log files to collect system logs
-    #var.use_logs: true|false
+    #var.use_files: true|false
 
-    # If use_journald and use_logs are false, then
-    # Filebeat will autodetect whether use journald
-    # to collect system logs. If both are true,
-    # then journald is used.
+    # If use_journald and use_files are false, then
+    # Filebeat will autodetect whether use to journald
+    # to collect system logs.
 
-    # Input configuration (advanced). Any input configuration option
+    # Input configuration (advanced).
+    # Any input configuration option
     # can be added under this section.
     #input:
 
@@ -34,19 +34,18 @@
     #var.use_journald: true|false
 
     # Force using log files to collect system logs
-    #var.use_logs: true|false
+    #var.use_files: true|false
 
-    # If use_journald and use_logs are false, then
-    # Filebeat will autodetect whether use journald
-    # to collect system logs. If both are true,
-    # then journald is used.
+    # If use_journald and use_files are false, then
+    # Filebeat will autodetect whether use to journald
+    # to collect system logs.
 
     # A list of tags to include in events. Including 'forwarded'
     # indicates that the events did not originate on this host and
     # causes host.name to not be added to events. Include
     # 'preserve_orginal_event' causes the pipeline to retain the raw log
     # in event.original. Defaults to [].
-    #var.tags
+    #var.tags: []
 
     # Input configuration (advanced). Any input configuration option
     # can be added under this section.
diff --git a/filebeat/module/system/_meta/config.yml b/filebeat/module/system/_meta/config.yml
index feb8db0410b..f95f3e5969d 100644
--- a/filebeat/module/system/_meta/config.yml
+++ b/filebeat/module/system/_meta/config.yml
@@ -11,12 +11,11 @@
     #var.use_journald: true|false
 
     # Force using log files to collect system logs
-    #var.use_logs: true|false
+    #var.use_files: true|false
 
-    # If use_journald and use_logs are false, then
-    # Filebeat will autodetect whether use journald
-    # to collect system logs. If both are true,
-    # then journald is used.
+    # If use_journald and use_files are false, then
+    # Filebeat will autodetect whether use to journald
+    # to collect system logs.
 
   # Authorization logs
   auth:
@@ -30,16 +29,15 @@
     #var.use_journald: true|false
 
     # Force using log files to collect system logs
-    #var.use_logs: true|false
+    #var.use_files: true|false
 
-    # If use_journald and use_logs are false, then
-    # Filebeat will autodetect whether use journald
-    # to collect system logs. If both are true,
-    # then journald is used.
+    # If use_journald and use_files are false, then
+    # Filebeat will autodetect whether use to journald
+    # to collect system logs.
 
     # A list of tags to include in events. Including forwarded
     # indicates that the events did not originate on this host and
     # causes host.name to not be added to events. Include
     # preserve_orginal_event causes the pipeline to retain the raw log
     # in event.original. Defaults to [].
-    #var.tags
+    #var.tags: []
diff --git a/filebeat/module/system/auth/config/auth.yml b/filebeat/module/system/auth/config/auth.yml
index beabe63c873..35f92012831 100644
--- a/filebeat/module/system/auth/config/auth.yml
+++ b/filebeat/module/system/auth/config/auth.yml
@@ -1,4 +1,12 @@
 type: system-logs
+{{ if .use_journald }}
+use_journald: true
+{{ end }}
+
+{{ if .use_files }}
+use_files: true
+{{ end }}
+
 journald:
   id: system-auth
   facilities:
diff --git a/filebeat/module/system/auth/manifest.yml b/filebeat/module/system/auth/manifest.yml
index 86c4f89056c..857ad65f89d 100644
--- a/filebeat/module/system/auth/manifest.yml
+++ b/filebeat/module/system/auth/manifest.yml
@@ -14,7 +14,7 @@ var:
     default: []
   - name: use_journald
     default: false
-  - name: use_logs
+  - name: use_files
     default: false
 
 ingest_pipeline:
diff --git a/filebeat/module/system/syslog/config/syslog.yml b/filebeat/module/system/syslog/config/syslog.yml
index f7cddaa007e..b3ae2412c39 100644
--- a/filebeat/module/system/syslog/config/syslog.yml
+++ b/filebeat/module/system/syslog/config/syslog.yml
@@ -1,4 +1,13 @@
 type: system-logs
+
+{{ if .use_journald }}
+use_journald: true
+{{ end }}
+
+{{ if .use_files }}
+use_files: true
+{{ end }}
+
 journald:
   id: system-syslog
   facilities:
diff --git a/filebeat/module/system/syslog/manifest.yml b/filebeat/module/system/syslog/manifest.yml
index d325a51e509..5112ddc5c15 100644
--- a/filebeat/module/system/syslog/manifest.yml
+++ b/filebeat/module/system/syslog/manifest.yml
@@ -10,7 +10,7 @@ var:
     os.windows: []
   - name: use_journald
     default: false
-  - name: use_logs
+  - name: use_files
     default: false
 
 ingest_pipeline:
diff --git a/filebeat/modules.d/system.yml.disabled b/filebeat/modules.d/system.yml.disabled
index d1391881532..809b32de2ed 100644
--- a/filebeat/modules.d/system.yml.disabled
+++ b/filebeat/modules.d/system.yml.disabled
@@ -14,12 +14,11 @@
     #var.use_journald: true|false
 
     # Force using log files to collect system logs
-    #var.use_logs: true|false
+    #var.use_files: true|false
 
-    # If use_journald and use_logs are false, then
-    # Filebeat will autodetect whether use journald
-    # to collect system logs. If both are true,
-    # then journald is used.
+    # If use_journald and use_files are false, then
+    # Filebeat will autodetect whether use to journald
+    # to collect system logs.
 
   # Authorization logs
   auth:
@@ -33,16 +32,15 @@
     #var.use_journald: true|false
 
     # Force using log files to collect system logs
-    #var.use_logs: true|false
+    #var.use_files: true|false
 
-    # If use_journald and use_logs are false, then
-    # Filebeat will autodetect whether use journald
-    # to collect system logs. If both are true,
-    # then journald is used.
+    # If use_journald and use_files are false, then
+    # Filebeat will autodetect whether use to journald
+    # to collect system logs.
 
     # A list of tags to include in events. Including forwarded
     # indicates that the events did not originate on this host and
     # causes host.name to not be added to events. Include
     # preserve_orginal_event causes the pipeline to retain the raw log
     # in event.original. Defaults to [].
-    #var.tags
+    #var.tags: []
diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml
index c38e14bc0ba..749f0e0c291 100644
--- a/x-pack/filebeat/filebeat.reference.yml
+++ b/x-pack/filebeat/filebeat.reference.yml
@@ -25,14 +25,14 @@ filebeat.modules:
     #var.use_journald: true|false
 
     # Force using log files to collect system logs
-    #var.use_logs: true|false
+    #var.use_files: true|false
 
-    # If use_journald and use_logs are false, then
-    # Filebeat will autodetect whether use journald
-    # to collect system logs. If both are true,
-    # then journald is used.
+    # If use_journald and use_files are false, then
+    # Filebeat will autodetect whether use to journald
+    # to collect system logs.
 
-    # Input configuration (advanced). Any input configuration option
+    # Input configuration (advanced).
+    # Any input configuration option
     # can be added under this section.
     #input:
 
@@ -48,19 +48,18 @@ filebeat.modules:
     #var.use_journald: true|false
 
     # Force using log files to collect system logs
-    #var.use_logs: true|false
+    #var.use_files: true|false
 
-    # If use_journald and use_logs are false, then
-    # Filebeat will autodetect whether use journald
-    # to collect system logs. If both are true,
-    # then journald is used.
+    # If use_journald and use_files are false, then
+    # Filebeat will autodetect whether use to journald
+    # to collect system logs.
 
     # A list of tags to include in events. Including 'forwarded'
     # indicates that the events did not originate on this host and
     # causes host.name to not be added to events. Include
     # 'preserve_orginal_event' causes the pipeline to retain the raw log
     # in event.original. Defaults to [].
-    #var.tags
+    #var.tags: []
 
     # Input configuration (advanced). Any input configuration option
     # can be added under this section.

From 333cf0bda483a3f766b7ed39be2410e891c08127 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Tue, 8 Oct 2024 19:29:40 -0400
Subject: [PATCH 25/38] Update configs

---
 filebeat/input/systemlogs/input.go            |  6 +++-
 filebeat/module/system/auth/config/auth.yml   |  8 ++---
 .../auth/test/debian-12.journal-expected.json | 36 ++++++++++++++-----
 .../module/system/syslog/config/syslog.yml    |  6 ++--
 .../test/debian-12.journal-expected.json      |  6 ++--
 5 files changed, 42 insertions(+), 20 deletions(-)

diff --git a/filebeat/input/systemlogs/input.go b/filebeat/input/systemlogs/input.go
index e745385a6f0..69384a9feb1 100644
--- a/filebeat/input/systemlogs/input.go
+++ b/filebeat/input/systemlogs/input.go
@@ -138,9 +138,13 @@ func decide(c *conf.C) (bool, *conf.C, error) {
 		return false, cfg, err
 	}
 
+	// Default to files for now
+	cfg2, err := toFilesConfig(c)
+	return false, cfg2, err
+
 	// TODO: implement checking the files
 
-	return false, nil, errors.New("[WIP] either set use_journald or use_files")
+	// return false, nil, errors.New("[WIP] either set use_journald or use_files")
 }
 
 func toJournaldConfig(cfg *conf.C) (*conf.C, error) {
diff --git a/filebeat/module/system/auth/config/auth.yml b/filebeat/module/system/auth/config/auth.yml
index 35f92012831..a01783f8ebd 100644
--- a/filebeat/module/system/auth/config/auth.yml
+++ b/filebeat/module/system/auth/config/auth.yml
@@ -1,18 +1,21 @@
 type: system-logs
 {{ if .use_journald }}
 use_journald: true
+tags: {{ append .tags "journald" "auth" | tojson }}
 {{ end }}
 
 {{ if .use_files }}
 use_files: true
+tags: {{ .tags | tojson }}
 {{ end }}
 
+publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}
+
 journald:
   id: system-auth
   facilities:
     - 4
     - 10
-  tags: {{ append .tags "journald" "auth" | tojson }}
 
 files:
   id: system-auth
@@ -29,6 +32,3 @@ files:
   processors:
     - add_locale: ~
 
-  tags: {{ .tags | tojson }}
-
-  publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}
diff --git a/filebeat/module/system/auth/test/debian-12.journal-expected.json b/filebeat/module/system/auth/test/debian-12.journal-expected.json
index 884f23cc39c..011945a2a72 100644
--- a/filebeat/module/system/auth/test/debian-12.journal-expected.json
+++ b/filebeat/module/system/auth/test/debian-12.journal-expected.json
@@ -15,7 +15,7 @@
         "fileset.name": "auth",
         "host.hostname": "vagrant-debian-12",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
-        "input.type": "journald",
+        "input.type": "system-logs",
         "log.syslog.facility.code": 4,
         "log.syslog.priority": 6,
         "message": "Accepted publickey for vagrant from 10.0.2.2 port 48274 ssh2: ED25519 SHA256:k1kjhwoH/H3w31MbGOIGd7qxrkSQJnoAN0eYJVHDmmI",
@@ -44,6 +44,8 @@
         "system.auth.ssh.signature": "ED25519 SHA256:k1kjhwoH/H3w31MbGOIGd7qxrkSQJnoAN0eYJVHDmmI",
         "tags": [
             "auth",
+            "auth",
+            "journald",
             "journald"
         ],
         "user.group.id": "0",
@@ -66,7 +68,7 @@
         "fileset.name": "auth",
         "host.hostname": "vagrant-debian-12",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
-        "input.type": "journald",
+        "input.type": "system-logs",
         "log.syslog.facility.code": 4,
         "log.syslog.priority": 6,
         "message": "Accepted password for vagrant from 192.168.42.119 port 55310 ssh2",
@@ -94,6 +96,8 @@
         "system.auth.ssh.method": "password",
         "tags": [
             "auth",
+            "auth",
+            "journald",
             "journald"
         ],
         "user.group.id": "0",
@@ -115,7 +119,7 @@
         "fileset.name": "auth",
         "host.hostname": "vagrant-debian-12",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
-        "input.type": "journald",
+        "input.type": "system-logs",
         "log.syslog.facility.code": 4,
         "log.syslog.priority": 6,
         "message": "Invalid user test from 192.168.42.119 port 48890",
@@ -141,6 +145,8 @@
         "system.auth.ssh.event": "Invalid",
         "tags": [
             "auth",
+            "auth",
+            "journald",
             "journald"
         ],
         "user.group.id": "0",
@@ -162,7 +168,7 @@
         "fileset.name": "auth",
         "host.hostname": "vagrant-debian-12",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
-        "input.type": "journald",
+        "input.type": "system-logs",
         "log.syslog.facility.code": 4,
         "log.syslog.priority": 6,
         "message": "Failed password for root from 192.168.42.119 port 46632 ssh2",
@@ -190,6 +196,8 @@
         "system.auth.ssh.method": "password",
         "tags": [
             "auth",
+            "auth",
+            "journald",
             "journald"
         ],
         "user.group.id": "0",
@@ -211,7 +219,7 @@
         "fileset.name": "auth",
         "host.hostname": "vagrant-debian-12",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
-        "input.type": "journald",
+        "input.type": "system-logs",
         "log.syslog.facility.code": 4,
         "log.syslog.priority": 6,
         "message": "Failed password for root from 192.168.42.119 port 46632 ssh2",
@@ -239,6 +247,8 @@
         "system.auth.ssh.method": "password",
         "tags": [
             "auth",
+            "auth",
+            "journald",
             "journald"
         ],
         "user.group.id": "0",
@@ -260,7 +270,7 @@
         "fileset.name": "auth",
         "host.hostname": "vagrant-debian-12",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
-        "input.type": "journald",
+        "input.type": "system-logs",
         "log.syslog.facility.code": 4,
         "log.syslog.priority": 6,
         "message": "Failed password for root from 192.168.42.119 port 46632 ssh2",
@@ -288,6 +298,8 @@
         "system.auth.ssh.method": "password",
         "tags": [
             "auth",
+            "auth",
+            "journald",
             "journald"
         ],
         "user.group.id": "0",
@@ -301,7 +313,7 @@
         "fileset.name": "auth",
         "host.hostname": "vagrant-debian-12",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
-        "input.type": "journald",
+        "input.type": "system-logs",
         "log.syslog.facility.code": 10,
         "log.syslog.priority": 5,
         "message": " vagrant : TTY=pts/2 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/emacs /etc/ssh/sshd_config",
@@ -328,6 +340,8 @@
         "system.auth.sudo.user": "root",
         "tags": [
             "auth",
+            "auth",
+            "journald",
             "journald"
         ],
         "user.effective.name": "root",
@@ -352,7 +366,7 @@
         "group.name": "test",
         "host.hostname": "vagrant-debian-12",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
-        "input.type": "journald",
+        "input.type": "system-logs",
         "log.syslog.facility.code": 10,
         "log.syslog.priority": 6,
         "message": "new group: name=test, GID=1001",
@@ -372,6 +386,8 @@
         "service.type": "system",
         "tags": [
             "auth",
+            "auth",
+            "journald",
             "journald"
         ],
         "user.effective.group.id": "0",
@@ -385,7 +401,7 @@
         "fileset.name": "auth",
         "host.hostname": "vagrant-debian-12",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
-        "input.type": "journald",
+        "input.type": "system-logs",
         "log.syslog.facility.code": 4,
         "log.syslog.priority": 6,
         "message": "Session 8 logged out. Waiting for processes to exit.",
@@ -402,6 +418,8 @@
         "service.type": "system",
         "tags": [
             "auth",
+            "auth",
+            "journald",
             "journald"
         ],
         "user.group.id": "0",
diff --git a/filebeat/module/system/syslog/config/syslog.yml b/filebeat/module/system/syslog/config/syslog.yml
index b3ae2412c39..366dab24a76 100644
--- a/filebeat/module/system/syslog/config/syslog.yml
+++ b/filebeat/module/system/syslog/config/syslog.yml
@@ -2,6 +2,9 @@ type: system-logs
 
 {{ if .use_journald }}
 use_journald: true
+tags:
+  - journald
+  - syslog
 {{ end }}
 
 {{ if .use_files }}
@@ -23,9 +26,6 @@ journald:
     - 11
     - 12
     - 15
-  tags:
-    - journald
-    - syslog
 
 files:
   id: system-syslog
diff --git a/filebeat/module/system/syslog/test/debian-12.journal-expected.json b/filebeat/module/system/syslog/test/debian-12.journal-expected.json
index dddd935e553..aea50973624 100644
--- a/filebeat/module/system/syslog/test/debian-12.journal-expected.json
+++ b/filebeat/module/system/syslog/test/debian-12.journal-expected.json
@@ -6,7 +6,7 @@
         "fileset.name": "syslog",
         "host.hostname": "vagrant-debian-12",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
-        "input.type": "journald",
+        "input.type": "system-logs",
         "log.syslog.facility.code": 3,
         "log.syslog.priority": 6,
         "message": "Stopped target getty.target - Login Prompts.",
@@ -34,7 +34,7 @@
         "fileset.name": "syslog",
         "host.hostname": "vagrant-debian-12",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
-        "input.type": "journald",
+        "input.type": "system-logs",
         "log.syslog.facility.code": 0,
         "log.syslog.priority": 6,
         "message": "Console: switching to colour frame buffer device 160x50",
@@ -55,7 +55,7 @@
         "fileset.name": "syslog",
         "host.hostname": "bookworm",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
-        "input.type": "journald",
+        "input.type": "system-logs",
         "log.syslog.facility.code": 0,
         "log.syslog.priority": 6,
         "message": "thermal_sys: Registered thermal governor 'power_allocator'",

From 0a1d44135900ef74db6994cec53a8cc3e2c8da58 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Tue, 8 Oct 2024 20:04:33 -0400
Subject: [PATCH 26/38] update pipeline and tests

---
 .../module/system/auth/ingest/journald.yml     |  2 +-
 .../auth/test/debian-12.journal-expected.json  | 18 ------------------
 filebeat/tests/system/test_modules.py          |  2 +-
 3 files changed, 2 insertions(+), 20 deletions(-)

diff --git a/filebeat/module/system/auth/ingest/journald.yml b/filebeat/module/system/auth/ingest/journald.yml
index 07c5a554b26..2789436f6f5 100644
--- a/filebeat/module/system/auth/ingest/journald.yml
+++ b/filebeat/module/system/auth/ingest/journald.yml
@@ -197,7 +197,7 @@ processors:
         - process.thread
         - syslog
         - systemd
-
+        - message_id
 on_failure:
   - set:
       field: error.message
diff --git a/filebeat/module/system/auth/test/debian-12.journal-expected.json b/filebeat/module/system/auth/test/debian-12.journal-expected.json
index 011945a2a72..17267416381 100644
--- a/filebeat/module/system/auth/test/debian-12.journal-expected.json
+++ b/filebeat/module/system/auth/test/debian-12.journal-expected.json
@@ -44,8 +44,6 @@
         "system.auth.ssh.signature": "ED25519 SHA256:k1kjhwoH/H3w31MbGOIGd7qxrkSQJnoAN0eYJVHDmmI",
         "tags": [
             "auth",
-            "auth",
-            "journald",
             "journald"
         ],
         "user.group.id": "0",
@@ -96,8 +94,6 @@
         "system.auth.ssh.method": "password",
         "tags": [
             "auth",
-            "auth",
-            "journald",
             "journald"
         ],
         "user.group.id": "0",
@@ -145,8 +141,6 @@
         "system.auth.ssh.event": "Invalid",
         "tags": [
             "auth",
-            "auth",
-            "journald",
             "journald"
         ],
         "user.group.id": "0",
@@ -196,8 +190,6 @@
         "system.auth.ssh.method": "password",
         "tags": [
             "auth",
-            "auth",
-            "journald",
             "journald"
         ],
         "user.group.id": "0",
@@ -247,8 +239,6 @@
         "system.auth.ssh.method": "password",
         "tags": [
             "auth",
-            "auth",
-            "journald",
             "journald"
         ],
         "user.group.id": "0",
@@ -298,8 +288,6 @@
         "system.auth.ssh.method": "password",
         "tags": [
             "auth",
-            "auth",
-            "journald",
             "journald"
         ],
         "user.group.id": "0",
@@ -340,8 +328,6 @@
         "system.auth.sudo.user": "root",
         "tags": [
             "auth",
-            "auth",
-            "journald",
             "journald"
         ],
         "user.effective.name": "root",
@@ -386,8 +372,6 @@
         "service.type": "system",
         "tags": [
             "auth",
-            "auth",
-            "journald",
             "journald"
         ],
         "user.effective.group.id": "0",
@@ -418,8 +402,6 @@
         "service.type": "system",
         "tags": [
             "auth",
-            "auth",
-            "journald",
             "journald"
         ],
         "user.group.id": "0",
diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py
index e23424bac0f..e1f44758c5d 100644
--- a/filebeat/tests/system/test_modules.py
+++ b/filebeat/tests/system/test_modules.py
@@ -196,7 +196,7 @@ def run_on_file(self, module, fileset, test_file, cfgfile):
             cmd.append("{module}.{fileset}.var.use_journald=true".format(
                 module=module, fileset=fileset))
             cmd.append("-M")
-            cmd.append("{module}.{fileset}.input.paths=[{test_file}]".format(
+            cmd.append("{module}.{fileset}.input.journald.paths=[{test_file}]".format(
                 module=module, fileset=fileset, test_file=test_file))
         else:
             cmd.append("-M")

From d8fe075768d1c633df998ca6852f6404bc902495 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Wed, 9 Oct 2024 15:12:09 -0400
Subject: [PATCH 27/38] Add processors

---
 filebeat/module/system/auth/config/auth.yml     |  5 ++---
 filebeat/module/system/syslog/config/syslog.yml | 12 ++++++------
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/filebeat/module/system/auth/config/auth.yml b/filebeat/module/system/auth/config/auth.yml
index a01783f8ebd..5e7076e9c4e 100644
--- a/filebeat/module/system/auth/config/auth.yml
+++ b/filebeat/module/system/auth/config/auth.yml
@@ -7,6 +7,8 @@ tags: {{ append .tags "journald" "auth" | tojson }}
 {{ if .use_files }}
 use_files: true
 tags: {{ .tags | tojson }}
+processors:
+  - add_locale: ~
 {{ end }}
 
 publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}
@@ -29,6 +31,3 @@ files:
     pattern: "^\\s"
     match: after
 
-  processors:
-    - add_locale: ~
-
diff --git a/filebeat/module/system/syslog/config/syslog.yml b/filebeat/module/system/syslog/config/syslog.yml
index 366dab24a76..7b7f8afec07 100644
--- a/filebeat/module/system/syslog/config/syslog.yml
+++ b/filebeat/module/system/syslog/config/syslog.yml
@@ -9,6 +9,12 @@ tags:
 
 {{ if .use_files }}
 use_files: true
+processors:
+  - add_locale: ~
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.12.0
 {{ end }}
 
 journald:
@@ -38,9 +44,3 @@ files:
   multiline:
     pattern: "^\\s"
     match: after
-  processors:
-    - add_locale: ~
-    - add_fields:
-        target: ''
-        fields:
-          ecs.version: 1.12.0

From 607ef82c19846b51af07ed28a54c9fd3fd105cab Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Wed, 9 Oct 2024 19:14:10 -0400
Subject: [PATCH 28/38] Fix test_module.py

Fix test_module.py by passing the `-once` flag when the test file is
not a journal and by killing (SIGKILL) the Filebeat process if it does
not terminate gracefully in 15s.
---
 filebeat/tests/system/test_modules.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py
index e1f44758c5d..bde966348d1 100644
--- a/filebeat/tests/system/test_modules.py
+++ b/filebeat/tests/system/test_modules.py
@@ -191,7 +191,6 @@ def run_on_file(self, module, fileset, test_file, cfgfile):
                 module=module, fileset=fileset))
 
         if ".journal" in test_file:
-            cmd.remove("-once")
             cmd.append("-M")
             cmd.append("{module}.{fileset}.var.use_journald=true".format(
                 module=module, fileset=fileset))
@@ -199,6 +198,7 @@ def run_on_file(self, module, fileset, test_file, cfgfile):
             cmd.append("{module}.{fileset}.input.journald.paths=[{test_file}]".format(
                 module=module, fileset=fileset, test_file=test_file))
         else:
+            cmd.remove("-once")
             cmd.append("-M")
             cmd.append("{module}.{fileset}.var.paths=[{test_file}]".format(
                 module=module, fileset=fileset, test_file=test_file))
@@ -230,7 +230,7 @@ def run_on_file(self, module, fileset, test_file, cfgfile):
             try:
                 proc.wait(15)
             except subprocess.TimeoutExpired:
-                proc.terminate()
+                proc.kill()
 
         # List of errors to check in filebeat output logs
         errors = ["error loading pipeline for fileset"]

From d9e297d74ea478ff7253a929749f04f6d457dd12 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Thu, 10 Oct 2024 13:14:49 -0400
Subject: [PATCH 29/38] Check if files exist to choose between jouranld and
 files

---
 filebeat/input/systemlogs/input.go | 113 +++++++++++++++++++----------
 1 file changed, 74 insertions(+), 39 deletions(-)

diff --git a/filebeat/input/systemlogs/input.go b/filebeat/input/systemlogs/input.go
index 69384a9feb1..d8e35f609ed 100644
--- a/filebeat/input/systemlogs/input.go
+++ b/filebeat/input/systemlogs/input.go
@@ -20,6 +20,7 @@ package systemlogs
 import (
 	"errors"
 	"fmt"
+	"path/filepath"
 
 	"github.com/elastic/beats/v7/filebeat/channel"
 	v1 "github.com/elastic/beats/v7/filebeat/input"
@@ -66,21 +67,42 @@ func newV1Input(
 	outlet channel.Connector,
 	context v1.Context,
 ) (v1.Input, error) {
-
-	useJournald, cfg, err := decide(cfg)
+	journald, err := useJournald(cfg)
 	if err != nil {
 		return nil, fmt.Errorf("cannot decide between journald and files: %w", err)
 	}
 
-	if !useJournald {
-		inp, err := loginput.NewInput(cfg, outlet, context)
-		if err != nil {
-			return nil, fmt.Errorf("cannot create log input: %w", err)
-		}
-		return inp, err
+	if journald {
+		return nil, v2.ErrUnknownInput
+	}
+
+	// Convert the configuration and create a log input
+	logCfg, err := toFilesConfig(cfg)
+	if err != nil {
+		return nil, err
 	}
 
-	return nil, v2.ErrUnknownInput
+	return loginput.NewInput(logCfg, outlet, context)
+}
+
+// configure checks whether the journald input must be created and
+// delegates to journald.Configure if needed.
+func configure(cfg *conf.C) ([]cursor.Source, cursor.Input, error) {
+	jouranl, err := useJournald(cfg)
+	if err != nil {
+		return nil, nil, fmt.Errorf("cannot decide between journald and files: %w", err)
+	}
+
+	if !jouranl {
+		return nil, nil, v2.ErrUnknownInput
+	}
+
+	journaldCfg, err := toJournaldConfig(cfg)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return journald.Configure(journaldCfg)
 }
 
 // PluginV2 creates a v2 plugin that will instantiate a journald
@@ -103,50 +125,47 @@ func PluginV2(logger *logp.Logger, store cursor.StateStore) v2.Plugin {
 	}
 }
 
-// configure checks whether the journald input must be created and
-// delegates to journald.Configure if needed.
-func configure(cfg *conf.C) ([]cursor.Source, cursor.Input, error) {
-	useJournald, cfg, err := decide(cfg)
-	if err != nil {
-		return nil, nil, fmt.Errorf("cannot decide between journald and files: %w", err)
-	}
-
-	if useJournald {
-		return journald.Configure(cfg)
-	}
-
-	return nil, nil, errors.New("cannot initialise system-logs with journald input")
-}
-
-// decide returns:
-//   - use Jounrald (input V2)
-//   - the new config
-//   - error, if any
-func decide(c *conf.C) (bool, *conf.C, error) {
+func useJournald(c *conf.C) (bool, error) {
 	cfg := config{}
 	if err := c.Unpack(&cfg); err != nil {
-		return false, nil, err
+		return false, nil
 	}
 
 	if cfg.UseJournald {
-		cfg, err := toJournaldConfig(c)
-		return true, cfg, err
+		return true, nil
 	}
 
 	if cfg.UseFiles {
-		cfg, err := toFilesConfig(c)
-		return false, cfg, err
+		return false, nil
 	}
 
-	// Default to files for now
-	cfg2, err := toFilesConfig(c)
-	return false, cfg2, err
+	globs := struct {
+		Paths []string `config:"files.paths"`
+	}{}
 
-	// TODO: implement checking the files
+	if err := c.Unpack(&globs); err != nil {
+		return false, fmt.Errorf("cannot parse paths from config: %w", err)
+	}
+
+	for _, g := range globs.Paths {
+		paths, err := filepath.Glob(g)
+		if err != nil {
+			return false, fmt.Errorf("cannot resolve glob: %w", err)
+		}
+		if len(paths) != 0 {
+			// We found at least one system log file,
+			// journald will not be used, return early
+			return false, nil
+		}
+	}
 
-	// return false, nil, errors.New("[WIP] either set use_journald or use_files")
+	// if no system log files are found, then use jounrald
+	return true, nil
 }
 
+// TODO: Finish cleaning up the config
+// Do not mutate the config?
+// Merge everything and skip files, journald, type, use_files, use_journal
 func toJournaldConfig(cfg *conf.C) (*conf.C, error) {
 	newCfg, err := cfg.Child("journald", -1)
 	if err != nil {
@@ -166,6 +185,22 @@ func toFilesConfig(cfg *conf.C) (*conf.C, error) {
 		return nil, fmt.Errorf("cannot extract 'journald' block: %w", err)
 	}
 
+	if _, err := cfg.Remove("journald", -1); err != nil {
+		return nil, err
+	}
+
+	if _, err := cfg.Remove("type", -1); err != nil {
+		return nil, err
+	}
+
+	if _, err := cfg.Remove("files", -1); err != nil {
+		return nil, err
+	}
+
+	if err := newCfg.Merge(cfg); err != nil {
+		return nil, err
+	}
+
 	if err := newCfg.SetString("type", -1, "log"); err != nil {
 		return nil, fmt.Errorf("cannot set 'type': %w", err)
 	}

From 4fce6a0c6621c277af976394274b1ea5478e52b6 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Thu, 10 Oct 2024 15:54:54 -0400
Subject: [PATCH 30/38] Finish toJournaldConfig and toFilesConfig

---
 filebeat/input/systemlogs/input.go | 35 +++++++++++++++++++++++++++---
 1 file changed, 32 insertions(+), 3 deletions(-)

diff --git a/filebeat/input/systemlogs/input.go b/filebeat/input/systemlogs/input.go
index d8e35f609ed..81777d702fc 100644
--- a/filebeat/input/systemlogs/input.go
+++ b/filebeat/input/systemlogs/input.go
@@ -163,15 +163,36 @@ func useJournald(c *conf.C) (bool, error) {
 	return true, nil
 }
 
-// TODO: Finish cleaning up the config
-// Do not mutate the config?
-// Merge everything and skip files, journald, type, use_files, use_journal
 func toJournaldConfig(cfg *conf.C) (*conf.C, error) {
 	newCfg, err := cfg.Child("journald", -1)
 	if err != nil {
 		return nil, fmt.Errorf("cannot extract 'journald' block: %w", err)
 	}
 
+	if _, err := cfg.Remove("journald", -1); err != nil {
+		return nil, err
+	}
+
+	if _, err := cfg.Remove("type", -1); err != nil {
+		return nil, err
+	}
+
+	if _, err := cfg.Remove("files", -1); err != nil {
+		return nil, err
+	}
+
+	if _, err := cfg.Remove("use_journald", -1); err != nil {
+		return nil, err
+	}
+
+	if _, err := cfg.Remove("use_files", -1); err != nil {
+		return nil, err
+	}
+
+	if err := newCfg.Merge(cfg); err != nil {
+		return nil, err
+	}
+
 	if err := newCfg.SetString("type", -1, "journald"); err != nil {
 		return nil, fmt.Errorf("cannot set 'type': %w", err)
 	}
@@ -197,6 +218,14 @@ func toFilesConfig(cfg *conf.C) (*conf.C, error) {
 		return nil, err
 	}
 
+	if _, err := cfg.Remove("use_journald", -1); err != nil {
+		return nil, err
+	}
+
+	if _, err := cfg.Remove("use_files", -1); err != nil {
+		return nil, err
+	}
+
 	if err := newCfg.Merge(cfg); err != nil {
 		return nil, err
 	}

From 056d9e704d9ce3f18fb85ea85ae9e48ac9adc578 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Thu, 10 Oct 2024 16:56:52 -0400
Subject: [PATCH 31/38] Update pipelines and config not to rely on non-input
 fields/config

---
 filebeat/module/system/auth/config/auth.yml         |  4 ++--
 filebeat/module/system/auth/ingest/entrypoint.yml   | 13 ++++---------
 filebeat/module/system/syslog/config/syslog.yml     |  6 ++----
 filebeat/module/system/syslog/ingest/entrypoint.yml | 11 +++--------
 4 files changed, 11 insertions(+), 23 deletions(-)

diff --git a/filebeat/module/system/auth/config/auth.yml b/filebeat/module/system/auth/config/auth.yml
index 5e7076e9c4e..3affe320fb0 100644
--- a/filebeat/module/system/auth/config/auth.yml
+++ b/filebeat/module/system/auth/config/auth.yml
@@ -1,15 +1,15 @@
 type: system-logs
 {{ if .use_journald }}
 use_journald: true
-tags: {{ append .tags "journald" "auth" | tojson }}
 {{ end }}
 
 {{ if .use_files }}
 use_files: true
+{{ end }}
+
 tags: {{ .tags | tojson }}
 processors:
   - add_locale: ~
-{{ end }}
 
 publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}
 
diff --git a/filebeat/module/system/auth/ingest/entrypoint.yml b/filebeat/module/system/auth/ingest/entrypoint.yml
index 13cf80e6024..7ccc791d1e6 100644
--- a/filebeat/module/system/auth/ingest/entrypoint.yml
+++ b/filebeat/module/system/auth/ingest/entrypoint.yml
@@ -2,16 +2,11 @@ description: Entrypoint Pipeline for system/auth Filebeat module
 processors:
   - script:
       source: |
-              Collection tags = ctx?.tags;
-              if(tags != null){
-                for (String tag : tags) {
-                  if (tag.toLowerCase().equals('journald')) {
-                    ctx['auth_pipeline'] = '{< IngestPipeline "journald" >}';
-                    return
-                  }
+              if(ctx?.journald != null){
+                  ctx['syslog_pipeline'] = '{< IngestPipeline "journald" >}';
+                  return;
                 }
-              }
-              ctx['auth_pipeline'] = '{< IngestPipeline "files" >}';
+              ctx['syslog_pipeline'] = '{< IngestPipeline "files" >}';
               return;
   - pipeline:
       name: "{{ auth_pipeline }}"
diff --git a/filebeat/module/system/syslog/config/syslog.yml b/filebeat/module/system/syslog/config/syslog.yml
index 7b7f8afec07..3bec875d272 100644
--- a/filebeat/module/system/syslog/config/syslog.yml
+++ b/filebeat/module/system/syslog/config/syslog.yml
@@ -2,20 +2,18 @@ type: system-logs
 
 {{ if .use_journald }}
 use_journald: true
-tags:
-  - journald
-  - syslog
 {{ end }}
 
 {{ if .use_files }}
 use_files: true
+{{ end }}
+
 processors:
   - add_locale: ~
   - add_fields:
       target: ''
       fields:
         ecs.version: 1.12.0
-{{ end }}
 
 journald:
   id: system-syslog
diff --git a/filebeat/module/system/syslog/ingest/entrypoint.yml b/filebeat/module/system/syslog/ingest/entrypoint.yml
index d000cacdfea..e9f3fbc3977 100644
--- a/filebeat/module/system/syslog/ingest/entrypoint.yml
+++ b/filebeat/module/system/syslog/ingest/entrypoint.yml
@@ -2,15 +2,10 @@ description: Entrypoint Pipeline for system/syslog Filebeat module
 processors:
   - script:
       source: |
-              Collection tags = ctx?.tags;
-              if(tags != null){
-                for (String tag : tags) {
-                  if (tag.toLowerCase().equals('journald')) {
-                    ctx['syslog_pipeline'] = '{< IngestPipeline "journald" >}';
-                    return
-                  }
+              if(ctx?.journald != null){
+                  ctx['syslog_pipeline'] = '{< IngestPipeline "journald" >}';
+                  return;
                 }
-              }
               ctx['syslog_pipeline'] = '{< IngestPipeline "files" >}';
               return;
   - pipeline:

From 9270dc301711ecc45561aa73d42f35fc5e5ecda7 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Fri, 11 Oct 2024 11:01:55 -0400
Subject: [PATCH 32/38] Fix tests and ingest pipeline

---
 filebeat/module/system/auth/ingest/entrypoint.yml | 4 ++--
 filebeat/tests/system/test_modules.py             | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/filebeat/module/system/auth/ingest/entrypoint.yml b/filebeat/module/system/auth/ingest/entrypoint.yml
index 7ccc791d1e6..93869fd1486 100644
--- a/filebeat/module/system/auth/ingest/entrypoint.yml
+++ b/filebeat/module/system/auth/ingest/entrypoint.yml
@@ -3,10 +3,10 @@ processors:
   - script:
       source: |
               if(ctx?.journald != null){
-                  ctx['syslog_pipeline'] = '{< IngestPipeline "journald" >}';
+                  ctx['auth_pipeline'] = '{< IngestPipeline "journald" >}';
                   return;
                 }
-              ctx['syslog_pipeline'] = '{< IngestPipeline "files" >}';
+              ctx['auth_pipeline'] = '{< IngestPipeline "files" >}';
               return;
   - pipeline:
       name: "{{ auth_pipeline }}"
diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py
index bde966348d1..955c96a7744 100644
--- a/filebeat/tests/system/test_modules.py
+++ b/filebeat/tests/system/test_modules.py
@@ -191,6 +191,7 @@ def run_on_file(self, module, fileset, test_file, cfgfile):
                 module=module, fileset=fileset))
 
         if ".journal" in test_file:
+            cmd.remove("-once")
             cmd.append("-M")
             cmd.append("{module}.{fileset}.var.use_journald=true".format(
                 module=module, fileset=fileset))
@@ -198,7 +199,6 @@ def run_on_file(self, module, fileset, test_file, cfgfile):
             cmd.append("{module}.{fileset}.input.journald.paths=[{test_file}]".format(
                 module=module, fileset=fileset, test_file=test_file))
         else:
-            cmd.remove("-once")
             cmd.append("-M")
             cmd.append("{module}.{fileset}.var.paths=[{test_file}]".format(
                 module=module, fileset=fileset, test_file=test_file))

From 3328fce9323813167681a1db9edb9bd465c84f8d Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Fri, 11 Oct 2024 11:03:45 -0400
Subject: [PATCH 33/38] Update golden files

---
 .../auth/test/debian-12.journal-expected.json | 45 ++++---------------
 .../test/debian-12.journal-expected.json      | 19 +++-----
 2 files changed, 14 insertions(+), 50 deletions(-)

diff --git a/filebeat/module/system/auth/test/debian-12.journal-expected.json b/filebeat/module/system/auth/test/debian-12.journal-expected.json
index 17267416381..ee0d8a69ba0 100644
--- a/filebeat/module/system/auth/test/debian-12.journal-expected.json
+++ b/filebeat/module/system/auth/test/debian-12.journal-expected.json
@@ -9,6 +9,7 @@
         "event.kind": "event",
         "event.module": "system",
         "event.outcome": "success",
+        "event.timezone": "-02:00",
         "event.type": [
             "info"
         ],
@@ -42,10 +43,6 @@
         "system.auth.ssh.event": "Accepted",
         "system.auth.ssh.method": "publickey",
         "system.auth.ssh.signature": "ED25519 SHA256:k1kjhwoH/H3w31MbGOIGd7qxrkSQJnoAN0eYJVHDmmI",
-        "tags": [
-            "auth",
-            "journald"
-        ],
         "user.group.id": "0",
         "user.id": "0",
         "user.name": "vagrant"
@@ -60,6 +57,7 @@
         "event.kind": "event",
         "event.module": "system",
         "event.outcome": "success",
+        "event.timezone": "-02:00",
         "event.type": [
             "info"
         ],
@@ -92,10 +90,6 @@
         "source.port": 55310,
         "system.auth.ssh.event": "Accepted",
         "system.auth.ssh.method": "password",
-        "tags": [
-            "auth",
-            "journald"
-        ],
         "user.group.id": "0",
         "user.id": "0",
         "user.name": "vagrant"
@@ -109,6 +103,7 @@
         "event.kind": "event",
         "event.module": "system",
         "event.outcome": "failure",
+        "event.timezone": "-02:00",
         "event.type": [
             "info"
         ],
@@ -139,10 +134,6 @@
         "source.address": "192.168.42.119",
         "source.ip": "192.168.42.119",
         "system.auth.ssh.event": "Invalid",
-        "tags": [
-            "auth",
-            "journald"
-        ],
         "user.group.id": "0",
         "user.id": "0",
         "user.name": "test"
@@ -156,6 +147,7 @@
         "event.kind": "event",
         "event.module": "system",
         "event.outcome": "failure",
+        "event.timezone": "-02:00",
         "event.type": [
             "info"
         ],
@@ -188,10 +180,6 @@
         "source.port": 46632,
         "system.auth.ssh.event": "Failed",
         "system.auth.ssh.method": "password",
-        "tags": [
-            "auth",
-            "journald"
-        ],
         "user.group.id": "0",
         "user.id": "0",
         "user.name": "root"
@@ -205,6 +193,7 @@
         "event.kind": "event",
         "event.module": "system",
         "event.outcome": "failure",
+        "event.timezone": "-02:00",
         "event.type": [
             "info"
         ],
@@ -237,10 +226,6 @@
         "source.port": 46632,
         "system.auth.ssh.event": "Failed",
         "system.auth.ssh.method": "password",
-        "tags": [
-            "auth",
-            "journald"
-        ],
         "user.group.id": "0",
         "user.id": "0",
         "user.name": "root"
@@ -254,6 +239,7 @@
         "event.kind": "event",
         "event.module": "system",
         "event.outcome": "failure",
+        "event.timezone": "-02:00",
         "event.type": [
             "info"
         ],
@@ -286,10 +272,6 @@
         "source.port": 46632,
         "system.auth.ssh.event": "Failed",
         "system.auth.ssh.method": "password",
-        "tags": [
-            "auth",
-            "journald"
-        ],
         "user.group.id": "0",
         "user.id": "0",
         "user.name": "root"
@@ -298,6 +280,7 @@
         "event.dataset": "system.auth",
         "event.kind": "event",
         "event.module": "system",
+        "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "vagrant-debian-12",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
@@ -326,10 +309,6 @@
         "system.auth.sudo.pwd": "/home/vagrant",
         "system.auth.sudo.tty": "pts/2",
         "system.auth.sudo.user": "root",
-        "tags": [
-            "auth",
-            "journald"
-        ],
         "user.effective.name": "root",
         "user.group.id": "1000",
         "user.id": "1000",
@@ -343,6 +322,7 @@
         "event.kind": "event",
         "event.module": "system",
         "event.outcome": "success",
+        "event.timezone": "-02:00",
         "event.type": [
             "creation",
             "group"
@@ -370,10 +350,6 @@
             "vagrant-debian-12"
         ],
         "service.type": "system",
-        "tags": [
-            "auth",
-            "journald"
-        ],
         "user.effective.group.id": "0",
         "user.effective.id": "0",
         "user.id": "1000"
@@ -382,6 +358,7 @@
         "event.dataset": "system.auth",
         "event.kind": "event",
         "event.module": "system",
+        "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "vagrant-debian-12",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
@@ -400,10 +377,6 @@
             "vagrant-debian-12"
         ],
         "service.type": "system",
-        "tags": [
-            "auth",
-            "journald"
-        ],
         "user.group.id": "0",
         "user.id": "0"
     }
diff --git a/filebeat/module/system/syslog/test/debian-12.journal-expected.json b/filebeat/module/system/syslog/test/debian-12.journal-expected.json
index aea50973624..aebf596762c 100644
--- a/filebeat/module/system/syslog/test/debian-12.journal-expected.json
+++ b/filebeat/module/system/syslog/test/debian-12.journal-expected.json
@@ -3,6 +3,7 @@
         "event.dataset": "system.syslog",
         "event.kind": "event",
         "event.module": "system",
+        "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "vagrant-debian-12",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
@@ -20,10 +21,6 @@
             "vagrant-debian-12"
         ],
         "service.type": "system",
-        "tags": [
-            "journald",
-            "syslog"
-        ],
         "user.group.id": "0",
         "user.id": "0"
     },
@@ -31,6 +28,7 @@
         "event.dataset": "system.syslog",
         "event.kind": "event",
         "event.module": "system",
+        "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "vagrant-debian-12",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
@@ -42,16 +40,13 @@
         "related.hosts": [
             "vagrant-debian-12"
         ],
-        "service.type": "system",
-        "tags": [
-            "journald",
-            "syslog"
-        ]
+        "service.type": "system"
     },
     {
         "event.dataset": "system.syslog",
         "event.kind": "event",
         "event.module": "system",
+        "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "bookworm",
         "host.id": "5e6dc8fe417f4ea383e2afaa731f5d8a",
@@ -63,10 +58,6 @@
         "related.hosts": [
             "bookworm"
         ],
-        "service.type": "system",
-        "tags": [
-            "journald",
-            "syslog"
-        ]
+        "service.type": "system"
     }
 ]
\ No newline at end of file

From 648200d5b614929769e1dc392c039bbff95f1ff8 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Fri, 11 Oct 2024 11:07:43 -0400
Subject: [PATCH 34/38] Update golden files to new input type

---
 .../test/auth-ubuntu1204.log-expected.json    | 200 +++++++++---------
 .../auth/test/secure-rhel7.log-expected.json  | 200 +++++++++---------
 .../system/auth/test/test.log-expected.json   |  22 +-
 .../auth/test/timestamp.log-expected.json     |   4 +-
 .../darwin-syslog-sample.log-expected.json    |   6 +-
 .../test/darwin-syslog.log-expected.json      | 200 +++++++++---------
 .../syslog/test/suse-syslog.log-expected.json |   4 +-
 .../syslog/test/tz-offset.log-expected.json   |   6 +-
 8 files changed, 321 insertions(+), 321 deletions(-)

diff --git a/filebeat/module/system/auth/test/auth-ubuntu1204.log-expected.json b/filebeat/module/system/auth/test/auth-ubuntu1204.log-expected.json
index ee5afe3f235..6e2ffbeaa51 100644
--- a/filebeat/module/system/auth/test/auth-ubuntu1204.log-expected.json
+++ b/filebeat/module/system/auth/test/auth-ubuntu1204.log-expected.json
@@ -6,7 +6,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 0,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -27,7 +27,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 81,
         "process.name": "sudo",
         "related.hosts": [
@@ -52,7 +52,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 464,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -75,7 +75,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 570,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -95,7 +95,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 655,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -116,7 +116,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 736,
         "process.name": "sudo",
         "related.hosts": [
@@ -141,7 +141,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1121,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -164,7 +164,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1227,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -184,7 +184,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1312,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -205,7 +205,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1393,
         "process.name": "sudo",
         "related.hosts": [
@@ -230,7 +230,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1776,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -253,7 +253,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1882,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -273,7 +273,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1967,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -294,7 +294,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 2048,
         "process.name": "sudo",
         "related.hosts": [
@@ -319,7 +319,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 2426,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -342,7 +342,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 2532,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -362,7 +362,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 2617,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -383,7 +383,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 2698,
         "process.name": "sudo",
         "related.hosts": [
@@ -408,7 +408,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 3083,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -431,7 +431,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 3189,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -451,7 +451,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 3274,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -471,7 +471,7 @@
         "event.module": "system",
         "event.timezone": "-02:00",
         "fileset.name": "auth",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 3355,
         "message": "last message repeated 2 times",
         "process.name": "sshd",
@@ -485,7 +485,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 3414,
         "process.name": "sudo",
         "related.hosts": [
@@ -510,7 +510,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 3977,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -533,7 +533,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 4083,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -553,7 +553,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 4168,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -574,7 +574,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 4249,
         "process.name": "sudo",
         "related.hosts": [
@@ -599,7 +599,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 4632,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -622,7 +622,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 4738,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -642,7 +642,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 4823,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -663,7 +663,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 4904,
         "process.name": "sudo",
         "related.hosts": [
@@ -688,7 +688,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 5289,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -711,7 +711,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 5395,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -731,7 +731,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 5480,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -752,7 +752,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 5561,
         "process.name": "sudo",
         "related.hosts": [
@@ -777,7 +777,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 5942,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -800,7 +800,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6048,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -820,7 +820,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6133,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -841,7 +841,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6214,
         "process.name": "sudo",
         "related.hosts": [
@@ -866,7 +866,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6597,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -889,7 +889,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6703,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -909,7 +909,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6788,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -930,7 +930,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6869,
         "process.name": "sudo",
         "related.hosts": [
@@ -955,7 +955,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 7254,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -978,7 +978,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 7360,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -998,7 +998,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 7445,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -1019,7 +1019,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 7526,
         "process.name": "sudo",
         "related.hosts": [
@@ -1044,7 +1044,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 7911,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -1067,7 +1067,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8017,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -1087,7 +1087,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8102,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -1108,7 +1108,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8183,
         "process.name": "sudo",
         "related.hosts": [
@@ -1133,7 +1133,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8564,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -1156,7 +1156,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8670,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -1176,7 +1176,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8755,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -1197,7 +1197,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8836,
         "process.name": "sudo",
         "related.hosts": [
@@ -1222,7 +1222,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 9215,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -1245,7 +1245,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 9321,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -1265,7 +1265,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 9406,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -1286,7 +1286,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 9487,
         "process.name": "sudo",
         "related.hosts": [
@@ -1311,7 +1311,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 9869,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -1334,7 +1334,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 9975,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -1354,7 +1354,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 10060,
         "process.name": "sudo",
         "related.hosts": [
@@ -1379,7 +1379,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 11099,
         "message": "vagrant : (command continued) '/etc/metricbeat/metricbeat.yml)",
         "process.name": "sudo",
@@ -1395,7 +1395,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 11195,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -1418,7 +1418,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 11301,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -1438,7 +1438,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 11386,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -1459,7 +1459,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 11467,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -1480,7 +1480,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 11548,
         "process.name": "sudo",
         "related.hosts": [
@@ -1505,7 +1505,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 11928,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -1528,7 +1528,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 12034,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -1548,7 +1548,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 12119,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -1569,7 +1569,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 12200,
         "process.name": "sudo",
         "related.hosts": [
@@ -1594,7 +1594,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 12583,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -1617,7 +1617,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 12689,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -1637,7 +1637,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 12774,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -1658,7 +1658,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 12855,
         "process.name": "sudo",
         "related.hosts": [
@@ -1683,7 +1683,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 13241,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -1706,7 +1706,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 13347,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -1726,7 +1726,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 13432,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -1747,7 +1747,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 13513,
         "process.name": "sudo",
         "related.hosts": [
@@ -1772,7 +1772,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 13898,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -1795,7 +1795,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 14004,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -1815,7 +1815,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 14089,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -1836,7 +1836,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 14170,
         "process.name": "sudo",
         "related.hosts": [
@@ -1861,7 +1861,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 14549,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -1884,7 +1884,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 14655,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -1904,7 +1904,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 14740,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -1925,7 +1925,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 14821,
         "process.name": "sudo",
         "related.hosts": [
@@ -1950,7 +1950,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 15203,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -1973,7 +1973,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 15309,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -1993,7 +1993,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 15394,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -2014,7 +2014,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 15475,
         "process.name": "sudo",
         "related.hosts": [
@@ -2039,7 +2039,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 15860,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -2062,7 +2062,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 15966,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -2082,7 +2082,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 16051,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -2103,7 +2103,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 16132,
         "process.name": "sudo",
         "related.hosts": [
@@ -2128,7 +2128,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 16517,
         "message": "pam_unix(sudo:session): session opened for user root by vagrant(uid=1000)",
         "process.name": "sudo",
@@ -2151,7 +2151,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 16623,
         "message": "pam_unix(sudo:session): session closed for user root",
         "process.name": "sudo",
@@ -2171,7 +2171,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 16708,
         "message": "subsystem request for sftp by user vagrant",
         "process.name": "sshd",
@@ -2192,7 +2192,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 16789,
         "process.name": "sudo",
         "related.hosts": [
diff --git a/filebeat/module/system/auth/test/secure-rhel7.log-expected.json b/filebeat/module/system/auth/test/secure-rhel7.log-expected.json
index 731b4db0423..71cd8657c7b 100644
--- a/filebeat/module/system/auth/test/secure-rhel7.log-expected.json
+++ b/filebeat/module/system/auth/test/secure-rhel7.log-expected.json
@@ -14,7 +14,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 0,
         "process.name": "sshd",
         "process.pid": 2738,
@@ -47,7 +47,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 97,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -76,7 +76,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 209,
         "process.name": "sshd",
         "process.pid": 2738,
@@ -109,7 +109,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 306,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -138,7 +138,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 418,
         "process.name": "sshd",
         "process.pid": 2738,
@@ -171,7 +171,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 515,
         "message": "fatal: Read from socket failed: Connection reset by peer [preauth]",
         "process.name": "sshd",
@@ -188,7 +188,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 618,
         "message": "PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.196.224.106  user=root",
         "process.name": "sshd",
@@ -205,7 +205,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 760,
         "message": "PAM service(sshd) ignoring max retries; 5 > 3",
         "process.name": "sshd",
@@ -222,7 +222,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 842,
         "message": "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.196.224.106  user=root",
         "process.name": "sshd",
@@ -239,7 +239,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 993,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -268,7 +268,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1105,
         "process.name": "sshd",
         "process.pid": 2742,
@@ -301,7 +301,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1202,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -330,7 +330,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1314,
         "process.name": "sshd",
         "process.pid": 2742,
@@ -363,7 +363,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1411,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -392,7 +392,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1523,
         "process.name": "sshd",
         "process.pid": 2742,
@@ -425,7 +425,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1620,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -454,7 +454,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1732,
         "process.name": "sshd",
         "process.pid": 2742,
@@ -487,7 +487,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1829,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -516,7 +516,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1941,
         "process.name": "sshd",
         "process.pid": 2742,
@@ -549,7 +549,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 2038,
         "message": "fatal: Read from socket failed: Connection reset by peer [preauth]",
         "process.name": "sshd",
@@ -566,7 +566,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 2141,
         "message": "PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.196.224.106  user=root",
         "process.name": "sshd",
@@ -583,7 +583,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 2283,
         "message": "PAM service(sshd) ignoring max retries; 5 > 3",
         "process.name": "sshd",
@@ -600,7 +600,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 2365,
         "message": "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.196.224.106  user=root",
         "process.name": "sshd",
@@ -617,7 +617,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 2516,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -638,7 +638,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 2628,
         "message": "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.160.83.58  user=root",
         "process.name": "sshd",
@@ -655,7 +655,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 2777,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -684,7 +684,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 2889,
         "process.name": "sshd",
         "process.pid": 2754,
@@ -717,7 +717,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 2986,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -746,7 +746,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 3098,
         "process.name": "sshd",
         "process.pid": 2758,
@@ -783,7 +783,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 3194,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -812,7 +812,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 3306,
         "process.name": "sshd",
         "process.pid": 2754,
@@ -845,7 +845,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 3403,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -874,7 +874,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 3515,
         "process.name": "sshd",
         "process.pid": 2758,
@@ -911,7 +911,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 3611,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -940,7 +940,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 3723,
         "process.name": "sshd",
         "process.pid": 2754,
@@ -973,7 +973,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 3820,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -1002,7 +1002,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 3932,
         "process.name": "sshd",
         "process.pid": 2758,
@@ -1039,7 +1039,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 4028,
         "message": "Received disconnect from 216.160.83.58: 11:  [preauth]",
         "process.name": "sshd",
@@ -1056,7 +1056,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 4119,
         "message": "PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.160.83.58  user=root",
         "process.name": "sshd",
@@ -1081,7 +1081,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 4259,
         "process.name": "sshd",
         "process.pid": 2754,
@@ -1114,7 +1114,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 4356,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -1143,7 +1143,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 4468,
         "process.name": "sshd",
         "process.pid": 2754,
@@ -1176,7 +1176,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 4565,
         "message": "fatal: Read from socket failed: Connection reset by peer [preauth]",
         "process.name": "sshd",
@@ -1193,7 +1193,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 4668,
         "message": "PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.196.224.106  user=root",
         "process.name": "sshd",
@@ -1210,7 +1210,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 4810,
         "message": "PAM service(sshd) ignoring max retries; 5 > 3",
         "process.name": "sshd",
@@ -1227,7 +1227,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 4892,
         "message": "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.196.224.106  user=root",
         "process.name": "sshd",
@@ -1244,7 +1244,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 5043,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -1273,7 +1273,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 5155,
         "process.name": "sshd",
         "process.pid": 2762,
@@ -1306,7 +1306,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 5252,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -1335,7 +1335,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 5364,
         "process.name": "sshd",
         "process.pid": 2762,
@@ -1368,7 +1368,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 5461,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -1397,7 +1397,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 5573,
         "process.name": "sshd",
         "process.pid": 2762,
@@ -1430,7 +1430,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 5670,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -1459,7 +1459,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 5782,
         "process.name": "sshd",
         "process.pid": 2762,
@@ -1492,7 +1492,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 5879,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -1521,7 +1521,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 5991,
         "process.name": "sshd",
         "process.pid": 2762,
@@ -1554,7 +1554,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6088,
         "message": "fatal: Read from socket failed: Connection reset by peer [preauth]",
         "process.name": "sshd",
@@ -1571,7 +1571,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6191,
         "message": "PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.196.224.106  user=root",
         "process.name": "sshd",
@@ -1588,7 +1588,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6333,
         "message": "PAM service(sshd) ignoring max retries; 5 > 3",
         "process.name": "sshd",
@@ -1605,7 +1605,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6415,
         "message": "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.196.224.106  user=root",
         "process.name": "sshd",
@@ -1622,7 +1622,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6566,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -1651,7 +1651,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6678,
         "process.name": "sshd",
         "process.pid": 2766,
@@ -1684,7 +1684,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6775,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -1713,7 +1713,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6887,
         "process.name": "sshd",
         "process.pid": 2766,
@@ -1746,7 +1746,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6984,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -1775,7 +1775,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 7096,
         "process.name": "sshd",
         "process.pid": 2766,
@@ -1808,7 +1808,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 7193,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -1837,7 +1837,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 7305,
         "process.name": "sshd",
         "process.pid": 2766,
@@ -1870,7 +1870,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 7402,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -1899,7 +1899,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 7514,
         "process.name": "sshd",
         "process.pid": 2766,
@@ -1932,7 +1932,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 7611,
         "message": "fatal: Read from socket failed: Connection reset by peer [preauth]",
         "process.name": "sshd",
@@ -1949,7 +1949,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 7714,
         "message": "PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.196.224.106  user=root",
         "process.name": "sshd",
@@ -1966,7 +1966,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 7856,
         "message": "PAM service(sshd) ignoring max retries; 5 > 3",
         "process.name": "sshd",
@@ -1983,7 +1983,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 7938,
         "message": "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.160.83.58  user=root",
         "process.name": "sshd",
@@ -2000,7 +2000,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8087,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -2029,7 +2029,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8199,
         "process.name": "sshd",
         "process.pid": 2778,
@@ -2066,7 +2066,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8295,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -2095,7 +2095,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8407,
         "process.name": "sshd",
         "process.pid": 2778,
@@ -2132,7 +2132,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8503,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -2161,7 +2161,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8615,
         "process.name": "sshd",
         "process.pid": 2778,
@@ -2198,7 +2198,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8711,
         "message": "Received disconnect from 216.160.83.58: 11:  [preauth]",
         "process.name": "sshd",
@@ -2215,7 +2215,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8802,
         "message": "PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.160.83.58  user=root",
         "process.name": "sshd",
@@ -2232,7 +2232,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8942,
         "message": "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.196.224.106  user=root",
         "process.name": "sshd",
@@ -2249,7 +2249,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 9093,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -2278,7 +2278,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 9205,
         "process.name": "sshd",
         "process.pid": 2785,
@@ -2311,7 +2311,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 9302,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -2340,7 +2340,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 9414,
         "process.name": "sshd",
         "process.pid": 2785,
@@ -2373,7 +2373,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 9511,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -2402,7 +2402,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 9623,
         "process.name": "sshd",
         "process.pid": 2785,
@@ -2435,7 +2435,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 9720,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -2464,7 +2464,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 9832,
         "process.name": "sshd",
         "process.pid": 2785,
@@ -2497,7 +2497,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 9929,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -2526,7 +2526,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 10041,
         "process.name": "sshd",
         "process.pid": 2785,
@@ -2559,7 +2559,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 10138,
         "message": "fatal: Read from socket failed: Connection reset by peer [preauth]",
         "process.name": "sshd",
@@ -2576,7 +2576,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 10241,
         "message": "PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.196.224.106  user=root",
         "process.name": "sshd",
@@ -2593,7 +2593,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 10383,
         "message": "PAM service(sshd) ignoring max retries; 5 > 3",
         "process.name": "sshd",
@@ -2610,7 +2610,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 10465,
         "message": "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.196.224.106  user=root",
         "process.name": "sshd",
@@ -2627,7 +2627,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 10616,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
@@ -2656,7 +2656,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 10728,
         "process.name": "sshd",
         "process.pid": 2797,
@@ -2689,7 +2689,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 10825,
         "message": "pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"",
         "process.name": "sshd",
diff --git a/filebeat/module/system/auth/test/test.log-expected.json b/filebeat/module/system/auth/test/test.log-expected.json
index 16e859a66d3..bfe6a5c44b0 100644
--- a/filebeat/module/system/auth/test/test.log-expected.json
+++ b/filebeat/module/system/auth/test/test.log-expected.json
@@ -15,7 +15,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "localhost",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 0,
         "process.name": "sshd",
         "process.pid": 3402,
@@ -53,7 +53,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "localhost",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 152,
         "process.name": "sshd",
         "process.pid": 7483,
@@ -89,7 +89,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "localhost",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 254,
         "process.name": "sshd",
         "process.pid": 3430,
@@ -123,7 +123,7 @@
         ],
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 324,
         "process.name": "sshd",
         "process.pid": 5774,
@@ -160,7 +160,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "localhost",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 420,
         "process.name": "sudo",
         "related.hosts": [
@@ -185,7 +185,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "slave22",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 522,
         "process.name": "sshd",
         "process.pid": 18406,
@@ -214,7 +214,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "localhost",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 616,
         "process.name": "sudo",
         "related.hosts": [
@@ -239,7 +239,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "precise32",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 735,
         "process.name": "sudo",
         "related.hosts": [
@@ -275,7 +275,7 @@
         "group.id": "48",
         "group.name": "apache",
         "host.hostname": "localhost",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 860,
         "process.name": "groupadd",
         "process.pid": 6991,
@@ -300,7 +300,7 @@
         "fileset.name": "auth",
         "group.id": "48",
         "host.hostname": "localhost",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 933,
         "process.name": "useradd",
         "process.pid": 6995,
@@ -323,7 +323,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "localhost",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1056,
         "process.name": "sshd",
         "process.pid": 10161,
diff --git a/filebeat/module/system/auth/test/timestamp.log-expected.json b/filebeat/module/system/auth/test/timestamp.log-expected.json
index fd083732af6..52b028dd3b0 100644
--- a/filebeat/module/system/auth/test/timestamp.log-expected.json
+++ b/filebeat/module/system/auth/test/timestamp.log-expected.json
@@ -7,7 +7,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "localhost",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.file.path": "timestamp.log",
         "log.offset": 0,
         "message": "pam_unix(sudo-i:session): session opened for user root by userauth3(uid=0)",
@@ -32,7 +32,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "auth",
         "host.hostname": "localhost",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.file.path": "timestamp.log",
         "log.offset": 118,
         "message": "user nobody logged out.",
diff --git a/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json b/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json
index a5957f19b94..eb8947f85c1 100644
--- a/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json
+++ b/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json
@@ -6,7 +6,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.flags": [
             "multiline"
         ],
@@ -26,7 +26,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 907,
         "message": "2016-12-13 11:35:28.421 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSUpdateEngine updateAllExceptProduct:] KSUpdateEngine updating all installed products, except:'com.google.Keystone'.",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -42,7 +42,7 @@
         "event.module": "system",
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1176,
         "message": "--- last message repeated 1 time ---",
         "service.type": "system"
diff --git a/filebeat/module/system/syslog/test/darwin-syslog.log-expected.json b/filebeat/module/system/syslog/test/darwin-syslog.log-expected.json
index 6f12a7a5656..a1620750ff1 100644
--- a/filebeat/module/system/syslog/test/darwin-syslog.log-expected.json
+++ b/filebeat/module/system/syslog/test/darwin-syslog.log-expected.json
@@ -6,7 +6,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 0,
         "message": "2016-12-13 11:35:28.419 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSAgentApp performSelfUpdateWithEngine:] Finished self update check.",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -23,7 +23,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.flags": [
             "multiline"
         ],
@@ -43,7 +43,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1127,
         "message": "2016-12-13 11:35:28.421 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSUpdateEngine updateAllExceptProduct:] KSUpdateEngine updating all installed products, except:'com.google.Keystone'.",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -60,7 +60,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 1396,
         "message": "2016-12-13 11:35:28.422 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSCheckAction performAction] KSCheckAction checking 2 ticket(s).",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -77,7 +77,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.flags": [
             "multiline"
         ],
@@ -97,7 +97,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 2833,
         "message": "2016-12-13 11:35:28.446 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] +[KSCodeSigningVerification verifyBundle:applicationId:error:] KSCodeSigningVerification verifying code signing for '/Applications/Google Chrome.app' with the requirement 'anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists and certificate leaf[subject.OU]=\"EQHXZ8M8AV\" and (identifier=\"com.google.Chrome\")'",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -114,7 +114,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 3377,
         "message": "2016-12-13 11:35:29.430 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] +[KSCodeSigningVerification verifyBundle:applicationId:error:] KSCodeSigningVerification verifying code signing for '/Applications/Google Drive.app' with the requirement 'anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists and certificate leaf[subject.OU]=\"EQHXZ8M8AV\" and (identifier=\"com.google.GoogleDrive\")'",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -131,7 +131,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.flags": [
             "multiline"
         ],
@@ -151,7 +151,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 5675,
         "message": "2016-12-13 11:35:30.116 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSOutOfProcessFetcher beginFetchWithDelegate:] KSOutOfProcessFetcher start fetch from URL: \"https://tools.google.com/service/update2?cup2hreq=423332d883f010d5b10e169646ed851278047f76e6c5d4dbfa2233ef66e3b141&cup2key=6:1566315822\"",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -168,7 +168,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6055,
         "message": "2016-12-13 11:35:30.117 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSOutOfProcessFetcher(PrivateMethods) launchedHelperTaskForToolPath:error:] KSOutOfProcessFetcher launched '/Users/tsg/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch' with process id: 21414",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -185,7 +185,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6436,
         "message": "2016-12-13 11:35:30.118 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSOutOfProcessFetcher beginFetchWithDelegate:] KSOutOfProcessFetcher sending both request and download file location to the helper.",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -202,7 +202,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6719,
         "message": "2016-12-13 11:35:30.118 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] KSSendAllDataToHelper() KSHelperTool wrote 2383 bytes to the helper input.",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -219,7 +219,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 6943,
         "message": "2016-12-13 11:35:30.118 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSOutOfProcessFetcher beginFetchWithDelegate:] Closing the file handle.",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -236,7 +236,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 7166,
         "message": "2016-12-13 11:35:30.118 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSOutOfProcessFetcher beginFetchWithDelegate:] KSOutOfProcessFetcher fetching from URL: \"https://tools.google.com/service/update2?cup2hreq=423332d883f010d5b10e169646ed851278047f76e6c5d4dbfa2233ef66e3b141&cup2key=6:1566315822\"",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -253,7 +253,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 7543,
         "message": "2016-12-13 11:35:30.149 ksfetch[21414/0x7fffcc3f93c0] [lvl=2] KSHelperReceiveAllData() KSHelperTool read 2383 bytes from stdin.",
         "process.name": "ksfetch",
@@ -270,7 +270,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 7722,
         "message": "2016-12-13 11:35:30.151 ksfetch[21414/0x7fffcc3f93c0] [lvl=2] main() Fetcher received a request: <NSMutableURLRequest: 0x100119140> { URL: https://tools.google.com/service/update2?cup2hreq=423332d883f010d5b10e169646ed851278047f76e6c5d4dbfa2233ef66e3b141&cup2key=6:1566315822 }",
         "process.name": "ksfetch",
@@ -287,7 +287,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8050,
         "message": "2016-12-13 11:35:30.151 ksfetch[21414/0x7fffcc3f93c0] [lvl=2] main() Fetcher received a download path: /tmp/KSOutOfProcessFetcher.QTqOLkktQz/download",
         "process.name": "ksfetch",
@@ -304,7 +304,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8251,
         "message": "2016-12-13 11:35:30.152 ksfetch[21414/0x7fffcc3f93c0] [lvl=2] main() ksfetch fetching URL (<NSMutableURLRequest: 0x100119140> { URL: https://tools.google.com/service/update2?cup2hreq=423332d883f010d5b10e169646ed851278047f76e6c5d4dbfa2233ef66e3b141&cup2key=6:1566315822 }) to folder:/tmp/KSOutOfProcessFetcher.QTqOLkktQz/download",
         "process.name": "ksfetch",
@@ -321,7 +321,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8631,
         "message": "2016-12-13 11:35:30.152 ksfetch[21414/0x7fffcc3f93c0] [lvl=2] main() Setting up download file handles...",
         "process.name": "ksfetch",
@@ -338,7 +338,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8787,
         "message": "2016-12-13 11:35:30.348 ksfetch[21414/0x7fffcc3f93c0] [lvl=2] -[FetchDelegate fetcher:finishedWithData:] Fetcher downloaded successfully data of length: 0",
         "process.name": "ksfetch",
@@ -355,7 +355,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 8993,
         "message": "2016-12-13 11:35:30.348 ksfetch[21414/0x7fffcc3f93c0] [lvl=2] main() ksfetch done fetching.",
         "process.name": "ksfetch",
@@ -372,7 +372,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 9136,
         "message": "2016-12-13 11:35:30.351 ksfetch[21414/0x7fffcc3f93c0] [lvl=2] main() Fetcher is exiting.",
         "process.name": "ksfetch",
@@ -389,7 +389,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.flags": [
             "multiline"
         ],
@@ -409,7 +409,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 9540,
         "message": "2016-12-13 11:35:30.354 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSOutOfProcessFetcher(PrivateMethods) helperDidTerminate:] KSOutOfProcessFetcher fetch ended for URL: \"https://tools.google.com/service/update2?cup2hreq=423332d883f010d5b10e169646ed851278047f76e6c5d4dbfa2233ef66e3b141&cup2key=6:1566315822\"",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -426,7 +426,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.flags": [
             "multiline"
         ],
@@ -446,7 +446,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 11060,
         "message": "2016-12-13 11:35:30.356 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSOmahaServer updateInfosForUpdateResponse:updateRequest:infoStore:upToDateTickets:updatedTickets:events:errors:] Response passed CUP validation.",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -463,7 +463,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 11357,
         "message": "2016-12-13 11:35:30.381 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSUpdateCheckAction(PrivateMethods) finishAction] KSUpdateCheckAction found updates: {( )}",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -480,7 +480,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 11599,
         "message": "2016-12-13 11:35:30.384 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSPrefetchAction performAction] KSPrefetchAction no updates to prefetch.",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -497,7 +497,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 11823,
         "message": "2016-12-13 11:35:30.384 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSMultiUpdateAction performAction] KSSilentUpdateAction had no updates to apply.",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -514,7 +514,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 12055,
         "message": "2016-12-13 11:35:30.384 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSMultiUpdateAction performAction] KSPromptAction had no updates to apply.",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -531,7 +531,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 12281,
         "message": "2016-12-13 11:35:30.384 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSAgentApp(KeystoneDelegate) updateEngineFinishedWithErrors:] Keystone finished: errors=0",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -548,7 +548,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 12522,
         "message": "2016-12-13 11:35:30.385 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSUpdateEngine(PrivateMethods) updateFinish] KSUpdateEngine update processing complete.",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -565,7 +565,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.flags": [
             "multiline"
         ],
@@ -585,7 +585,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 13788,
         "message": "2016-12-13 11:35:31.302 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSAgentUploader fetcher:finishedWithData:] Successfully uploaded stats to <NSMutableURLRequest: 0x1003cbcd0> { URL: https://tools.google.com/service/update2 }",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -602,7 +602,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.flags": [
             "multiline"
         ],
@@ -622,7 +622,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 14537,
         "message": "2016-12-13 11:35:32.508 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSAgentApp(KeystoneThread) runKeystonesInThreadWithArg:] Finished with engine thread",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -639,7 +639,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 14773,
         "message": "2016-12-13 11:35:32.825 GoogleSoftwareUpdateAgent[21412/0x7fffcc3f93c0] [lvl=2] -[KSAgentApp checkForUpdates] Finished update check.",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -656,7 +656,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 14975,
         "message": "objc[85294]: __weak variable at 0x60000a8499d0 holds 0x2121212121212121 instead of 0x600006a22fa0. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -673,7 +673,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 15238,
         "message": "objc[85294]: __weak variable at 0x60800f047240 holds 0x2121212121212121 instead of 0x608002231220. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -690,7 +690,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 15501,
         "message": "Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.quicklook[21498])",
@@ -706,7 +706,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 15716,
         "message": "objc[85294]: __weak variable at 0x60000a256990 holds 0x2121212121212121 instead of 0x600006a22420. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -723,7 +723,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 15979,
         "message": "objc[85294]: __weak variable at 0x6080096475d0 holds 0x2121212121212121 instead of 0x608004e21280. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -740,7 +740,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 16242,
         "message": "ASL Sender Statistics",
         "process.name": "syslogd",
@@ -757,7 +757,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 16312,
         "message": "Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.quicklook[21556])",
@@ -773,7 +773,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 16527,
         "message": "Unknown key for integer: _DirtyJetsamMemoryLimit",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.imfoundation.IMRemoteURLConnectionAgent)",
@@ -789,7 +789,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 16689,
         "message": "objc[85294]: __weak variable at 0x60000a85a860 holds 0x2121212121212121 instead of 0x600004a3b9a0. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -806,7 +806,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 16952,
         "message": "Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.quicklook[21581])",
@@ -822,7 +822,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 17167,
         "message": "objc[85294]: __weak variable at 0x608009840580 holds 0x2121212121212121 instead of 0x608004a22940. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -839,7 +839,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 17430,
         "message": "objc[85294]: __weak variable at 0x608009c5b700 holds 0x2121212121212121 instead of 0x608005830020. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -856,7 +856,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 17693,
         "message": "Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.quicklook[21586])",
@@ -872,7 +872,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 17908,
         "message": "objc[85294]: __weak variable at 0x60800ee592d0 holds 0x2121212121212121 instead of 0x608005627220. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -889,7 +889,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 18171,
         "message": "ASL Sender Statistics",
         "process.name": "syslogd",
@@ -906,7 +906,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 18241,
         "message": "objc[85294]: __weak variable at 0x60000c648290 holds 0x2121212121212121 instead of 0x6000050242a0. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -923,7 +923,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 18504,
         "message": "Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.quicklook[21589])",
@@ -939,7 +939,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 18719,
         "message": "objc[85294]: __weak variable at 0x600009840460 holds 0x2121212121212121 instead of 0x60000122e940. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -956,7 +956,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 18982,
         "message": "Unknown key for integer: _DirtyJetsamMemoryLimit",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.imfoundation.IMRemoteURLConnectionAgent)",
@@ -972,7 +972,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 19144,
         "message": "objc[85294]: __weak variable at 0x60000ee5b730 holds 0x2121212121212121 instead of 0x600007821c20. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -989,7 +989,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 19407,
         "message": "Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.quicklook[21946])",
@@ -1005,7 +1005,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 19622,
         "message": "objc[85294]: __weak variable at 0x600006a49940 holds 0x2121212121212121 instead of 0x6000078202e0. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -1022,7 +1022,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 19885,
         "message": "ASL Sender Statistics",
         "process.name": "syslogd",
@@ -1039,7 +1039,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 19955,
         "message": "Invoked notification with id: d63743fb-f17b-4e9e-97d0-88e0e7304682",
         "process.name": "Slack Helper",
@@ -1056,7 +1056,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 20078,
         "message": "Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.quicklook[21966])",
@@ -1072,7 +1072,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 20293,
         "message": "objc[85294]: __weak variable at 0x60800f043dc0 holds 0x2121212121212121 instead of 0x6080026228c0. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -1089,7 +1089,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 20556,
         "message": "Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.quicklook[21981])",
@@ -1105,7 +1105,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 20771,
         "message": "objc[85294]: __weak variable at 0x608009a53600 holds 0x2121212121212121 instead of 0x608000629420. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -1122,7 +1122,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 21034,
         "message": "objc[85294]: __weak variable at 0x60800f259c30 holds 0x2121212121212121 instead of 0x608004a21c20. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -1139,7 +1139,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 21297,
         "message": "ASL Sender Statistics",
         "process.name": "syslogd",
@@ -1156,7 +1156,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 21367,
         "message": "Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.quicklook[22226])",
@@ -1172,7 +1172,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 21582,
         "message": "objc[85294]: __weak variable at 0x60000c647d80 holds 0x2121212121212121 instead of 0x600006e3ee80. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -1189,7 +1189,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 21845,
         "message": "objc[85294]: __weak variable at 0x60800f053a80 holds 0x2121212121212121 instead of 0x608007227ce0. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -1206,7 +1206,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 22108,
         "message": "Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.quicklook[22241])",
@@ -1222,7 +1222,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 22323,
         "message": "objc[85294]: __weak variable at 0x60000a64ce80 holds 0x2121212121212121 instead of 0x600006629940. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -1239,7 +1239,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 22586,
         "message": "objc[85294]: __weak variable at 0x60000a843580 holds 0x2121212121212121 instead of 0x600006629540. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -1256,7 +1256,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 22849,
         "message": "Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.quicklook[22254])",
@@ -1272,7 +1272,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 23064,
         "message": "objc[85294]: __weak variable at 0x60800f45b910 holds 0x2121212121212121 instead of 0x608005822c40. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -1289,7 +1289,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 23327,
         "message": "ASL Sender Statistics",
         "process.name": "syslogd",
@@ -1306,7 +1306,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 23397,
         "message": "Unknown key for integer: _DirtyJetsamMemoryLimit",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.imfoundation.IMRemoteURLConnectionAgent)",
@@ -1322,7 +1322,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 23559,
         "message": "objc[85294]: __weak variable at 0x60000ea5edf0 holds 0x2121212121212121 instead of 0x600003a35a60. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -1339,7 +1339,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 23822,
         "message": "Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.quicklook[22265])",
@@ -1355,7 +1355,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 24037,
         "message": "Invoked notification with id: 52bf37d9-0c4e-4276-8789-9fc7704bdf5b",
         "process.name": "Slack Helper",
@@ -1372,7 +1372,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 24160,
         "message": "Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.quicklook[22292])",
@@ -1388,7 +1388,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 24375,
         "message": "Invoked notification with id: c6c7e356-60a7-4b9e-a9b1-ecc2b8ad09f2",
         "process.name": "Slack Helper",
@@ -1405,7 +1405,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 24498,
         "message": "objc[85294]: __weak variable at 0x60800f246430 holds 0x2121212121212121 instead of 0x608001c26d00. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -1422,7 +1422,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 24761,
         "message": "objc[85294]: __weak variable at 0x60800c85fd80 holds 0x2121212121212121 instead of 0x608005a3a420. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -1439,7 +1439,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 25024,
         "message": "ASL Sender Statistics",
         "process.name": "syslogd",
@@ -1456,7 +1456,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 25094,
         "message": "Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.quicklook[22305])",
@@ -1472,7 +1472,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 25309,
         "message": "objc[85294]: __weak variable at 0x600006452400 holds 0x2121212121212121 instead of 0x60000763bac0. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -1489,7 +1489,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 25572,
         "message": "2016-12-13 12:35:56.416 GoogleSoftwareUpdateAgent[22318/0x7fffcc3f93c0] [lvl=2] -[KSAgentApp setupLoggerOutput] Agent settings: <KSAgentSettings:0x100505750 bundleID=com.google.Keystone.Agent lastCheck=2016-12-13 10:35:32 +0000 checkInterval=18000.000000 uiDisplayInterval=604800.000000 sleepInterval=1800.000000 jitterInterval=900 maxRunInterval=0.000000 isConsoleUser=1 ticketStorePath=/Users/tsg/Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore runMode=3 daemonUpdateEngineBrokerServiceName=com.google.Keystone.Daemon.UpdateEngine daemonAdministrationServiceName=com.google.Keystone.Daemon.Administration logEverything=0 logBufferSize=2048 alwaysPromptForUpdates=0 productIDToUpdate=(null) lastUIDisplayed=(null) alwaysShowStatusItem=0 updateCheckTag=(null) printResults=NO userInitiated=NO>",
         "process.name": "GoogleSoftwareUpdateAgent",
@@ -1506,7 +1506,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 26456,
         "message": "Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.quicklook[22324])",
@@ -1522,7 +1522,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 26671,
         "message": "objc[85294]: __weak variable at 0x60800f24d0f0 holds 0x2121212121212121 instead of 0x608007423ee0. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -1539,7 +1539,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 26934,
         "message": "Invoked notification with id: aa608788-d049-4d1a-9112-521c71702371",
         "process.name": "Slack Helper",
@@ -1556,7 +1556,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 27057,
         "message": "Unknown key for integer: _DirtyJetsamMemoryLimit",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.imfoundation.IMRemoteURLConnectionAgent)",
@@ -1572,7 +1572,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 27219,
         "message": "Invoked notification with id: d75f9ec1-a8fd-41c2-a45e-6df2952f0702",
         "process.name": "Slack Helper",
@@ -1589,7 +1589,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 27342,
         "message": "Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.quicklook[22336])",
@@ -1605,7 +1605,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 27557,
         "message": "objc[85294]: __weak variable at 0x60800a2535a0 holds 0x2121212121212121 instead of 0x608003828e20. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -1622,7 +1622,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 27820,
         "message": "ASL Sender Statistics",
         "process.name": "syslogd",
@@ -1639,7 +1639,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 27890,
         "message": "objc[85294]: __weak variable at 0x60800f241d50 holds 0x2121212121212121 instead of 0x60800562f380. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -1656,7 +1656,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 28153,
         "message": "Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook",
         "process.name": "com.apple.xpc.launchd[1] (com.apple.quicklook[22348])",
@@ -1672,7 +1672,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 28368,
         "message": "objc[85294]: __weak variable at 0x60000c444450 holds 0x2121212121212121 instead of 0x600007237f00. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
@@ -1689,7 +1689,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "a-mac-with-esc-key",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 28631,
         "message": "objc[85294]: __weak variable at 0x60000c4424a0 holds 0x2121212121212121 instead of 0x600007026520. This is probably incorrect use of objc_storeWeak() and objc_loadWeak(). Break on objc_weak_error to debug.",
         "process.name": "Google Chrome",
diff --git a/filebeat/module/system/syslog/test/suse-syslog.log-expected.json b/filebeat/module/system/syslog/test/suse-syslog.log-expected.json
index 4090efed2e7..c07c51851de 100644
--- a/filebeat/module/system/syslog/test/suse-syslog.log-expected.json
+++ b/filebeat/module/system/syslog/test/suse-syslog.log-expected.json
@@ -6,7 +6,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "linux-sqrz",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 0,
         "message": "Stopped target Basic System.",
         "process.name": "systemd",
@@ -23,7 +23,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "linux-sqrz",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.offset": 88,
         "message": "Stopped target Paths.",
         "process.name": "systemd",
diff --git a/filebeat/module/system/syslog/test/tz-offset.log-expected.json b/filebeat/module/system/syslog/test/tz-offset.log-expected.json
index 905d8cfd95d..eacba0d40ac 100644
--- a/filebeat/module/system/syslog/test/tz-offset.log-expected.json
+++ b/filebeat/module/system/syslog/test/tz-offset.log-expected.json
@@ -7,7 +7,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "rmbkmonitor04",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.file.path": "tz-offset.log",
         "log.offset": 0,
         "message": "shutting down for system halt",
@@ -26,7 +26,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "rmbkmonitor04",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.file.path": "tz-offset.log",
         "log.offset": 89,
         "message": "constraint_0_power_limit_uw exceeded.",
@@ -44,7 +44,7 @@
         "event.timezone": "-02:00",
         "fileset.name": "syslog",
         "host.hostname": "localhost",
-        "input.type": "log",
+        "input.type": "system-logs",
         "log.file.path": "tz-offset.log",
         "log.offset": 184,
         "message": "pam_unix(sudo-i:session): session opened for user root by userauth3(uid=0)",

From 2bafcf095167fd03d03e00cbd5095778243fedc4 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Fri, 11 Oct 2024 11:18:02 -0400
Subject: [PATCH 35/38] set input type back to the old config

---
 filebeat/input/systemlogs/input.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/filebeat/input/systemlogs/input.go b/filebeat/input/systemlogs/input.go
index 81777d702fc..64e5dbc7455 100644
--- a/filebeat/input/systemlogs/input.go
+++ b/filebeat/input/systemlogs/input.go
@@ -197,6 +197,10 @@ func toJournaldConfig(cfg *conf.C) (*conf.C, error) {
 		return nil, fmt.Errorf("cannot set 'type': %w", err)
 	}
 
+	if err := cfg.SetString("type", -1, pluginName); err != nil {
+		return nil, fmt.Errorf("cannot set type back to '%s': %w", pluginName, err)
+	}
+
 	return newCfg, nil
 }
 
@@ -234,5 +238,8 @@ func toFilesConfig(cfg *conf.C) (*conf.C, error) {
 		return nil, fmt.Errorf("cannot set 'type': %w", err)
 	}
 
+	if err := cfg.SetString("type", -1, pluginName); err != nil {
+		return nil, fmt.Errorf("cannot set type back to '%s': %w", pluginName, err)
+	}
 	return newCfg, nil
 }

From 11e66554c03e45f6acff259ca9fc7262a90fbde1 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Fri, 11 Oct 2024 12:25:43 -0400
Subject: [PATCH 36/38] Remove un-used code and small updates

---
 CHANGELOG-developer.next.asciidoc     |  1 -
 CHANGELOG.next.asciidoc               |  2 ++
 filebeat/fileset/fileset.go           | 12 ------------
 filebeat/input/systemlogs/input.go    | 14 ++++++++++++--
 filebeat/module/system/README.md      | 20 +++++++++++---------
 filebeat/tests/system/test_modules.py |  7 +++++--
 6 files changed, 30 insertions(+), 26 deletions(-)

diff --git a/CHANGELOG-developer.next.asciidoc b/CHANGELOG-developer.next.asciidoc
index 1ed05fc255a..92d93f88b98 100644
--- a/CHANGELOG-developer.next.asciidoc
+++ b/CHANGELOG-developer.next.asciidoc
@@ -207,7 +207,6 @@ The list below covers the major changes between 7.0.0-rc2 and main only.
 - Added filebeat debug histograms for s3 object size and events per processed s3 object. {pull}40775[40775]
 - Simplified GCS input state checkpoint calculation logic. {issue}40878[40878] {pull}40937[40937] 
 - Simplified Azure Blob Storage input state checkpoint calculation logic. {issue}40674[40674] {pull}40936[40936]
-- Filebeat module template now support 'append' function {pull}41061[41061]
 
 ==== Deprecated
 
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 46ad0c0733e..dbb45c729d9 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -46,6 +46,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 - Added `container.image.name` to `journald` Filebeat input's Docker-specific translated fields. {pull}40450[40450]
 - Change log.file.path field in awscloudwatch input to nested object. {pull}41099[41099]
 - Remove deprecated awscloudwatch field from Filebeat. {pull}41089[41089]
+- System module events now contain `input.type: systemlogs` instead of `input.type: log` when harvesting log files. {pull}41061[41061]
 
 
 *Heartbeat*
@@ -325,6 +326,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 - Add CSV decoding capacity to azureblobstorage input {pull}40978[40978]
 - Add CSV decoding capacity to gcs input {pull}40979[40979]
 - Jounrald input now supports filtering by facilities {pull}41061[41061]
+- System module now supports reading from jounrald. {pull}41061[41061]
 
 *Auditbeat*
 
diff --git a/filebeat/fileset/fileset.go b/filebeat/fileset/fileset.go
index 3282e819d12..b4546327e49 100644
--- a/filebeat/fileset/fileset.go
+++ b/filebeat/fileset/fileset.go
@@ -31,8 +31,6 @@ import (
 	"strings"
 	"text/template"
 
-	"github.com/elastic/go-sysinfo"
-	"github.com/elastic/go-sysinfo/types"
 	"github.com/elastic/go-ucfg"
 
 	"gopkg.in/yaml.v2"
@@ -317,9 +315,6 @@ func getTemplateFunctions(vars map[string]interface{}) (template.FuncMap, error)
 				builtinVars["beatVersion"].(string),
 			)
 		},
-		"append": func(s []any, vals ...any) []any {
-			return append(s, vals...)
-		},
 	}, nil
 }
 
@@ -337,11 +332,6 @@ func (fs *Fileset) getBuiltinVars(info beat.Info) (map[string]interface{}, error
 		domain = split[1]
 	}
 
-	hostInfo, err := sysinfo.Host()
-	if err != nil && !errors.Is(err, types.ErrNotImplemented) {
-		return nil, fmt.Errorf("cannot get host information: %w", err)
-	}
-
 	vars := map[string]interface{}{
 		"prefix":      info.IndexPrefix,
 		"hostname":    hostname,
@@ -349,8 +339,6 @@ func (fs *Fileset) getBuiltinVars(info beat.Info) (map[string]interface{}, error
 		"module":      fs.mname,
 		"fileset":     fs.name,
 		"beatVersion": info.Version,
-		"osVersion":   hostInfo.Info().OS.Version,
-		"osFamily":    hostInfo.Info().OS.Family,
 	}
 
 	return vars, nil
diff --git a/filebeat/input/systemlogs/input.go b/filebeat/input/systemlogs/input.go
index 64e5dbc7455..98dca399688 100644
--- a/filebeat/input/systemlogs/input.go
+++ b/filebeat/input/systemlogs/input.go
@@ -61,7 +61,8 @@ func (c *config) Validate() error {
 	return nil
 }
 
-// newV1Input creates a new log input
+// newV1Input checks whether the log input must be created and
+// delegates to loginput.NewInput if needed.
 func newV1Input(
 	cfg *conf.C,
 	outlet channel.Connector,
@@ -105,7 +106,7 @@ func configure(cfg *conf.C) ([]cursor.Source, cursor.Input, error) {
 	return journald.Configure(journaldCfg)
 }
 
-// PluginV2 creates a v2 plugin that will instantiate a journald
+// PluginV2 creates a v2.Plugin that will instantiate a journald
 // input if needed.
 func PluginV2(logger *logp.Logger, store cursor.StateStore) v2.Plugin {
 	logger = logger.Named(pluginName)
@@ -125,6 +126,15 @@ func PluginV2(logger *logp.Logger, store cursor.StateStore) v2.Plugin {
 	}
 }
 
+// useJournald returns true if jounrald should be used.
+// If there is an error, false is always retruned.
+//
+// The decision logic is:
+//   - If UseJournald is set, return true
+//   - If UseFiles is set, return false
+//   - If the globs defined in `files.paths` match any existing file,
+//     return false
+//   - Otherwise return true
 func useJournald(c *conf.C) (bool, error) {
 	cfg := config{}
 	if err := c.Unpack(&cfg); err != nil {
diff --git a/filebeat/module/system/README.md b/filebeat/module/system/README.md
index 8e73abf62aa..2471264cfcf 100644
--- a/filebeat/module/system/README.md
+++ b/filebeat/module/system/README.md
@@ -1,12 +1,14 @@
 # Journald tests (Debian 12)
 The tests for the journald input (currently only used for Debian 12
-testing require journal files (test files ending in `.journal`), those
+testing) require journal files (test files ending in `.journal`), those
 files are generated using `systemd-journal-remote` (see the [Journald
-input README.md](../../input/journald/README.md) for more details) as
-a dataset the `.export` files are used. Those files are the raw output
-of `journalctl -o export`. They are added here because journal files
-format change with different versions of journald, which can cause
-`journalclt` to fail reading them, which leads to test failures. So if
-tests start failing because `journalctl` cannot read the journal files
-as expected, new ones can easily be generated with the current version
-used for testing.
+input README.md](../../input/journald/README.md) for more details).
+
+The source for those journal files are the `.export` files in the test
+folder. Those files are the raw output of `journalctl -o export`. They
+are added here because journal files format change with different
+versions of journald, which can cause `journalclt` to fail reading
+them, which leads to test failures. So if tests start failing because
+`journalctl` cannot read the journal files as expected, new ones can
+easily be generated with the same version of journalctl used on CI
+and the original dataset.
diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py
index 955c96a7744..db8022b372f 100644
--- a/filebeat/tests/system/test_modules.py
+++ b/filebeat/tests/system/test_modules.py
@@ -225,11 +225,14 @@ def run_on_file(self, module, fileset, test_file, cfgfile):
                                     bufsize=0)
             # The journald input (used by some modules like 'system') does not
             # support the -once flag, hence we run Filebeat for at most
-            # 15 seconds, if it does not finish, then we try to gracefully
-            # terminate it.
+            # 15 seconds, if it does not finish, then kill the process.
+            # If for any reason the Filebeat process gets stuck, only SIGKILL
+            # will terminate it. We use SIGKILL to avoid leaking any running
+            # process that could interfere with other tests
             try:
                 proc.wait(15)
             except subprocess.TimeoutExpired:
+                # Send SIGKILL
                 proc.kill()
 
         # List of errors to check in filebeat output logs

From fbfdbbe260a01761c0271b73b42c2874e7f503a3 Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Fri, 11 Oct 2024 13:04:59 -0400
Subject: [PATCH 37/38] move grok step to a separated pipeline

---
 filebeat/module/system/auth/ingest/files.yml  | 13 ++-----------
 .../system/auth/ingest/grok-auth-messages.yml | 14 ++++++++++++++
 .../module/system/auth/ingest/journald.yml    | 19 ++++++++-----------
 filebeat/module/system/auth/manifest.yml      |  1 +
 4 files changed, 25 insertions(+), 22 deletions(-)
 create mode 100644 filebeat/module/system/auth/ingest/grok-auth-messages.yml

diff --git a/filebeat/module/system/auth/ingest/files.yml b/filebeat/module/system/auth/ingest/files.yml
index c89ef94b28a..39611f484a8 100644
--- a/filebeat/module/system/auth/ingest/files.yml
+++ b/filebeat/module/system/auth/ingest/files.yml
@@ -18,18 +18,9 @@ processors:
         TIMESTAMP: (?:%{TIMESTAMP_ISO8601}|%{SYSLOGTIMESTAMP})
       patterns:
         - '^%{TIMESTAMP:system.auth.timestamp} %{SYSLOGHOST:host.hostname}? %{DATA:process.name}(?:\[%{POSINT:process.pid:long}\])?:%{SPACE}%{GREEDYMULTILINE:_temp.message}$'
-  - grok:
+  - pipeline:
       description: Grok specific auth messages.
-      tag: grok-specific-messages
-      field: _temp.message
-      ignore_missing: true
-      patterns:
-        - '^%{DATA:system.auth.ssh.event} %{DATA:system.auth.ssh.method} for (invalid user)?%{DATA:user.name} from %{IPORHOST:source.address} port %{NUMBER:source.port:long} ssh2(: %{GREEDYDATA:system.auth.ssh.signature})?'
-        - '^%{DATA:system.auth.ssh.event} user %{DATA:user.name} from %{IPORHOST:source.address}'
-        - '^Did not receive identification string from %{IPORHOST:system.auth.ssh.dropped_ip}'
-        - '^%{DATA:user.name} :( %{DATA:system.auth.sudo.error} ;)? TTY=%{DATA:system.auth.sudo.tty} ; PWD=%{DATA:system.auth.sudo.pwd} ; USER=%{DATA:system.auth.sudo.user} ; COMMAND=%{GREEDYDATA:system.auth.sudo.command}'
-        - '^new group: name=%{DATA:group.name}, GID=%{NUMBER:group.id}'
-        - '^new user: name=%{DATA:user.name}, UID=%{NUMBER:user.id}, GID=%{NUMBER:group.id}, home=%{DATA:system.auth.useradd.home}, shell=%{DATA:system.auth.useradd.shell}$'
+      name: '{< IngestPipeline "grok-auth-messages" >}'
       on_failure:
         - rename:
             description: Leave the unmatched content in message.
diff --git a/filebeat/module/system/auth/ingest/grok-auth-messages.yml b/filebeat/module/system/auth/ingest/grok-auth-messages.yml
new file mode 100644
index 00000000000..fc09abbff5e
--- /dev/null
+++ b/filebeat/module/system/auth/ingest/grok-auth-messages.yml
@@ -0,0 +1,14 @@
+description: Journald Pipeline for system/auth Filebeat module
+processors:
+  - grok:
+      description: Grok specific auth messages.
+      tag: grok-specific-messages
+      field: _temp.message
+      ignore_missing: true
+      patterns:
+        - '^%{DATA:system.auth.ssh.event} %{DATA:system.auth.ssh.method} for (invalid user)?%{DATA:user.name} from %{IPORHOST:source.address} port %{NUMBER:source.port:long} ssh2(: %{GREEDYDATA:system.auth.ssh.signature})?'
+        - '^%{DATA:system.auth.ssh.event} user %{DATA:user.name} from %{IPORHOST:source.address}'
+        - '^Did not receive identification string from %{IPORHOST:system.auth.ssh.dropped_ip}'
+        - '^%{DATA:user.name} :( %{DATA:system.auth.sudo.error} ;)? TTY=%{DATA:system.auth.sudo.tty} ; PWD=%{DATA:system.auth.sudo.pwd} ; USER=%{DATA:system.auth.sudo.user} ; COMMAND=%{GREEDYDATA:system.auth.sudo.command}'
+        - '^new group: name=%{DATA:group.name}, GID=%{NUMBER:group.id}'
+        - '^new user: name=%{DATA:user.name}, UID=%{NUMBER:user.id}, GID=%{NUMBER:group.id}, home=%{DATA:system.auth.useradd.home}, shell=%{DATA:system.auth.useradd.shell}$'
diff --git a/filebeat/module/system/auth/ingest/journald.yml b/filebeat/module/system/auth/ingest/journald.yml
index 2789436f6f5..10e7ae96054 100644
--- a/filebeat/module/system/auth/ingest/journald.yml
+++ b/filebeat/module/system/auth/ingest/journald.yml
@@ -6,19 +6,16 @@ processors:
   - rename:
       field: "journald.process.name"
       target_field: process.name
-  - grok:
-      description: Grok specific auth messages.
-      tag: grok-specific-messages
+  - rename:
       field: message
-      ignore_missing: true
-      patterns:
-        - '^%{DATA:system.auth.ssh.event} %{DATA:system.auth.ssh.method} for (invalid user)?%{DATA:user.name} from %{IPORHOST:source.address} port %{NUMBER:source.port:long} ssh2(: %{GREEDYDATA:system.auth.ssh.signature})?'
-        - '^%{DATA:system.auth.ssh.event} user %{DATA:user.name} from %{IPORHOST:source.address}'
-        - '^Did not receive identification string from %{IPORHOST:system.auth.ssh.dropped_ip}'
-        - '^%{DATA:user.name} :( %{DATA:system.auth.sudo.error} ;)? TTY=%{DATA:system.auth.sudo.tty} ; PWD=%{DATA:system.auth.sudo.pwd} ; USER=%{DATA:system.auth.sudo.user} ; COMMAND=%{GREEDYDATA:system.auth.sudo.command}'
-        - '^new group: name=%{DATA:group.name}, GID=%{NUMBER:group.id}'
-        - '^new user: name=%{DATA:user.name}, UID=%{NUMBER:user.id}, GID=%{NUMBER:group.id}, home=%{DATA:system.auth.useradd.home}, shell=%{DATA:system.auth.useradd.shell}$'
+      target_field: _temp.message
+  - pipeline:
+      description: Grok specific auth messages.
+      name: '{< IngestPipeline "grok-auth-messages" >}'
       ignore_failure: true
+  - rename:
+      field: _temp.message
+      target_field: message
   - grok:
       description: Grok usernames from PAM messages.
       tag: grok-pam-users
diff --git a/filebeat/module/system/auth/manifest.yml b/filebeat/module/system/auth/manifest.yml
index 857ad65f89d..4b99d6407b7 100644
--- a/filebeat/module/system/auth/manifest.yml
+++ b/filebeat/module/system/auth/manifest.yml
@@ -21,4 +21,5 @@ ingest_pipeline:
   - ingest/entrypoint.yml
   - ingest/files.yml
   - ingest/journald.yml
+  - ingest/grok-auth-messages.yml
 input: config/auth.yml

From ea2e83304e388e6b09313d9ddcab62a2bcce01ce Mon Sep 17 00:00:00 2001
From: Tiago Queiroz <tiago.queiroz@elastic.co>
Date: Fri, 11 Oct 2024 15:54:50 -0400
Subject: [PATCH 38/38] Add build constraints to support non-linux systems

---
 filebeat/input/systemlogs/input.go       | 21 ----------
 filebeat/input/systemlogs/input_linux.go | 49 ++++++++++++++++++++++++
 filebeat/input/systemlogs/input_other.go | 31 +++++++++++++++
 3 files changed, 80 insertions(+), 21 deletions(-)
 create mode 100644 filebeat/input/systemlogs/input_linux.go
 create mode 100644 filebeat/input/systemlogs/input_other.go

diff --git a/filebeat/input/systemlogs/input.go b/filebeat/input/systemlogs/input.go
index 98dca399688..789fd65ad5d 100644
--- a/filebeat/input/systemlogs/input.go
+++ b/filebeat/input/systemlogs/input.go
@@ -24,7 +24,6 @@ import (
 
 	"github.com/elastic/beats/v7/filebeat/channel"
 	v1 "github.com/elastic/beats/v7/filebeat/input"
-	"github.com/elastic/beats/v7/filebeat/input/journald"
 	loginput "github.com/elastic/beats/v7/filebeat/input/log"
 	v2 "github.com/elastic/beats/v7/filebeat/input/v2"
 	cursor "github.com/elastic/beats/v7/filebeat/input/v2/input-cursor"
@@ -86,26 +85,6 @@ func newV1Input(
 	return loginput.NewInput(logCfg, outlet, context)
 }
 
-// configure checks whether the journald input must be created and
-// delegates to journald.Configure if needed.
-func configure(cfg *conf.C) ([]cursor.Source, cursor.Input, error) {
-	jouranl, err := useJournald(cfg)
-	if err != nil {
-		return nil, nil, fmt.Errorf("cannot decide between journald and files: %w", err)
-	}
-
-	if !jouranl {
-		return nil, nil, v2.ErrUnknownInput
-	}
-
-	journaldCfg, err := toJournaldConfig(cfg)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	return journald.Configure(journaldCfg)
-}
-
 // PluginV2 creates a v2.Plugin that will instantiate a journald
 // input if needed.
 func PluginV2(logger *logp.Logger, store cursor.StateStore) v2.Plugin {
diff --git a/filebeat/input/systemlogs/input_linux.go b/filebeat/input/systemlogs/input_linux.go
new file mode 100644
index 00000000000..5a98c270b97
--- /dev/null
+++ b/filebeat/input/systemlogs/input_linux.go
@@ -0,0 +1,49 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+//go:build linux
+
+package systemlogs
+
+import (
+	"fmt"
+
+	"github.com/elastic/beats/v7/filebeat/input/journald"
+	v2 "github.com/elastic/beats/v7/filebeat/input/v2"
+	cursor "github.com/elastic/beats/v7/filebeat/input/v2/input-cursor"
+	conf "github.com/elastic/elastic-agent-libs/config"
+)
+
+// configure checks whether the journald input must be created and
+// delegates to journald.Configure if needed.
+func configure(cfg *conf.C) ([]cursor.Source, cursor.Input, error) {
+	jouranl, err := useJournald(cfg)
+	if err != nil {
+		return nil, nil, fmt.Errorf("cannot decide between journald and files: %w", err)
+	}
+
+	if !jouranl {
+		return nil, nil, v2.ErrUnknownInput
+	}
+
+	journaldCfg, err := toJournaldConfig(cfg)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return journald.Configure(journaldCfg)
+}
diff --git a/filebeat/input/systemlogs/input_other.go b/filebeat/input/systemlogs/input_other.go
new file mode 100644
index 00000000000..ab21d3864b1
--- /dev/null
+++ b/filebeat/input/systemlogs/input_other.go
@@ -0,0 +1,31 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+//go:build !linux
+
+package systemlogs
+
+import (
+	"errors"
+
+	cursor "github.com/elastic/beats/v7/filebeat/input/v2/input-cursor"
+	conf "github.com/elastic/elastic-agent-libs/config"
+)
+
+func configure(cfg *conf.C) ([]cursor.Source, cursor.Input, error) {
+	return nil, nil, errors.New("journald is only supported on Linux")
+}