diff --git a/ansible-role-elasticsearch/defaults/main.yml b/ansible-role-elasticsearch/defaults/main.yml index 2e73fe5b..ace0aeed 100644 --- a/ansible-role-elasticsearch/defaults/main.yml +++ b/ansible-role-elasticsearch/defaults/main.yml @@ -4,4 +4,4 @@ elasticsearch_node_name: node-1 elasticsearch_http_port: 9200 elasticsearch_network_host: 127.0.0.1 elasticsearch_jvm_xms: 1g -elastic_stack_version: 5.4.0 +elastic_stack_version: 5.5.0 diff --git a/ansible-role-elasticsearch/tasks/RedHat.yml b/ansible-role-elasticsearch/tasks/RedHat.yml index ceaf4357..e91f8417 100644 --- a/ansible-role-elasticsearch/tasks/RedHat.yml +++ b/ansible-role-elasticsearch/tasks/RedHat.yml @@ -12,11 +12,6 @@ register: oracle_java_task_rpm_installed tags: install -- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key - rpm_key: - key: https://artifacts.elastic.co/GPG-KEY-elasticsearch - state: present - - name: RedHat/CentOS/Fedora | Install Elastic repo yum_repository: name: elk_repo diff --git a/ansible-role-filebeat/meta/main.yml b/ansible-role-filebeat/meta/main.yml index e465470b..e010fea4 100644 --- a/ansible-role-filebeat/meta/main.yml +++ b/ansible-role-filebeat/meta/main.yml @@ -3,7 +3,7 @@ dependencies: [] galaxy_info: author: Wazuh - description: Installing and maintaining Elasticsearch server. + description: Installing and maintaining filebeat server. company: wazuh.com license: license (GPLv3) min_ansible_version: 2.0 diff --git a/ansible-role-filebeat/tasks/RedHat.yml b/ansible-role-filebeat/tasks/RedHat.yml index 47180b24..ea3ec3fe 100644 --- a/ansible-role-filebeat/tasks/RedHat.yml +++ b/ansible-role-filebeat/tasks/RedHat.yml @@ -1,9 +1,4 @@ --- -- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key. - rpm_key: - key: https://artifacts.elastic.co/GPG-KEY-elasticsearch - state: present - - name: RedHat/CentOS/Fedora | Install Filebeats repo yum_repository: name: elk_repo diff --git a/ansible-role-kibana/defaults/main.yml b/ansible-role-kibana/defaults/main.yml index b8bd9381..339df35f 100644 --- a/ansible-role-kibana/defaults/main.yml +++ b/ansible-role-kibana/defaults/main.yml @@ -3,4 +3,4 @@ elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" -elastic_stack_version: 5.4.0 +elastic_stack_version: 5.5.0 diff --git a/ansible-role-kibana/tasks/RedHat.yml b/ansible-role-kibana/tasks/RedHat.yml index 52759c15..983e4101 100644 --- a/ansible-role-kibana/tasks/RedHat.yml +++ b/ansible-role-kibana/tasks/RedHat.yml @@ -1,9 +1,4 @@ --- -- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key - rpm_key: - key: https://artifacts.elastic.co/GPG-KEY-elasticsearch - state: present - - name: RedHat/CentOS/Fedora | Install Elastic repo yum_repository: name: elk_repo diff --git a/ansible-role-logstash/README.md b/ansible-role-logstash/README.md index 692bf658..b0638aaa 100644 --- a/ansible-role-logstash/README.md +++ b/ansible-role-logstash/README.md @@ -17,9 +17,17 @@ Role Variables -------------- ``` --- + logstash_create_config: true + logstash_input_beats: false + elasticsearch_network_host: "127.0.0.1" elasticsearch_http_port: "9200" elastic_stack_version: 5.4.0 + + logstash_ssl: false + logstash_ssl_dir: /etc/pki/logstash + logstash_ssl_certificate_file: "" + logstash_ssl_key_file: "" ``` Example Playbook diff --git a/ansible-role-logstash/defaults/main.yml b/ansible-role-logstash/defaults/main.yml index d8a11ad1..0eba9a32 100644 --- a/ansible-role-logstash/defaults/main.yml +++ b/ansible-role-logstash/defaults/main.yml @@ -4,7 +4,7 @@ logstash_input_beats: false elasticsearch_network_host: "127.0.0.1" elasticsearch_http_port: "9200" -elastic_stack_version: 5.4.0 +elastic_stack_version: 5.5.0 logstash_ssl: false logstash_ssl_dir: /etc/pki/logstash diff --git a/ansible-role-logstash/tasks/RedHat.yml b/ansible-role-logstash/tasks/RedHat.yml index 7cc49718..209cb593 100644 --- a/ansible-role-logstash/tasks/RedHat.yml +++ b/ansible-role-logstash/tasks/RedHat.yml @@ -12,11 +12,6 @@ register: oracle_java_task_rpm_installed tags: install -- name: RedHat/CentOS/Fedora | Add Elasticsearch GPG key. - rpm_key: - key: https://artifacts.elastic.co/GPG-KEY-elasticsearch - state: present - - name: RedHat/CentOS/Fedora | Install Logstash repo yum_repository: name: elk_repo diff --git a/ansible-role-logstash/templates/wazuh-elastic5-template.json.j2 b/ansible-role-logstash/templates/wazuh-elastic5-template.json.j2 index 2ec715f2..f3611d4a 100644 --- a/ansible-role-logstash/templates/wazuh-elastic5-template.json.j2 +++ b/ansible-role-logstash/templates/wazuh-elastic5-template.json.j2 @@ -2,7 +2,9 @@ "order": 0, "template": "wazuh*", "settings": { - "index.refresh_interval": "5s" + "index.refresh_interval": "5s", + "number_of_shards" : 1, + "number_of_replicas" : 0 }, "mappings": { "wazuh": { diff --git a/wazuh-elk.yml b/wazuh-elk.yml new file mode 100644 index 00000000..cbc01980 --- /dev/null +++ b/wazuh-elk.yml @@ -0,0 +1,9 @@ +- hosts: wazuh-manager + roles: + - role: ansible-wazuh-manager + - { role: ansible-role-filebeat, filebeat_output_logstash_hosts: '192.168.212.187:5000' } +- hosts: elastic_stack + roles: + - { role: ansible-role-elasticsearch, elasticsearch_network_host: 'localhost' } + - { role: ansible-role-logstash, logstash_input_beats: true, elasticsearch_network_host: 'localhost' } + - { role: ansible-role-kibana, elasticsearch_network_host: 'localhost' } diff --git a/wazuh-logstash.yml b/wazuh-logstash.yml index 73049220..74f94c94 100644 --- a/wazuh-logstash.yml +++ b/wazuh-logstash.yml @@ -1,3 +1,3 @@ - hosts: logstash roles: - - { role: ansible-role-logstash, elasticsearch_network_host: '192.168.33.182' } + - { role: ansible-role-logstash, elasticsearch_network_host: 'localhost' } diff --git a/wazuh-manager.yml b/wazuh-manager.yml index e7ed4e83..4abeb625 100644 --- a/wazuh-manager.yml +++ b/wazuh-manager.yml @@ -1,4 +1,4 @@ - hosts: wazuh-manager roles: - - role: ansible-wazuh-server + - role: ansible-wazuh-manager - { role: ansible-role-filebeat, filebeat_output_logstash_hosts: '192.168.33.169:5000' }