From a4c4c9336909d00d9331be4c74b69ddcfdf44568 Mon Sep 17 00:00:00 2001
From: Miguelangel Freitas <miguelangel@wazuh.com>
Date: Thu, 13 Jul 2017 13:25:39 -0400
Subject: [PATCH] Logstash role: adding the ability to switch between file and
 beats input

---
 ansible-role-logstash/defaults/main.yml       |  8 ++++++
 .../templates/01-wazuh.conf.j2                | 27 ++++++++++++-------
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/ansible-role-logstash/defaults/main.yml b/ansible-role-logstash/defaults/main.yml
index e8f4adc9..c021a488 100644
--- a/ansible-role-logstash/defaults/main.yml
+++ b/ansible-role-logstash/defaults/main.yml
@@ -1,4 +1,12 @@
 ---
+logstash_create_config: true
+logstash_input_beats: false
+
 elasticsearch_network_host: "127.0.0.1"
 elasticsearch_http_port: "9200"
 elk_stack_version: 5.4.0
+
+logstash_ssl: false
+logstash_ssl_dir: /etc/pki/logstash
+logstash_ssl_certificate_file: ""
+logstash_ssl_key_file: ""
diff --git a/ansible-role-logstash/templates/01-wazuh.conf.j2 b/ansible-role-logstash/templates/01-wazuh.conf.j2
index 1de99ec5..bbfdb32a 100644
--- a/ansible-role-logstash/templates/01-wazuh.conf.j2
+++ b/ansible-role-logstash/templates/01-wazuh.conf.j2
@@ -1,23 +1,30 @@
 # {{ ansible_managed }}
 # Wazuh - Logstash configuration file
+
+{% if logstash_input_beats == true %}
 ## Remote Wazuh Manager - Filebeat input
 input {
     beats {
         port => 5000
         codec => "json_lines"
-#        ssl => true
-#        ssl_certificate => "/etc/logstash/logstash.crt"
-#        ssl_key => "/etc/logstash/logstash.key"
+{% if logstash_ssl == true %}
+        ssl => true
+        ssl_certificate => "{{ logstash_ssl_dir }}/{{ logstash_ssl_certificate_file | basename }}"
+        ssl_key => "{{ logstash_ssl_dir }}/{{ logstash_ssl_key_file | basename }}"
+{% endif %}
     }
 }
+{% else %}
 ## Local Wazuh Manager - JSON file input
-#input {
-#   file {
-#       type => "wazuh-alerts"
-#       path => "/var/ossec/logs/alerts/alerts.json"
-#       codec => "json"
-#   }
-#}
+input {
+   file {
+       type => "wazuh-alerts"
+       path => "/var/ossec/logs/alerts/alerts.json"
+       codec => "json"
+   }
+}
+{% endif %}
+
 filter {
     geoip {
         source => "srcip"