afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Filebeat role: Updating README.md

Browse Source
This commit is contained in:
Miguelangel Freitas 2017-07-12 19:16:21 -04:00
parent 407451f1d2
commit e6c26964c6
1 changed files with 45 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
ansible-role-filebeat/README.md
View File

@ -1,77 +1,63 @@
# Ansible Role: Filebeat for ELK Stack
Ansible Role: Filebeat for ELK Stack
------------------------------------
An Ansible Role that installs [Filebeat](https://www.elastic.co/products/beats/filebeat) on RedHat/CentOS or Debian/Ubuntu.
An Ansible Role that installs [Filebeat](https://www.elastic.co/products/beats/filebeat), this can be used in conjunction with [ansible-wazuh-manager](https://github.com/wazuh/wazuh-ansible/ansible-wazuh-server).
## Requirements
Requirements
------------
None.
This role will work on:
* Red Hat
* CentOS
* Fedora
* Debian
* Ubuntu
## Role Variables
Role Variables
--------------
Available variables are listed below, along with default values (see `defaults/main.yml`):
filebeat_create_config: true
```
filebeat_create_config: true
Whether to create the Filebeat configuration file and handle the copying of SSL key and cert for filebeat. If you prefer to create a configuration file yourself you can set this to `false`.
filebeat_prospectors:
- input_type: log
paths:
- "/var/ossec/logs/alerts/alerts.json"
document_type: json
json.message_key: log
json.keys_under_root: true
json.overwrite_keys: true
filebeat_prospectors:
- input_type: log
paths:
- "/var/log/*.log"
filebeat_output_elasticsearch_enabled: false
filebeat_output_elasticsearch_hosts:
- "localhost:9200"
Prospectors that will be listed in the `prospectors` section of the Filebeat configuration. Read through the [Filebeat Prospectors configuration guide](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html) for more options.
filebeat_output_logstash_enabled: true
filebeat_output_logstash_hosts:
- "192.168.212.158:5000"
filebeat_output_elasticsearch_enabled: false
filebeat_output_elasticsearch_hosts:
- "localhost:9200"
filebeat_enable_logging: true
filebeat_log_level: debug
filebeat_log_dir: /var/log/mybeat
filebeat_log_filename: mybeat.log
Whether to enable Elasticsearch output, and which hosts to send output to.
filebeat_ssl_dir: /etc/pki/logstash
filebeat_ssl_certificate_file: ""
filebeat_ssl_key_file: ""
filebeat_ssl_insecure: "false"
```
filebeat_output_logstash_enabled: true
filebeat_output_logstash_hosts:
- "localhost:5000"
License and copyright
---------------------
Whether to enable Logstash output, and which hosts to send output to.
WAZUH Copyright (C) 2017 Wazuh Inc. (License GPLv3)
filebeat_enable_logging: false
filebeat_log_level: warning
filebeat_log_dir: /var/log/filebeat
filebeat_log_filename: filebeat.log
### Based on previous work from geerlingguy
Filebeat logging.
- https://github.com/geerlingguy/ansible-role-filebeat
filebeat_ssl_dir: /etc/pki/logstash
### Modified by Wazuh
The path where certificates and keyfiles will be stored.
filebeat_ssl_certificate_file: ""
filebeat_ssl_key_file: ""
Local paths to the SSL certificate and key files, which will be copied into the `filebeat_ssl_dir`.
For utmost security, you should use your own valid certificate and keyfile, and update the `filebeat_ssl_*` variables in your playbook to use your certificate.
To generate a self-signed certificate/key pair, you can use use the command:
$ sudo openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout filebeat.key -out filebeat.crt
Note that filebeat and logstash may not work correctly with self-signed certificates unless you also have the full chain of trust (including the Certificate Authority for your self-signed cert) added on your server. See: https://github.com/elastic/logstash/issues/4926#issuecomment-203936891
filebeat_ssl_insecure: "false"
Set this to `"true"` to allow the use of self-signed certificates (when a CA isn't available).
## Dependencies
None.
## License
MIT / BSD
## Author Information
This role was created in 2016 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).
## Modified
The playbooks have been modified by Wazuh, Inc, including some specific requirements, templates and configuration for integrating Elastic Stack and Wazuh ecosystem.
The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem.