afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Filebeat role: Updating README.md

Browse Source
This commit is contained in:
Miguelangel Freitas 2017-07-12 19:16:21 -04:00
parent 407451f1d2
commit e6c26964c6
1 changed files with 45 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
ansible-role-filebeat/README.md
View File

@ -1,77 +1,63 @@
# Ansible Role: Filebeat for ELK Stack Ansible Role: Filebeat for ELK Stack
------------------------------------
An Ansible Role that installs [Filebeat](https://www.elastic.co/products/beats/filebeat) on RedHat/CentOS or Debian/Ubuntu. An Ansible Role that installs [Filebeat](https://www.elastic.co/products/beats/filebeat), this can be used in conjunction with [ansible-wazuh-manager](https://github.com/wazuh/wazuh-ansible/ansible-wazuh-server).
## Requirements Requirements
------------
None. This role will work on:
* Red Hat
* CentOS
* Fedora
* Debian
* Ubuntu
## Role Variables Role Variables
--------------
Available variables are listed below, along with default values (see `defaults/main.yml`): Available variables are listed below, along with default values (see `defaults/main.yml`):
```
filebeat_create_config: true filebeat_create_config: true
Whether to create the Filebeat configuration file and handle the copying of SSL key and cert for filebeat. If you prefer to create a configuration file yourself you can set this to `false`.
filebeat_prospectors: filebeat_prospectors:
- input_type: log - input_type: log
paths: paths:
- "/var/log/*.log" - "/var/ossec/logs/alerts/alerts.json"
document_type: json
Prospectors that will be listed in the `prospectors` section of the Filebeat configuration. Read through the [Filebeat Prospectors configuration guide](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html) for more options. json.message_key: log
json.keys_under_root: true
json.overwrite_keys: true
filebeat_output_elasticsearch_enabled: false filebeat_output_elasticsearch_enabled: false
filebeat_output_elasticsearch_hosts: filebeat_output_elasticsearch_hosts:
- "localhost:9200" - "localhost:9200"
Whether to enable Elasticsearch output, and which hosts to send output to.
filebeat_output_logstash_enabled: true filebeat_output_logstash_enabled: true
filebeat_output_logstash_hosts: filebeat_output_logstash_hosts:
- "localhost:5000" - "192.168.212.158:5000"
Whether to enable Logstash output, and which hosts to send output to. filebeat_enable_logging: true
filebeat_log_level: debug
filebeat_enable_logging: false filebeat_log_dir: /var/log/mybeat
filebeat_log_level: warning filebeat_log_filename: mybeat.log
filebeat_log_dir: /var/log/filebeat
filebeat_log_filename: filebeat.log
Filebeat logging.
filebeat_ssl_dir: /etc/pki/logstash filebeat_ssl_dir: /etc/pki/logstash
The path where certificates and keyfiles will be stored.
filebeat_ssl_certificate_file: "" filebeat_ssl_certificate_file: ""
filebeat_ssl_key_file: "" filebeat_ssl_key_file: ""
Local paths to the SSL certificate and key files, which will be copied into the `filebeat_ssl_dir`.
For utmost security, you should use your own valid certificate and keyfile, and update the `filebeat_ssl_*` variables in your playbook to use your certificate.
To generate a self-signed certificate/key pair, you can use use the command:
$ sudo openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout filebeat.key -out filebeat.crt
Note that filebeat and logstash may not work correctly with self-signed certificates unless you also have the full chain of trust (including the Certificate Authority for your self-signed cert) added on your server. See: https://github.com/elastic/logstash/issues/4926#issuecomment-203936891
filebeat_ssl_insecure: "false" filebeat_ssl_insecure: "false"
```
Set this to `"true"` to allow the use of self-signed certificates (when a CA isn't available). License and copyright
---------------------
## Dependencies WAZUH Copyright (C) 2017 Wazuh Inc. (License GPLv3)
None. ### Based on previous work from geerlingguy
## License - https://github.com/geerlingguy/ansible-role-filebeat
MIT / BSD ### Modified by Wazuh
## Author Information The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem.
This role was created in 2016 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).
## Modified
The playbooks have been modified by Wazuh, Inc, including some specific requirements, templates and configuration for integrating Elastic Stack and Wazuh ecosystem.