afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Filebeat role: Updating README.md

Browse Source
This commit is contained in:
Miguelangel Freitas 2017-07-12 19:16:21 -04:00
parent 407451f1d2
commit e6c26964c6
1 changed files with 45 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
ansible-role-filebeat/README.md
View File

@ -1,77 +1,63 @@
# Ansible Role: Filebeat for ELK Stack
Ansible Role: Filebeat for ELK Stack
------------------------------------
An Ansible Role that installs [Filebeat](https://www.elastic.co/products/beats/filebeat) on RedHat/CentOS or Debian/Ubuntu.
An Ansible Role that installs [Filebeat](https://www.elastic.co/products/beats/filebeat), this can be used in conjunction with [ansible-wazuh-manager](https://github.com/wazuh/wazuh-ansible/ansible-wazuh-server).
## Requirements
Requirements
------------
None.
This role will work on:
* Red Hat
* CentOS
* Fedora
* Debian
* Ubuntu
## Role Variables
Role Variables
--------------
Available variables are listed below, along with default values (see `defaults/main.yml`):
```
filebeat_create_config: true
Whether to create the Filebeat configuration file and handle the copying of SSL key and cert for filebeat. If you prefer to create a configuration file yourself you can set this to `false`.
filebeat_prospectors:
- input_type: log
paths:
- "/var/log/*.log"
Prospectors that will be listed in the `prospectors` section of the Filebeat configuration. Read through the [Filebeat Prospectors configuration guide](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html) for more options.
- "/var/ossec/logs/alerts/alerts.json"
document_type: json
json.message_key: log
json.keys_under_root: true
json.overwrite_keys: true
filebeat_output_elasticsearch_enabled: false
filebeat_output_elasticsearch_hosts:
- "localhost:9200"
Whether to enable Elasticsearch output, and which hosts to send output to.
filebeat_output_logstash_enabled: true
filebeat_output_logstash_hosts:
- "localhost:5000"
- "192.168.212.158:5000"
Whether to enable Logstash output, and which hosts to send output to.
filebeat_enable_logging: false
filebeat_log_level: warning
filebeat_log_dir: /var/log/filebeat
filebeat_log_filename: filebeat.log
Filebeat logging.
filebeat_enable_logging: true
filebeat_log_level: debug
filebeat_log_dir: /var/log/mybeat
filebeat_log_filename: mybeat.log
filebeat_ssl_dir: /etc/pki/logstash
The path where certificates and keyfiles will be stored.
filebeat_ssl_certificate_file: ""
filebeat_ssl_key_file: ""
Local paths to the SSL certificate and key files, which will be copied into the `filebeat_ssl_dir`.
For utmost security, you should use your own valid certificate and keyfile, and update the `filebeat_ssl_*` variables in your playbook to use your certificate.
To generate a self-signed certificate/key pair, you can use use the command:
$ sudo openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout filebeat.key -out filebeat.crt
Note that filebeat and logstash may not work correctly with self-signed certificates unless you also have the full chain of trust (including the Certificate Authority for your self-signed cert) added on your server. See: https://github.com/elastic/logstash/issues/4926#issuecomment-203936891
filebeat_ssl_insecure: "false"
```
Set this to `"true"` to allow the use of self-signed certificates (when a CA isn't available).
License and copyright
---------------------
## Dependencies
WAZUH Copyright (C) 2017 Wazuh Inc. (License GPLv3)
None.
### Based on previous work from geerlingguy
## License
- https://github.com/geerlingguy/ansible-role-filebeat
MIT / BSD
### Modified by Wazuh
## Author Information
This role was created in 2016 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).
## Modified
The playbooks have been modified by Wazuh, Inc, including some specific requirements, templates and configuration for integrating Elastic Stack and Wazuh ecosystem.
The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem.