wazuh-ansible-4.8.1

afmarulanda/wazuh-ansible-4.8.1

History

Alberto Gonzalez 1996319b56 Update RMRedHat.yml		2017-07-19 17:19:19 -07:00
..
defaults	update wazuh-app verification version	2017-03-18 12:04:04 -04:00
handlers	first commit	2017-03-16 18:09:32 -04:00
meta	re-factoring	2017-07-19 20:54:45 +02:00
tasks	Update RMRedHat.yml	2017-07-19 17:19:19 -07:00
templates	update filebeat repository and documentation	2017-03-17 13:43:02 -04:00
tests	first commit	2017-03-16 18:09:32 -04:00
README.md	Filebeat role: Updating README.md	2017-07-12 19:25:06 -04:00

README.md

Ansible Role: Filebeat for ELK Stack

An Ansible Role that installs Filebeat, this can be used in conjunction with ansible-wazuh-manager.

Requirements

This role will work on:

Red Hat
CentOS
Fedora
Debian
Ubuntu

Role Variables

Available variables are listed below, along with default values (see defaults/main.yml):

  filebeat_create_config: true

  filebeat_prospectors:
    - input_type: log
      paths:
        - "/var/ossec/logs/alerts/alerts.json"
      document_type: json
      json.message_key: log
      json.keys_under_root: true
      json.overwrite_keys: true

  filebeat_output_elasticsearch_enabled: false
  filebeat_output_elasticsearch_hosts:
    - "localhost:9200"

  filebeat_output_logstash_enabled: true
  filebeat_output_logstash_hosts:
    - "192.168.212.158:5000"

  filebeat_enable_logging: true
  filebeat_log_level: debug
  filebeat_log_dir: /var/log/mybeat
  filebeat_log_filename: mybeat.log

  filebeat_ssl_dir: /etc/pki/logstash
  filebeat_ssl_certificate_file: ""
  filebeat_ssl_key_file: ""
  filebeat_ssl_insecure: "false"

License and copyright

Based on previous work from geerlingguy

https://github.com/geerlingguy/ansible-role-filebeat

Modified by Wazuh

The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem.