58 lines
1.5 KiB
YAML
58 lines
1.5 KiB
YAML
---
|
|
filebeat_version: 7.9.2
|
|
|
|
wazuh_template_branch: v4.0.0
|
|
|
|
filebeat_create_config: true
|
|
|
|
filebeat_prospectors:
|
|
- input_type: log
|
|
paths:
|
|
- "/var/ossec/logs/alerts/alerts.json"
|
|
document_type: json
|
|
json.message_key: log
|
|
json.keys_under_root: true
|
|
json.overwrite_keys: true
|
|
|
|
filebeat_node_name: node-1
|
|
|
|
filebeat_output_elasticsearch_enabled: false
|
|
filebeat_output_elasticsearch_hosts:
|
|
- "localhost:9200"
|
|
|
|
filebeat_enable_logging: true
|
|
filebeat_log_level: debug
|
|
filebeat_log_dir: /var/log/mybeat
|
|
filebeat_log_filename: mybeat.log
|
|
filebeat_ssl_dir: /etc/pki/filebeat
|
|
filebeat_ssl_certificate_file: ""
|
|
filebeat_ssl_insecure: "false"
|
|
|
|
filebeat_module_package_url: https://packages.wazuh.com/3.x/filebeat
|
|
filebeat_module_package_name: wazuh-filebeat-0.1.tar.gz
|
|
filebeat_module_package_path: /tmp/
|
|
filebeat_module_destination: /usr/share/filebeat/module
|
|
filebeat_module_folder: /usr/share/filebeat/module/wazuh
|
|
|
|
# Xpack Security
|
|
filebeat_xpack_security: false
|
|
|
|
elasticsearch_xpack_security_user: elastic
|
|
elasticsearch_xpack_security_password: elastic_pass
|
|
|
|
node_certs_generator : false
|
|
node_certs_source: /usr/share/elasticsearch
|
|
node_certs_destination: /etc/filebeat/certs
|
|
|
|
|
|
# CA Generation
|
|
master_certs_path: "{{ playbook_dir }}/es_certs"
|
|
generate_CA: true
|
|
ca_cert_name: ""
|
|
|
|
elasticrepo:
|
|
apt: 'https://artifacts.elastic.co/packages/7.x/apt'
|
|
yum: 'https://artifacts.elastic.co/packages/7.x/yum'
|
|
gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
|
|
key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
|