afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
617ee157f8
wazuh-ansible-4.8.1/roles/wazuh/ansible-filebeat-oss/templates/filebeat.yml.j2
fcaffieri 617ee157f8
Add fix to avoid GLIBC crash
2022-07-06 17:40:40 -03:00

43 lines
1.0 KiB
Django/Jinja
Raw Blame History

# Wazuh - Filebeat configuration file
filebeat.modules:
- module: wazuh
alerts:
enabled: true
archives:
enabled: false
setup.template.json.enabled: true
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
setup.template.json.name: 'wazuh'
setup.template.overwrite: true
setup.ilm.enabled: false
# Send events directly to Wazuh indexer
output.elasticsearch:
hosts:
{% for item in filebeat_output_indexer_hosts %}
- {{ item }}:9200
{% endfor %}
{% if filebeat_security %}
username: {{ indexer_security_user }}
password: {{ indexer_security_password }}
protocol: https
ssl.certificate_authorities:
- {{ filebeat_ssl_dir }}/root-ca.pem
ssl.certificate: "{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}.pem"
ssl.key: "{{ filebeat_ssl_dir }}/{{ filebeat_node_name }}-key.pem"
{% endif %}
# Optional. Send events to Logstash instead of Wazuh indexer
#output.logstash.hosts: ["YOUR_LOGSTASH_SERVER_IP:5000"]
logging.metrics.enabled: false
seccomp:
default_action: allow
syscalls:
- action: allow
names:
- rseq
Reference in New Issue View Git Blame Copy Permalink