wazuh-ansible-4.8.1

afmarulanda/wazuh-ansible-4.8.1

History

Carlos Dominguez e6ba94d4b9 exception reload systemd task (#114 )		2018-12-20 17:58:55 +01:00
..
defaults	Restructure repository (#66 )	2018-10-04 12:40:10 +02:00
handlers	Restructure repository (#66 )	2018-10-04 12:40:10 +02:00
meta	Restructure repository (#66 )	2018-10-04 12:40:10 +02:00
tasks	exception reload systemd task (#114 )	2018-12-20 17:58:55 +01:00
templates	Restructure repository (#66 )	2018-10-04 12:40:10 +02:00
tests	Restructure repository (#66 )	2018-10-04 12:40:10 +02:00
README.md	Restructure repository (#66 )	2018-10-04 12:40:10 +02:00

README.md

Ansible Role: Filebeat for Elastic Stack

An Ansible Role that installs Filebeat, this can be used in conjunction with ansible-wazuh-manager.

Requirements

This role will work on:

Red Hat
CentOS
Fedora
Debian
Ubuntu

Role Variables

Available variables are listed below, along with default values (see defaults/main.yml):

  filebeat_create_config: true

  filebeat_prospectors:
    - input_type: log
      paths:
        - "/var/ossec/logs/alerts/alerts.json"
      document_type: json
      json.message_key: log
      json.keys_under_root: true
      json.overwrite_keys: true

  filebeat_output_elasticsearch_enabled: false
  filebeat_output_elasticsearch_hosts:
    - "localhost:9200"

  filebeat_output_logstash_enabled: true
  filebeat_output_logstash_hosts:
    - "192.168.212.158:5000"

  filebeat_enable_logging: true
  filebeat_log_level: debug
  filebeat_log_dir: /var/log/mybeat
  filebeat_log_filename: mybeat.log

  filebeat_ssl_dir: /etc/pki/logstash
  filebeat_ssl_certificate_file: ""
  filebeat_ssl_key_file: ""
  filebeat_ssl_insecure: "false"

License and copyright

Based on previous work from geerlingguy

https://github.com/geerlingguy/ansible-role-filebeat

Modified by Wazuh

The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem.