安全审计>> ansible-role-elk-filebeat>> 返回
项目作者: jpnewman

项目描述 :
Ansible Role ELK - Filebeat
高级语言:
项目地址: git://github.com/jpnewman/ansible-role-elk-filebeat.git
创建时间: 2016-05-10T00:41:43Z
项目社区:https://github.com/jpnewman/ansible-role-elk-filebeat
开源协议:MIT License
下载


jpnewman.elk-filebeat

Ansible Role
Build Status

This Ansible role installs elastic Filebeat

Requirements

Ansible 2.x

Role Variables

Variable Description Default
libpcap_package ‘libpcap0.8’
filebeat_version 5.3.0
filebeat_version_check 5.3.0
filebeat_platform amd64
filebeat_apt_package_name "filebeat-{{ filebeat_version }}-{{ filebeat_platform }}.deb"
filebeat_download_url "https://artifacts.elastic.co/downloads/beats/filebeat/{{ filebeat_apt_package_name }}"
filebeat_elasticsearch_output false
filebeat_elasticsearch_host ‘localhost:9200’
filebeat_logstash_output true
filebeat_logstash_host ‘localhost:5044’
filebeat_logstash_proxy
filebeat_logstash_proxy_use_local_resolver
ssl_cert_local_directory files/certs
ssl_cert_directory /etc/pki/tls/certs
ssl_cert logstash-forwarder.crt
certificate_authorities ‘[“/etc/pki/tls/certs/logstash-forwarder.crt”]’
apt_cache_valid_time 600
geoip_database_extracted_filename GeoLite2-City.mmdb
geoip_database_url_filename "{{ geoip_database_extracted_filename }}.gz"
geoip_database_url "http://geolite.maxmind.com/download/geoip/database/{{ geoip_database_url_filename }}"
geoip_database_paths /usr/share/GeoIP/{{ geoip_database_extracted_filename }}
/usr/local/var/GeoIP/{{ geoip_database_extracted_filename }}
prospectors Contains a list of ‘prospector’ classes
‘prospector’ class variables Description
id Id of prospector
paths Contains a list of ‘path’ classes
type prospector type
‘path’ class variables Description
log_paths Contains a list of log file paths

e.g.

  1. prospectors:
  2.   - id: syslog
  3.     paths:
  4.     - log_paths:
  5.         - /var/log/syslog
  6.         - /var/log/auth.log
  7.       document_type: syslog
  8.     type: syslog
  10.   - id: varlog
  11.     paths:
  12.     - log_paths:
  13.         - /var/log/*.log
  14.       exclude_files:
  15.         - "^syslog$"
  16.         - "^auth.log$"
  17.         - "^filebeat.log.*$"
  18.         - "^topbeat.log.*$"
  19.       document_type: log

Dependencies

none

Example Playbook

  1. - hosts: servers
  2.   roles:
  3.      - { role: jpnewman.elk-filebeat, tags: ["filebeat"] }

Testing

For more information on testing the template review readme ./tests/templates/README.md

License

MIT / BSD

Author Information

John Paul Newman