Aisbergg.beats
Ansible Role: aisbergg.beats
This Ansible role installs and sets up various Beats data shippers from the official beats family. The following Beats are supported:
Requirements
None.
Role Variables
Variable | Default | Description |
---|---|---|
beats_manage_repository |
true |
Manage the Elastic Beat package repository. |
beats_rhel_repo_url |
https://artifacts.elastic.co/packages/7.x/yum |
URL for RPM repository for installation |
beats_debian_repo_url |
https://artifacts.elastic.co/packages/7.x/apt |
URL for APT repository for installation |
auditbeat_install_state |
absent |
Installation status of Auditbeat (present , latest , absent ) |
auditbeat_service_enabled |
false |
Enable the Auditbeat Service to start at boot |
auditbeat_service_state |
stopped |
Current state of the Auditbeat Service (started , stopped , restarted ) |
auditbeat_service_restart_on_change |
true |
Restart service if configuration changes. |
filebeat_install_state |
absent |
Installation status of Filebeat (present , latest , absent ) |
filebeat_service_enabled |
false |
Enable the Filebeat Service to start at boot |
filebeat_service_state |
stopped |
Current state of the Filebeat Service |
filebeat_service_restart_on_change |
true |
Restart service if configuration changes. |
functionbeat_install_state |
absent |
Installation status of Functionbeat |
functionbeat_service_enabled |
false |
Enable the Functionbeat Service to start at boot |
functionbeat_service_state |
stopped |
Current state of the Functionbeat Service |
functionbeat_service_restart_on_change |
true |
Restart service if configuration changes. |
heartbeat_install_state |
absent |
Installation status of Heartbeat |
heartbeat_service_enabled |
false |
Enable the Heartbeat Service to start at boot |
heartbeat_service_state |
stopped |
Current state of the Heartbeat Service |
heartbeat_service_restart_on_change |
true |
Restart service if configuration changes. |
metricbeat_install_state |
absent |
Installation status of Metricbeat |
metricbeat_service_enabled |
false |
Enable the Metricbeat Service to start at boot |
metricbeat_service_state |
stopped |
Current state of the Metricbeat Service |
metricbeat_service_restart_on_change |
true |
Restart service if configuration changes. |
packetbeat_install_state |
absent |
Installation status of Packetbeat |
packetbeat_service_enabled |
false |
Enable the Packetbeat Service to start at boot |
packetbeat_service_state |
stopped |
Current state of the Packetbeat Service |
packetbeat_service_restart_on_change |
true |
Restart service if configuration changes. |
auditbeat_config |
{} |
Configuration for Auditbeat. (Reference) |
filebeat_config |
{} |
Configuration for Filebeat. (Reference) |
functionbeat_config |
{} |
Configuration for Functionbeat. (Reference) |
heartbeat_config |
{} |
Configuration for Heartbeat. (Reference) |
metricbeat_config |
{} |
Configuration for Metricbeat. (Reference) |
packetbeat_config |
{} |
Configuration for Packetbeat. (Reference) |
Dependencies
None.
Example Playbook
- hosts: all
vars:
# install and manage the Auditbeat service
auditbeat_install_state: present
auditbeat_service_enabled: true
auditbeat_service_state: started
auditbeat_config:
# send logs to a central log collector
output.logstash:
hosts:
- graylog1.example.org:5555
- graylog2.example.org:5555
loadbalance: true
slow_start: true
logging.level: warning
logging.to_files: false
logging.metrics.enabled: false
auditbeat.modules:
# Auditd module
- module: auditd
resolve_ids: true
failure_mode: silent
backlog_limit: 8196
rate_limit: 0
include_raw_message: false
include_warnings: false
audit_rule_files: [ '${path.config}/audit.rules.d/*.conf' ]
audit_rules: |
# Self Auditing
-w /var/log/audit/ -k auditlog
...
# File Integrity module
- module: file_integrity
paths:
- /bin
- /usr/bin
- /sbin
- /usr/sbin
- /etc
exclude_files:
- '(?i)\.sw[nop]$'
- '~$'
...
scan_at_start: true
scan_rate_per_sec: 50 MiB
max_file_size: 300 MiB
hash_types: [blake2b_256]
recursive: true
# System module
- module: system
datasets:
- package # Installed, updated, and removed packages
period: 30m # Frequency for checking changes
roles:
- aisbergg.beats
License
MIT
Author Information
Andre Lehmann (aisberg@posteo.de)
Informazioni sul progetto
Install and configure Beats from the official Elastic Beats family.
Installa
ansible-galaxy install Aisbergg.beats
Licenza
mit
Download
3.2k
Proprietario
DevOps, Go, Python, Bash, Ansible, Docker, GitLab-CI, Linux, MariaDB, PostgreSQL, Open Source, Communication Design, Running