Aisbergg.beats

Panoramica Versioni Approfondimenti

Ansible Role: aisbergg.beats

This Ansible role installs and sets up various Beats data shippers from the official beats family. The following Beats are supported:

Requirements

None.

Role Variables

Variable Default Description
beats_manage_repository true Manage the Elastic Beat package repository.
beats_rhel_repo_url https://artifacts.elastic.co/packages/7.x/yum URL for RPM repository for installation
beats_debian_repo_url https://artifacts.elastic.co/packages/7.x/apt URL for APT repository for installation
auditbeat_install_state absent Installation status of Auditbeat (present, latest, absent)
auditbeat_service_enabled false Enable the Auditbeat Service to start at boot
auditbeat_service_state stopped Current state of the Auditbeat Service (started, stopped, restarted)
auditbeat_service_restart_on_change true Restart service if configuration changes.
filebeat_install_state absent Installation status of Filebeat (present, latest, absent)
filebeat_service_enabled false Enable the Filebeat Service to start at boot
filebeat_service_state stopped Current state of the Filebeat Service
filebeat_service_restart_on_change true Restart service if configuration changes.
functionbeat_install_state absent Installation status of Functionbeat
functionbeat_service_enabled false Enable the Functionbeat Service to start at boot
functionbeat_service_state stopped Current state of the Functionbeat Service
functionbeat_service_restart_on_change true Restart service if configuration changes.
heartbeat_install_state absent Installation status of Heartbeat
heartbeat_service_enabled false Enable the Heartbeat Service to start at boot
heartbeat_service_state stopped Current state of the Heartbeat Service
heartbeat_service_restart_on_change true Restart service if configuration changes.
metricbeat_install_state absent Installation status of Metricbeat
metricbeat_service_enabled false Enable the Metricbeat Service to start at boot
metricbeat_service_state stopped Current state of the Metricbeat Service
metricbeat_service_restart_on_change true Restart service if configuration changes.
packetbeat_install_state absent Installation status of Packetbeat
packetbeat_service_enabled false Enable the Packetbeat Service to start at boot
packetbeat_service_state stopped Current state of the Packetbeat Service
packetbeat_service_restart_on_change true Restart service if configuration changes.
auditbeat_config {} Configuration for Auditbeat. (Reference)
filebeat_config {} Configuration for Filebeat. (Reference)
functionbeat_config {} Configuration for Functionbeat. (Reference)
heartbeat_config {} Configuration for Heartbeat. (Reference)
metricbeat_config {} Configuration for Metricbeat. (Reference)
packetbeat_config {} Configuration for Packetbeat. (Reference)

Dependencies

None.

Example Playbook

- hosts: all
  vars:
    # install and manage the Auditbeat service
    auditbeat_install_state: present
    auditbeat_service_enabled: true
    auditbeat_service_state: started

    auditbeat_config:
      # send logs to a central log collector
      output.logstash:
        hosts:
          - graylog1.example.org:5555
          - graylog2.example.org:5555
        loadbalance: true
        slow_start: true

      logging.level: warning
      logging.to_files: false
      logging.metrics.enabled: false

      auditbeat.modules:
        # Auditd module
        - module: auditd
          resolve_ids: true
          failure_mode: silent
          backlog_limit: 8196
          rate_limit: 0
          include_raw_message: false
          include_warnings: false
          audit_rule_files: [ '${path.config}/audit.rules.d/*.conf' ]
          audit_rules: |
            # Self Auditing 
            -w /var/log/audit/ -k auditlog
            ...

        # File Integrity module
        - module: file_integrity
          paths:
            - /bin
            - /usr/bin
            - /sbin
            - /usr/sbin
            - /etc
          exclude_files:
            - '(?i)\.sw[nop]$'
            - '~$'
            ...
          scan_at_start: true
          scan_rate_per_sec: 50 MiB
          max_file_size: 300 MiB
          hash_types: [blake2b_256]
          recursive: true

        # System module
        - module: system
          datasets:
            - package # Installed, updated, and removed packages
          period: 30m # Frequency for checking changes

  roles:
    - aisbergg.beats

License

MIT

Author Information

Andre Lehmann (aisberg@posteo.de)

Informazioni sul progetto

Install and configure Beats from the official Elastic Beats family.

role beats
Installa
ansible-galaxy install Aisbergg.beats
GitHub repository
0 stelle
0 fork
0 problemi aperti
Licenza
mit
Download
3.2k
Proprietario
Andre Lehmann
DevOps, Go, Python, Bash, Ansible, Docker, GitLab-CI, Linux, MariaDB, PostgreSQL, Open Source, Communication Design, Running