lean_delivery.winlogbeat

Panoramica Versioni Approfondimenti

Winlogbeat Role

License Build Status Build Status Galaxy Ansible Ansible

Summary

This role:

  • Installs Winlogbeat on Windows.
  • Copies a pre-prepared configuration file (log path, connection to Elasticsearch, etc.).

Role Tasks

  • [Optional] Create folder(s) for custom paths.
  • Install Winlogbeat.
  • Copy the configuration file.

Requirements

  • Minimum Ansible version for installation: 2.8.
  • Supported OS:
    • Windows
      • 2016
      • 2019

Role Variables

You can change any variable below by using "variable: value" in the playbook.

  • winlogbeat_version: The main Winlogbeat branch to install. Default is 7.
  • winlogbeat_last_version: The specific Winlogbeat version to install. Default is 7.4.2.
  • winlogbeat_node_name: The name of the Winlogbeat node. Default is {{ inventory_hostname }}. The hostname is used if this option is not defined.
  • winlogbeat_ssl_enabled: Enables or disables SSL connection between Winlogbeat and Logstash/Elasticsearch. SSL options should be set like this:
  ssl:
    key: 'c:\tls\private\server.key'
    certificate: 'c:\tls\certs\server.pem'
    certificate_authorities: 'c:\CA\ca-root.pem'

The path section defines where Winlogbeat looks for its files. For instance, it looks for the Elasticsearch template file in the configuration path and writes log files in the logs path. By default, the paths for Windows are set as follows:

path:
  home: 'c:\program files\winlogbeat'
  config: 'c:\program files\winlogbeat'
  data: 'c:\programdata\winlogbeat'
  logs: 'c:\programdata\winlogbeat\logs'
  • win_download_path: Temporary directory for Windows to download and unzip the Winlogbeat package. Default is '{{ ansible_env.TEMP }}/winlogbeat'.

Output Customization

  • winlogbeat_output: Configures where to send data (elasticsearch or logstash). Default is elasticsearch.

For Elasticsearch:

  • elasticsearch.host: List of hosts to connect to. Default is localhost.
  • elasticsearch.port: Custom port. Default is 9200.

For Logstash:

  • logstash.host: List of hosts to connect to. Default is localhost.
  • logstash.port: Custom port. Default is 5044.

Advanced Config Parameters

The winlogbeat(systemd)\initd section defines which init script will manage the Winlogbeat service based on the OS type.

  • winlogbeat_service_name: Name of the nssm/init script managing the Winlogbeat service.
  • winlogbeat_bulk_max_size: Maximum number of events in a single Logstash request. Default is 500.
  • winlogbeat_worker: Number of workers for each Elasticsearch host. Default is 1.
  • winlogbeat_logging_to_syslog: Sends all logging output to syslog. Default is false.
  • winlogbeat_logging_to_files: Sends all logging output to rotating files. Default is true.
  • winlogbeat_rotateeverybytes: Log file size limit. Default is 104857600 (100MB).
  • winlogbeat_keepfiles: Number of log files to keep. Default is 30.
  • winlogbeat_ignore_older: Logs older than this value will be ignored. Default is 0 (disabled).
  • winlogbeat_logname: Name of the log files. Default is "winlogbeat.log".

Dependencies

  • ca-cert (required only for installations with SSL).

Example Playbook

Installing Winlogbeat 7.x version:

- name: Install Winlogbeat
  hosts: all
  roles:
    - role: lean_delivery.winlogbeat

License

Apache

Author Information

Authors:

Informazioni sul progetto

Ansible role for installing Winlogbeat.

role elasticsearch elk logging monitoring system winlogbeat
Installa
ansible-galaxy install lean_delivery.winlogbeat
GitHub repository
3 stelle
3 fork
2 problemi aperti
Licenza
apache-2.0
Download
1.2k
Proprietario
Lean Delivery
Simplify by using!