Update to 2021-12-01 19:13

2025-07-27 00:05:44 +02:00 · 2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
--- a/roles/filebeat/templates/ansible_inputs.d/system_specific.yml.j2
+++ b/roles/filebeat/templates/ansible_inputs.d/system_specific.yml.j2
@@ -0,0 +1,13 @@
+- type: log
+  enabled: True
+  paths:
+{% if ansible_os_family == 'RedHat' %}
+    - /var/log/yum.log
+{% elif ansible_os_family == 'Debian' %}
+    - /var/log/dpkg.log
+    - /var/log/apt/*.log
+    - /var/log/alternatives.log
+{% endif %}
+  exclude_files:
+    - '\.[gx]z$'
+    - '\d+$'
--- a/roles/filebeat/templates/ansible_modules.d/auditd.yml.j2
+++ b/roles/filebeat/templates/ansible_modules.d/auditd.yml.j2
@@ -0,0 +1,7 @@
+- module: auditd
+  log:
+    enabled: True
+    input:
+      exclude_files:
+        - '\.[xg]z$'
+        - '\d+$'
--- a/roles/filebeat/templates/ansible_modules.d/system.yml.j2
+++ b/roles/filebeat/templates/ansible_modules.d/system.yml.j2
@@ -0,0 +1,9 @@
+{% if ansible_service_mgr == 'systemd' %}
+# We use journalbeat on systemd based systems
+{% else %}
+- module: system
+  syslog:
+    enabled: True
+  auth:
+    enabled: True
+{% endif %}
--- a/roles/filebeat/templates/filebeat.service.j2
+++ b/roles/filebeat/templates/filebeat.service.j2
@@ -0,0 +1,14 @@
+[Unit]
+Description=Filebeat sends log files to Logstash or directly to Elasticsearch.
+Documentation=https://www.elastic.co/products/beats/filebeat
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Environment="BEAT_CONFIG_OPTS=-c /etc/filebeat/filebeat.yml"
+Environment="BEAT_PATH_OPTS=-path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat"
+ExecStart=/usr/share/filebeat/bin/filebeat $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/filebeat/templates/filebeat.yml.j2
+++ b/roles/filebeat/templates/filebeat.yml.j2
@@ -0,0 +1,41 @@
+fields:
+  source: {{ inventory_hostname }}
+fields_under_root: True
+logging.files:
+  rotateeverybytes: 5242880
+  keepfiles: 2
+filebeat.config.inputs:
+  path: /etc/filebeat/ansible_inputs.d/*.yml
+  reload.enabled: True
+  reload.period: 30s
+filebeat.config.modules:
+  path: /etc/filebeat/ansible_modules.d/*.yml
+  reload.enabled: True
+  reload.period: 30s
+processors:
+  - add_host_metadata: ~
+  - add_cloud_metadata: ~
+output.{{ filebeat_output_type }}:
+  hosts:
+{% for host in filebeat_output_hosts %}
+    - {{ host }}
+{% endfor %}
+{% if filebeat_output_ssl is defined %}
+  ssl: 
+{% if filebeat_output_ssl.enabled is defined %}
+    enabled: {{ filebeat_output_ssl.enabled }}
+{% endif %}
+{% if filebeat_output_ssl.cert_authorities is defined %}
+    certificate_authorities:
+{% for ca in filebeat_output_ssl.cert_authorities %}
+      - {{ ca }}
+{% endfor %}
+{% endif %}
+{% if filebeat_output_ssl.client_cert is defined and filebeat_output_ssl.client_key is defined %}
+    certificate: {{ filebeat_output_ssl.client_cert }}
+    key: {{ filebeat_output_ssl.client_key }}
+{% endif %}
+{% if filebeat_output_ssl.client_key_passphrase is defined %}
+    key_passphrase: {{ filebeat_output_ssl.client_key_passphrase | quote }}
+{% endif %}
+{% endif %}
--- a/roles/filebeat/templates/journalbeat.service.j2
+++ b/roles/filebeat/templates/journalbeat.service.j2
@@ -0,0 +1,14 @@
+[Unit]
+Description=Journalbeat ships systemd journal entries to Elasticsearch or Logstash.
+Documentation=https://www.elastic.co/products/beats/journalbeat
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Environment="BEAT_CONFIG_OPTS=-c /etc/journalbeat/journalbeat.yml"
+Environment="BEAT_PATH_OPTS=-path.home /usr/share/journalbeat -path.config /etc/journalbeat -path.data /var/lib/journalbeat -path.logs /var/log/journalbeat"
+ExecStart=/usr/share/journalbeat/bin/journalbeat $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/filebeat/templates/journalbeat.yml.j2
+++ b/roles/filebeat/templates/journalbeat.yml.j2
@@ -0,0 +1,34 @@
+fields:
+  source: {{ inventory_hostname }}
+fields_under_root: True
+logging.files:
+  rotateeverybytes: 5242880
+  keepfiles: 2
+journalbeat.inputs:
+  - paths: []
+    seek: cursor
+    cursor_seek_fallback: tail
+output.{{ filebeat_output_type }}:
+  hosts:
+{% for host in filebeat_output_hosts %}
+    - {{ host }}
+{% endfor %}
+{% if filebeat_output_ssl is defined %}
+  ssl:
+{% if filebeat_output_ssl.enabled is defined %}
+    enabled: {{ filebeat_output_ssl.enabled }}
+{% endif %}
+{% if filebeat_output_ssl.cert_authorities is defined %}
+    certificate_authorities:
+{% for ca in filebeat_output_ssl.cert_authorities %}
+      - {{ ca }}
+{% endfor %}
+{% endif %}
+{% if filebeat_output_ssl.client_cert is defined and filebeat_output_ssl.client_key is defined %}
+    certificate: {{ filebeat_output_ssl.client_cert }}
+    key: {{ filebeat_output_ssl.client_key }}
+{% endif %}
+{% if filebeat_output_ssl.client_key_passphrase is defined %}
+    key_passphrase: {{ filebeat_output_ssl.client_key_passphrase | quote }}
+{% endif %}
+{% endif %}