CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-23 09:23:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

so defaults filebeat modules

Browse Source
This commit is contained in:
m0duspwnens
2021-05-25 16:40:50 -04:00
parent 1e564c2140
commit 2aacd5b9b6
4 changed files with 30 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
salt/filebeat/etc/module_config.yml.jinja Normal file
View File

@@ -0,0 +1,16 @@
# DO NOT EDIT THIS FILE
{% for module in MODULES.modules.keys() %}
- module: {{ module }}
{%- for fileset in MODULES.modules[module] %}
{{ fileset }}:
enabled: {{ MODULES.modules[module][fileset].enabled }}
{#- only manage the settings if the fileset is enabled #}
{%- if MODULES.modules[module][fileset].enabled %}
{%- for var, value in MODULES.modules[module][fileset].items() %}
{%- if var|lower != 'enabled' %}
{{ var }}: {{ value }}
{%- endif %}
{%- endfor %}
{%- endif %}
{%- endfor %}
{% endfor %}

16
salt/filebeat/etc/thirdparty.yml.jinja
View File

@@ -1,16 +0,0 @@
# DO NOT EDIT THIS FILE
{% for module in THIRDPARTY.modules.keys() %}
- module: {{ module }}
{%- for fileset in THIRDPARTY.modules[module] %}
{{ fileset }}:
enabled: {{ THIRDPARTY.modules[module][fileset].enabled }}
{#- only manage the settings if the fileset is enabled #}
{%- if THIRDPARTY.modules[module][fileset].enabled %}
{%- for var, value in THIRDPARTY.modules[module][fileset].items() %}
{%- if var|lower != 'enabled' %}
{{ var }}: {{ value }}
{%- endif %}
{%- endfor %}
{%- endif %}
{%- endfor %}
{% endfor %}

19
salt/filebeat/init.sls
View File

@@ -21,6 +21,7 @@
{% set MANAGER = salt['grains.get']('master') %} {% set MANAGER = salt['grains.get']('master') %}
{% set MANAGERIP = salt['pillar.get']('global:managerip', '') %} {% set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
{% from 'filebeat/map.jinja' import THIRDPARTY with context %} {% from 'filebeat/map.jinja' import THIRDPARTY with context %}
{% from 'filebeat/map.jinja' import SO with context %}
filebeatetcdir: filebeatetcdir:
@@ -78,21 +79,21 @@ filebeatmoduleconfsync:
- group: root - group: root
- template: jinja - template: jinja
# Sync Filebeat modules sodefaults_module_conf:
filebeatmodules: file.managed:
file.recurse: - name: /opt/so/conf/filebeat/etc/securityonion.yml
- name: /opt/so/conf/filebeat/modules - source: salt://filebeat/etc/module_config.yml.jinja
- source: salt://filebeat/modules - template: jinja
- user: root - defaults:
- group: root MODULES: {{ SO }}
thirdparty_module_conf: thirdparty_module_conf:
file.managed: file.managed:
- name: /opt/so/conf/filebeat/etc/thirdparty.yml - name: /opt/so/conf/filebeat/etc/thirdparty.yml
- source: salt://filebeat/etc/thirdparty.yml.jinja - source: salt://filebeat/etc/module_config.yml.jinja
- template: jinja - template: jinja
- defaults: - defaults:
THIRDPARTY: {{ THIRDPARTY }} MODULES: {{ THIRDPARTY }}
so-filebeat: so-filebeat:
docker_container.running: docker_container.running:

3
salt/filebeat/map.jinja
View File

@@ -1,2 +1,5 @@
{% import_yaml 'filebeat/thirdpartydefaults.yaml' as TPDEFAULTS %} {% import_yaml 'filebeat/thirdpartydefaults.yaml' as TPDEFAULTS %}
{% set THIRDPARTY = salt['pillar.get']('filebeat:third_party_filebeat', default=TPDEFAULTS.third_party_filebeat, merge=True) %} {% set THIRDPARTY = salt['pillar.get']('filebeat:third_party_filebeat', default=TPDEFAULTS.third_party_filebeat, merge=True) %}
{% import_yaml 'filebeat/securityoniondefaults.yaml' as SO %}
{#% set SO = salt['pillar.get']('filebeat:third_party_filebeat', default=SODEFAULTS.third_party_filebeat, merge=True) %#}