CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Move In Day

Browse Source
This commit is contained in:
Mike Reeves
2022-09-07 09:06:25 -04:00
parent dcb7b49dbe
commit 2bd9dd80e2
611 changed files with 8015 additions and 16211 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/telegraf/etc/telegraf.conf
+5 -13
View File
@@ -16,7 +16,7 @@
{%- set MANAGER = salt['grains.get']('master') %}
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %}
{%- set NODEIP = salt['pillar.get']('host:mainip', '') %}
{%- set HELIX_API_KEY = salt['pillar.get']('fireeye:helix:api_key', '') %}
{%- set UNIQUEID = salt['pillar.get']('sensor:uniqueid', '') %}
{%- set TRUE_CLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %}
@@ -628,19 +628,15 @@
[[inputs.elasticsearch]]
servers = ["https://{{ MANAGER }}:9200"]
cluster_stats = true
{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
username = "{{ ES_USER }}"
password = "{{ ES_PASS }}"
{%- endif %}
insecure_skip_verify = true
{%- elif grains['role'] in ['so-node', 'so-hotnode', 'so-warmnode', 'so-heavynode'] %}
{%- elif grains['role'] in ['so-searchnode', 'so-hotnode', 'so-warmnode', 'so-heavynode'] %}
[[inputs.elasticsearch]]
servers = ["https://{{ NODEIP }}:9200"]
cluster_stats = true
{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
username = "{{ ES_USER }}"
password = "{{ ES_PASS }}"
{%- endif %}
insecure_skip_verify = true
{%- endif %}
@@ -677,14 +673,12 @@
# ## Use TLS but skip chain & host verification
# # insecure_skip_verify = false
{% if grains.role in ['so-node','so-standalone','so-manager', 'so-managersearch', 'so-heavynode', 'so-receiver'] -%}
{% if grains.role in ['so-searchnode','so-standalone','so-manager', 'so-managersearch', 'so-heavynode', 'so-receiver'] -%}
[[inputs.logstash]]
url = "http://localhost:9600"
collect = ["pipelines"]
{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
username = "{{ salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:user') }}"
password = "{{ salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass') }}"
{%- endif %}
{%- endif %}
{# if grains.role in ['so-eval','so-standalone','so-manager', 'so-managersearch', 'so-heavynode', 'so-receiver'] -%}
@@ -692,14 +686,12 @@
servers = ["tcp://localhost:6379"]
{%- endif #}
{%- if grains.role in ['so-node', 'so-sensor', 'so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-heavynode'] %}
{%- if grains.role in ['so-searchnode', 'so-sensor', 'so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-heavynode'] %}
[[inputs.beat]]
url = "http://127.0.0.1:5066"
include = ["filebeat", "libbeat"]
{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
username = "{{ salt['pillar.get']('elasticsearch:auth:users:so_beats_user:user') }}"
password = "{{ salt['pillar.get']('elasticsearch:auth:users:so_beats_user:pass') }}"
{%- endif %}
{%- endif %}
# # Read metrics from one or more commands that can output to stdout
@@ -735,7 +727,7 @@
data_format = "influx"
## Timeout for each command to complete.
timeout = "15s"
{% elif grains['role'] in ['so-node', 'so-receiver'] %}
{% elif grains['role'] in ['so-searchnode', 'so-receiver'] %}
[[inputs.exec]]
commands = [
"/scripts/eps.sh",