diff --git a/salt/common/tools/sbin/so-elastalert-create b/salt/common/tools/sbin/so-elastalert-create index 683b53ed1..56e1a5a25 100755 --- a/salt/common/tools/sbin/so-elastalert-create +++ b/salt/common/tools/sbin/so-elastalert-create @@ -145,9 +145,9 @@ EOF rulename=$(echo ${raw_rulename,,} | sed 's/ /_/g') cat << EOF >> "$rulename.yaml" -# Elasticsearch Host -es_host: elasticsearch -es_port: 9200 +# Elasticsearch Host Override (optional) +# es_host: elasticsearch +# es_port: 9200 # (Required) # Rule name, must be unique diff --git a/salt/common/tools/sbin/so-filebeat-module-setup b/salt/common/tools/sbin/so-filebeat-module-setup index 7a6ae7446..4f9811ca7 100755 --- a/salt/common/tools/sbin/so-filebeat-module-setup +++ b/salt/common/tools/sbin/so-filebeat-module-setup @@ -31,7 +31,7 @@ echo -n "Waiting for ElasticSearch..." COUNT=0 ELASTICSEARCH_CONNECTED="no" while [[ "$COUNT" -le 240 ]]; do - curl -k --output /dev/null --silent --head --fail -L https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT" + {{ ELASTICCURL }} -k --output /dev/null --silent --head --fail -L https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT" if [ $? -eq 0 ]; then ELASTICSEARCH_CONNECTED="yes" echo "connected!" @@ -48,8 +48,8 @@ if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then echo fi echo "Testing to see if the pipelines are already applied" -ESVER=$(curl -sk https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT" |jq .version.number |tr -d \") -PIPELINES=$(curl -sk https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT"/_ingest/pipeline/filebeat-$ESVER-suricata-eve-pipeline | jq . | wc -c) +ESVER=$({{ ELASTICCURL }} -sk https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT" |jq .version.number |tr -d \") +PIPELINES=$({{ ELASTICCURL }} -sk https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT"/_ingest/pipeline/filebeat-$ESVER-suricata-eve-pipeline | jq . | wc -c) if [[ "$PIPELINES" -lt 5 ]]; then echo "Setting up ingest pipeline(s)" diff --git a/salt/filebeat/etc/module-setup.yml b/salt/filebeat/etc/module-setup.yml index 431e432b3..35fbf5fbe 100644 --- a/salt/filebeat/etc/module-setup.yml +++ b/salt/filebeat/etc/module-setup.yml @@ -3,8 +3,12 @@ {%- else %} {%- set MANAGER = salt['grains.get']('master') %} {%- endif %} +{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_beats_user:user', '') %} +{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_beats_user:pass', '') %} output.elasticsearch: enabled: true hosts: ["https://{{ MANAGER }}:9200"] + username: "{{ ES_USER }}" + password: "{{ ES_PASS }}" ssl.certificate_authorities: ["/usr/share/filebeat/intraca.crt"]