CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-23 02:38:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

https://github.com/Security-Onion-Solutions/securityonion/issues/404

Browse Source
This commit is contained in:
m0duspwnens
2020-07-09 11:27:06 -04:00
parent 2c32c24bf0
commit 3cf31e2460
134 changed files with 609 additions and 609 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/filebeat/etc/filebeat.yml
+6 -6
View File
@@ -1,7 +1,7 @@
{%- if grains.role == 'so-heavynode' %}
{%- set MASTER = salt['pillar.get']('sensor:mainip' '') %}
{%- set MANAGER = salt['pillar.get']('sensor:mainip' '') %}
{%- else %}
{%- set MASTER = grains['master'] %}
{%- set MANAGER = grains['manager'] %}
{%- endif %}
@@ -9,7 +9,7 @@
{%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %}
{%- set WAZUHENABLED = salt['pillar.get']('static:wazuh', '0') %}
{%- set STRELKAENABLED = salt['pillar.get']('strelka:enabled', '0') %}
{%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
{%- set FLEETMANAGER = salt['pillar.get']('static:fleet_manager', False) -%}
{%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
name: {{ HOSTNAME }}
@@ -214,7 +214,7 @@ filebeat.inputs:
{%- endif %}
{%- if FLEETMASTER or FLEETNODE %}
{%- if FLEETMANAGER or FLEETNODE %}
- type: log
paths:
@@ -252,7 +252,7 @@ output.{{ type }}:
{%- if grains['role'] == "so-eval" %}
output.elasticsearch:
enabled: true
hosts: ["{{ MASTER }}:9200"]
hosts: ["{{ MANAGER }}:9200"]
pipelines:
- pipeline: "%{[module]}.%{[dataset]}"
indices:
@@ -280,7 +280,7 @@ output.logstash:
enabled: true
# The Logstash hosts
hosts: ["{{ MASTER }}:5644"]
hosts: ["{{ MANAGER }}:5644"]
# Number of workers per Logstash host.
#worker: 1
salt/filebeat/init.sls
+4 -4
View File
@@ -12,8 +12,8 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set MASTERIP = salt['pillar.get']('static:masterip', '') %}
{% set MANAGER = salt['grains.get']('manager') %}
{% set MANAGERIP = salt['pillar.get']('static:managerip', '') %}
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
{% if FEATURES %}
{% set FEATURES = "-features" %}
@@ -51,10 +51,10 @@ filebeatconfsync:
OUTPUT: {{ salt['pillar.get']('filebeat:config:output', {}) }}
so-filebeat:
docker_container.running:
- image: {{ MASTER }}:5000/soshybridhunter/so-filebeat:{{ VERSION }}{{ FEATURES }}
- image: {{ MANAGER }}:5000/soshybridhunter/so-filebeat:{{ VERSION }}{{ FEATURES }}
- hostname: so-filebeat
- user: root
- extra_hosts: {{ MASTER }}:{{ MASTERIP }}
- extra_hosts: {{ MANAGER }}:{{ MANAGERIP }}
- binds:
- /nsm:/nsm:ro
- /opt/so/log/filebeat:/usr/share/filebeat/logs:rw