CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add Failover Support

Browse Source
This commit is contained in:
Josh Brower
2023-07-10 10:38:14 -04:00
parent 8c16feb772
commit 7805ca8beb
2 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/firewall/defaults.yaml
View File

@@ -731,7 +731,6 @@ firewall:
- yum - yum
- beats_5044 - beats_5044
- beats_5644 - beats_5644
- beats_5056
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
@@ -1159,6 +1158,9 @@ firewall:
chain: chain:
DOCKER-USER: DOCKER-USER:
hostgroups: hostgroups:
fleet:
portgroups:
- beats_5056
sensor: sensor:
portgroups: portgroups:
- beats_5044 - beats_5044

12
salt/logstash/pipelines/config/so/9806_output_lumberjack_fleet.conf.jinja
View File

@@ -1,3 +1,13 @@
{% set FAILOVER_LOGSTASH_NODES = [] %}
{% set node_data = salt['pillar.get']('logstash:nodes', {GLOBALS.role.split('-')[1]: {GLOBALS.hostname: {'ip': GLOBALS.node_ip}}}) %}
{% for node_type, node_details in node_data.items() | sort %}
{% if node_type not in ['heavynode', 'fleet', 'searchnode'] %}
{% for hostname in node_data[node_type].keys() %}
{% do FAILOVER_LOGSTASH_NODES.append(node_details[hostname].ip) %}
{% endfor %}
{% endif %}
{% endfor %}
filter { filter {
mutate { mutate {
add_tag => "fleet-lumberjack-{{ GLOBALS.hostname }}" add_tag => "fleet-lumberjack-{{ GLOBALS.hostname }}"
@@ -7,7 +17,7 @@ filter {
output { output {
lumberjack { lumberjack {
codec => json codec => json
hosts => "{{ GLOBALS.manager }}" hosts => {{ FAILOVER_LOGSTASH_NODES }}
ssl_certificate => "/usr/share/filebeat/ca.crt" ssl_certificate => "/usr/share/filebeat/ca.crt"
port => 5056 port => 5056
id => "fleet-lumberjack-{{ GLOBALS.hostname }}" id => "fleet-lumberjack-{{ GLOBALS.hostname }}"