CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

load filebeat modules when es container starts and if fb container is running

Browse Source
This commit is contained in:
m0duspwnens
2021-05-26 11:00:18 -04:00
parent 34d4eedf67
commit 842aa97f7e
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
salt/filebeat/init.sls
View File

@@ -22,6 +22,13 @@
{% set MANAGERIP = salt['pillar.get']('global:managerip', '') %} {% set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
{% from 'filebeat/map.jinja' import THIRDPARTY with context %} {% from 'filebeat/map.jinja' import THIRDPARTY with context %}
{% from 'filebeat/map.jinja' import SO with context %} {% from 'filebeat/map.jinja' import SO with context %}
{% set ES_INCLUDED_NODES = ['so-standalone'] %}
#only include elastic state for certain nodes
{% if grains.role in ES_INCLUDED_NODES %}
include:
- elasticsearch
{% endif %}
filebeatetcdir: filebeatetcdir:
file.directory: file.directory:
@@ -126,6 +133,16 @@ so-filebeat:
- watch: - watch:
- file: /opt/so/conf/filebeat/etc/filebeat.yml - file: /opt/so/conf/filebeat/etc/filebeat.yml
{% if grains.role in ES_INCLUDED_NODES %}
run_module_setup:
cmd.run:
- name: /usr/sbin/so-filebeat-module-setup
- require:
- docker_container: so-filebeat
- onchanges_in:
- docker_container: so-elasticsearch
{% endif %}
append_so-filebeat_so-status.conf: append_so-filebeat_so-status.conf:
file.append: file.append:
- name: /opt/so/conf/so-status/so-status.conf - name: /opt/so/conf/so-status/so-status.conf