From 9696c77bd3caedb82c6c0f8e5ada0330e466de03 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 8 Aug 2018 10:02:43 -0400 Subject: [PATCH] Fix several sytax errors --- salt/common/nginx/nginx.conf.so-node | 89 ++++++++++++++++ salt/logstash/conf/conf.enabled.txt.storage | 100 ++++++++++++++++++ .../files/dynamic/9999_output_redis.conf | 4 +- salt/top.sls | 8 +- 4 files changed, 195 insertions(+), 6 deletions(-) create mode 100644 salt/common/nginx/nginx.conf.so-node create mode 100644 salt/logstash/conf/conf.enabled.txt.storage diff --git a/salt/common/nginx/nginx.conf.so-node b/salt/common/nginx/nginx.conf.so-node new file mode 100644 index 000000000..39688f3df --- /dev/null +++ b/salt/common/nginx/nginx.conf.so-node @@ -0,0 +1,89 @@ +# For more information on configuration, see: +# * Official English Documentation: http://nginx.org/en/docs/ +# * Official Russian Documentation: http://nginx.org/ru/docs/ + +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /run/nginx.pid; + +# Load dynamic modules. See /usr/share/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include /etc/nginx/conf.d/*.conf; + + server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + root /usr/share/nginx/html; + + # Load configuration files for the default server block. + include /etc/nginx/default.d/*.conf; + + location / { + } + + error_page 404 /404.html; + location = /40x.html { + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + } + } + +# Settings for a TLS enabled server. +# +# server { +# listen 443 ssl http2 default_server; +# listen [::]:443 ssl http2 default_server; +# server_name _; +# root /usr/share/nginx/html; +# +# ssl_certificate "/etc/pki/nginx/server.crt"; +# ssl_certificate_key "/etc/pki/nginx/private/server.key"; +# ssl_session_cache shared:SSL:1m; +# ssl_session_timeout 10m; +# ssl_ciphers HIGH:!aNULL:!MD5; +# ssl_prefer_server_ciphers on; +# +# # Load configuration files for the default server block. +# include /etc/nginx/default.d/*.conf; +# +# location / { +# } +# +# error_page 404 /404.html; +# location = /40x.html { +# } +# +# error_page 500 502 503 504 /50x.html; +# location = /50x.html { +# } +# } + +} diff --git a/salt/logstash/conf/conf.enabled.txt.storage b/salt/logstash/conf/conf.enabled.txt.storage new file mode 100644 index 000000000..29b540c70 --- /dev/null +++ b/salt/logstash/conf/conf.enabled.txt.storage @@ -0,0 +1,100 @@ +# This is where can specify which LogStash configs get loaded. +# +# The custom folder on the master gets automatically synced to each logstash +# node. +# +# To enable a custom configuration see the following example and uncomment: +# /usr/share/logstash/pipeline.custom/1234_input_custom.conf +## +# All of the defaults are loaded. +/usr/share/logstash/pipeline.dynamic/0900_input_redis.conf +/usr/share/logstash/pipeline.so/1000_preprocess_log_elapsed.conf +/usr/share/logstash/pipeline.so/1001_preprocess_syslogng.conf +/usr/share/logstash/pipeline.so/1002_preprocess_json.conf +/usr/share/logstash/pipeline.so/1003_preprocess_bro.conf +/usr/share/logstash/pipeline.so/1004_preprocess_syslog_types.conf +/usr/share/logstash/pipeline.so/1026_preprocess_dhcp.conf +/usr/share/logstash/pipeline.so/1029_preprocess_esxi.conf +/usr/share/logstash/pipeline.so/1030_preprocess_greensql.conf +/usr/share/logstash/pipeline.so/1031_preprocess_iis.conf +/usr/share/logstash/pipeline.so/1032_preprocess_mcafee.conf +/usr/share/logstash/pipeline.so/1033_preprocess_snort.conf +/usr/share/logstash/pipeline.so/1034_preprocess_syslog.conf +/usr/share/logstash/pipeline.so/1100_preprocess_bro_conn.conf +/usr/share/logstash/pipeline.so/1101_preprocess_bro_dhcp.conf +/usr/share/logstash/pipeline.so/1102_preprocess_bro_dns.conf +/usr/share/logstash/pipeline.so/1103_preprocess_bro_dpd.conf +/usr/share/logstash/pipeline.so/1104_preprocess_bro_files.conf +/usr/share/logstash/pipeline.so/1105_preprocess_bro_ftp.conf +/usr/share/logstash/pipeline.so/1106_preprocess_bro_http.conf +/usr/share/logstash/pipeline.so/1107_preprocess_bro_irc.conf +/usr/share/logstash/pipeline.so/1108_preprocess_bro_kerberos.conf +/usr/share/logstash/pipeline.so/1109_preprocess_bro_notice.conf +/usr/share/logstash/pipeline.so/1110_preprocess_bro_rdp.conf +/usr/share/logstash/pipeline.so/1111_preprocess_bro_signatures.conf +/usr/share/logstash/pipeline.so/1112_preprocess_bro_smtp.conf +/usr/share/logstash/pipeline.so/1113_preprocess_bro_snmp.conf +/usr/share/logstash/pipeline.so/1114_preprocess_bro_software.conf +/usr/share/logstash/pipeline.so/1115_preprocess_bro_ssh.conf +/usr/share/logstash/pipeline.so/1116_preprocess_bro_ssl.conf +/usr/share/logstash/pipeline.so/1117_preprocess_bro_syslog.conf +/usr/share/logstash/pipeline.so/1118_preprocess_bro_tunnel.conf +/usr/share/logstash/pipeline.so/1119_preprocess_bro_weird.conf +/usr/share/logstash/pipeline.so/1121_preprocess_bro_mysql.conf +/usr/share/logstash/pipeline.so/1122_preprocess_bro_socks.conf +/usr/share/logstash/pipeline.so/1123_preprocess_bro_x509.conf +/usr/share/logstash/pipeline.so/1124_preprocess_bro_intel.conf +/usr/share/logstash/pipeline.so/1125_preprocess_bro_modbus.conf +/usr/share/logstash/pipeline.so/1126_preprocess_bro_sip.conf +/usr/share/logstash/pipeline.so/1127_preprocess_bro_radius.conf +/usr/share/logstash/pipeline.so/1128_preprocess_bro_pe.conf +/usr/share/logstash/pipeline.so/1129_preprocess_bro_rfb.conf +/usr/share/logstash/pipeline.so/1130_preprocess_bro_dnp3.conf +/usr/share/logstash/pipeline.so/1131_preprocess_bro_smb_files.conf +/usr/share/logstash/pipeline.so/1132_preprocess_bro_smb_mapping.conf +/usr/share/logstash/pipeline.so/1133_preprocess_bro_ntlm.conf +/usr/share/logstash/pipeline.so/1134_preprocess_bro_dce_rpc.conf +/usr/share/logstash/pipeline.so/1998_test_data.conf +/usr/share/logstash/pipeline.so/2000_network_flow.conf +/usr/share/logstash/pipeline.so/6000_bro.conf +/usr/share/logstash/pipeline.so/6001_bro_import.conf +/usr/share/logstash/pipeline.so/6002_syslog.conf +/usr/share/logstash/pipeline.so/6101_switch_brocade.conf +/usr/share/logstash/pipeline.so/6200_firewall_fortinet.conf +/usr/share/logstash/pipeline.so/6201_firewall_pfsense.conf +/usr/share/logstash/pipeline.so/6300_windows.conf +/usr/share/logstash/pipeline.so/6301_dns_windows.conf +/usr/share/logstash/pipeline.so/6400_suricata.conf +/usr/share/logstash/pipeline.so/6500_ossec.conf +/usr/share/logstash/pipeline.so/6501_ossec_sysmon.conf +/usr/share/logstash/pipeline.so/6502_ossec_autoruns.conf +/usr/share/logstash/pipeline.so/8000_postprocess_bro_cleanup.conf +/usr/share/logstash/pipeline.so/8001_postprocess_common_ip_augmentation.conf +/usr/share/logstash/pipeline.so/8006_postprocess_dns.conf +/usr/share/logstash/pipeline.so/8007_postprocess_dns_top1m_tagging.conf +/usr/share/logstash/pipeline.so/8007_postprocess_http.conf +/usr/share/logstash/pipeline.so/8008_postprocess_dns_whois_age.conf +/usr/share/logstash/pipeline.so/8200_postprocess_tagging.conf +/usr/share/logstash/pipeline.so/8502_postprocess_freq_analysis_bro_dns.conf +/usr/share/logstash/pipeline.so/8503_postprocess_freq_analysis_bro_http.conf +/usr/share/logstash/pipeline.so/8504_postprocess_freq_analysis_bro_ssl.conf +/usr/share/logstash/pipeline.so/8505_postprocess_freq_analysis_bro_x509.conf +/usr/share/logstash/pipeline.so/8998_postprocess_log_elapsed.conf +/usr/share/logstash/pipeline.so/8999_postprocess_rename_type.conf +/usr/share/logstash/pipeline.so/9000_output_bro.conf +/usr/share/logstash/pipeline.so/9001_output_switch.conf +/usr/share/logstash/pipeline.so/9002_output_import.conf +/usr/share/logstash/pipeline.so/9004_output_flow.conf +/usr/share/logstash/pipeline.so/9026_output_dhcp.conf +/usr/share/logstash/pipeline.so/9029_output_esxi.conf +/usr/share/logstash/pipeline.so/9030_output_greensql.conf +/usr/share/logstash/pipeline.so/9031_output_iis.conf +/usr/share/logstash/pipeline.so/9032_output_mcafee.conf +/usr/share/logstash/pipeline.so/9033_output_snort.conf +/usr/share/logstash/pipeline.so/9034_output_syslog.conf +/usr/share/logstash/pipeline.so/9200_output_firewall.conf +/usr/share/logstash/pipeline.so/9300_output_windows.conf +/usr/share/logstash/pipeline.so/9301_output_dns_windows.conf +/usr/share/logstash/pipeline.so/9400_output_suricata.conf +/usr/share/logstash/pipeline.so/9500_output_beats.conf +/usr/share/logstash/pipeline.so/9998_output_test_data.conf diff --git a/salt/logstash/files/dynamic/9999_output_redis.conf b/salt/logstash/files/dynamic/9999_output_redis.conf index 0308f2d7e..21918e9c9 100644 --- a/salt/logstash/files/dynamic/9999_output_redis.conf +++ b/salt/logstash/files/dynamic/9999_output_redis.conf @@ -1,7 +1,7 @@ {%- if salt['grains.get']('role') == 'so-master' %} {%- set nodetype = 'master' %} {%- else %} -{%- set nodetype = salt['pillar_get']('node:node_type', 'storage') %} +{%- set nodetype = salt['pillar.get']('node:node_type', 'storage') %} {%- endif %} output { redis { @@ -16,4 +16,4 @@ output { congestion_threshold => 50000000 # batch_events => 500 } -} \ No newline at end of file +} diff --git a/salt/top.sls b/salt/top.sls index e33b7efae..40a0a26e9 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -25,7 +25,7 @@ base: - logstash # Storage node logic - + 'G@role:so-node': 'node_type:parser': - match: pillar - common @@ -42,12 +42,12 @@ base: - common - elasticsearch - 'node_type:storage': - - match: pillar + 'G@role:so-node and I@node:node_type:storage': + - match: compound - common - logstash - elasticsearch - + 'G@role:mastersensor': - common - sensor