logstash helix

pillar/top.sls

@@ -27,3 +27,7 @@ base:
     - nodes.{{ grains.id }}
     - static
     - firewall.*
+
+  'G@role:so-helix':
+    - fireeye
+    - static

salt/logstash/files/dynamic/9997_output_helix.conf

@@ -1,4 +1,4 @@
-{% set helix_api_key = salt['pillar.get']('fireeye:helix:api_key', '') %}
+{% set HELIXAPIKEY = salt['pillar.get']('fireeye:helix:api_key', '') %}
 
 filter {
   if "fe_clone" in [type] {

setup/functions.sh

@@ -476,6 +476,17 @@ filter_unused_nics() {
   FNICS=$(ip link | grep -vwe $grep_string | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}')
 }
 
+fireeye_pillar() {
+
+  FIREEYEPILLARPATH=$TMP/pillar/fireeye
+
+  echo "" >> $FIREEYEPILLARPATH/init.sls
+  echo "fireeye:" >> $FIREEYEPILLARPATH/init.sls
+  echo "  helix:" >> $FIREEYEPILLARPATH/init.sls
+  echo "    api_key: $HELIXAPIKEY" >> $FIREEYEPILLARPATH/init.sls
+
+}
+
 generate_passwords(){
   # Generate Random Passwords for Things
   MYSQLPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)

setup/so-setup.sh

@@ -193,6 +193,8 @@ if (whiptail_you_sure) ; then
       master_pillar >> $SETUPLOG 2>&1
       echo "** Generating the patch pillar **" >> $SETUPLOG
       patch_pillar >> $SETUPLOG 2>&1
+      echo "** Generating the FireEye pillar **" >> $SETUPLOG
+      fireeye_pillar >> $SETUPLOG 2>&1
       echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
       copy_minion_tmp_files >> $SETUPLOG 2>&1
       # Do a checkin to push the key up