From 877fc36013edcde280700374732c1b86853bb825 Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 19 Jul 2023 14:57:24 +0000 Subject: [PATCH 1/4] Add log dir --- salt/elasticfleet/config.sls | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/salt/elasticfleet/config.sls b/salt/elasticfleet/config.sls index 9bfb6e34d..902b5eb4c 100644 --- a/salt/elasticfleet/config.sls +++ b/salt/elasticfleet/config.sls @@ -45,6 +45,13 @@ eaconfdir: - group: 939 - makedirs: True +ealogdir: + file.directory: + - name: /opt/so/log/elasticfleet + - user: 947 + - group: 939 + - makedirs: True + eastatedir: file.directory: - name: /opt/so/conf/elastic-fleet/state From 30a14f8aaf90c3766497c50dcf4af61fa8295fea Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 19 Jul 2023 15:00:20 +0000 Subject: [PATCH 2/4] Add logging --- salt/elasticfleet/enabled.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/elasticfleet/enabled.sls b/salt/elasticfleet/enabled.sls index 82de4cdef..025a87e14 100644 --- a/salt/elasticfleet/enabled.sls +++ b/salt/elasticfleet/enabled.sls @@ -66,6 +66,7 @@ so-elastic-fleet: - /etc/ssl:/etc/ssl:ro {% endif %} #- /opt/so/conf/elastic-fleet/state:/usr/share/elastic-agent/state:rw + - /opt/so/log/elasticfleet:/usr/share/elastic-agent/logs {% if DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %} {% for BIND in DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %} - {{ BIND }} @@ -85,8 +86,8 @@ so-elastic-fleet: {% else %} - FLEET_CA=/etc/pki/tls/certs/intca.crt - FLEET_SERVER_ELASTICSEARCH_CA=/etc/pki/tls/certs/intca.crt - {% endif %} + - LOGS_PATH=logs {% if DOCKER.containers['so-elastic-fleet'].extra_env %} {% for XTRAENV in DOCKER.containers['so-elastic-fleet'].extra_env %} - {{ XTRAENV }} From 0b19179630b0b6edea08b9710c1da7dd925de525 Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 19 Jul 2023 15:17:42 +0000 Subject: [PATCH 3/4] Add logrotate --- salt/logrotate/defaults.yaml | 12 +++++++++++- salt/logrotate/soc_logrotate.yaml | 11 +++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/salt/logrotate/defaults.yaml b/salt/logrotate/defaults.yaml index 68095fcbd..311a344b3 100644 --- a/salt/logrotate/defaults.yaml +++ b/salt/logrotate/defaults.yaml @@ -90,7 +90,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/fleet/*_x_log: + /opt/so/log/elasticfleet/*_x_log: - daily - rotate 14 - missingok @@ -100,6 +100,16 @@ logrotate: - extension .log - dateext - dateyesterday + /opt/so/log/elasticfleet/*_x_ndjson: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .ndjson + - dateext + - dateyesterday /opt/so/log/suricata/*_x_log: - daily - rotate 14 diff --git a/salt/logrotate/soc_logrotate.yaml b/salt/logrotate/soc_logrotate.yaml index 5b9fd720f..55ab93c55 100644 --- a/salt/logrotate/soc_logrotate.yaml +++ b/salt/logrotate/soc_logrotate.yaml @@ -63,9 +63,16 @@ logrotate: multiline: True global: True forcedType: "[]string" - "/opt/so/log/fleet/*_x_log": + "/opt/so/log/elasticfleet/*_x_log": description: List of logrotate options for this file. - title: /opt/so/log/fleet/*.log + title: /opt/so/log/elastic-fleet/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/elasticfleet/*_x_ndjson": + description: List of logrotate options for this file. + title: /opt/so/log/elastic-fleet/*.ndjson advanced: True multiline: True global: True From c68cd6cf33d8381a47bfdc75b68295b0ced434ea Mon Sep 17 00:00:00 2001 From: Wes Date: Thu, 20 Jul 2023 14:39:35 +0000 Subject: [PATCH 4/4] Fix typo --- salt/logrotate/soc_logrotate.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/logrotate/soc_logrotate.yaml b/salt/logrotate/soc_logrotate.yaml index 55ab93c55..5e6c78fcc 100644 --- a/salt/logrotate/soc_logrotate.yaml +++ b/salt/logrotate/soc_logrotate.yaml @@ -65,14 +65,14 @@ logrotate: forcedType: "[]string" "/opt/so/log/elasticfleet/*_x_log": description: List of logrotate options for this file. - title: /opt/so/log/elastic-fleet/*.log + title: /opt/so/log/elasticfleet/*.log advanced: True multiline: True global: True forcedType: "[]string" "/opt/so/log/elasticfleet/*_x_ndjson": description: List of logrotate options for this file. - title: /opt/so/log/elastic-fleet/*.ndjson + title: /opt/so/log/elasticfleet/*.ndjson advanced: True multiline: True global: True