Merge pull request #10804 from Security-Onion-Solutions/fix/fleet_logging

Fleet logging
2025-12-08 02:02:50 +01:00 · 2023-07-20 15:51:56 -04:00
parent 83e1e3efdc c68cd6cf33
commit be254b15f2
4 changed files with 29 additions and 4 deletions
--- a/salt/elasticfleet/config.sls
+++ b/salt/elasticfleet/config.sls
@@ -45,6 +45,13 @@ eaconfdir:
    - group: 939
    - makedirs: True

+ealogdir:
+  file.directory:
+    - name: /opt/so/log/elasticfleet
+    - user: 947
+    - group: 939
+    - makedirs: True
+
 eastatedir:
  file.directory:
    - name: /opt/so/conf/elastic-fleet/state
--- a/salt/elasticfleet/enabled.sls
+++ b/salt/elasticfleet/enabled.sls
@@ -66,6 +66,7 @@ so-elastic-fleet:
      - /etc/ssl:/etc/ssl:ro
      {% endif %}
      #- /opt/so/conf/elastic-fleet/state:/usr/share/elastic-agent/state:rw
+      - /opt/so/log/elasticfleet:/usr/share/elastic-agent/logs 
     {% if DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %}
        {% for BIND in DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %}
      - {{ BIND }}
@@ -85,8 +86,8 @@ so-elastic-fleet:
      {% else %}
      - FLEET_CA=/etc/pki/tls/certs/intca.crt
      - FLEET_SERVER_ELASTICSEARCH_CA=/etc/pki/tls/certs/intca.crt
-
      {% endif %}
+      - LOGS_PATH=logs
      {% if DOCKER.containers['so-elastic-fleet'].extra_env %}
        {% for XTRAENV in DOCKER.containers['so-elastic-fleet'].extra_env %}
      - {{ XTRAENV }}
--- a/salt/logrotate/defaults.yaml
+++ b/salt/logrotate/defaults.yaml
@@ -90,7 +90,7 @@ logrotate:
      - extension .log
      - dateext
      - dateyesterday
-    /opt/so/log/fleet/*_x_log:
+    /opt/so/log/elasticfleet/*_x_log:
      - daily
      - rotate 14
      - missingok
@@ -100,6 +100,16 @@ logrotate:
      - extension .log
      - dateext
      - dateyesterday
+    /opt/so/log/elasticfleet/*_x_ndjson:
+      - daily
+      - rotate 14
+      - missingok
+      - copytruncate
+      - compress
+      - create
+      - extension .ndjson
+      - dateext
+      - dateyesterday
    /opt/so/log/suricata/*_x_log:
      - daily
      - rotate 14
--- a/salt/logrotate/soc_logrotate.yaml
+++ b/salt/logrotate/soc_logrotate.yaml
@@ -63,9 +63,16 @@ logrotate:
      multiline: True
      global: True
      forcedType: "[]string"
-    "/opt/so/log/fleet/*_x_log":
+    "/opt/so/log/elasticfleet/*_x_log":
      description: List of logrotate options for this file.
-      title: /opt/so/log/fleet/*.log
+      title: /opt/so/log/elasticfleet/*.log
+      advanced: True
+      multiline: True
+      global: True
+      forcedType: "[]string"
+    "/opt/so/log/elasticfleet/*_x_ndjson":
+      description: List of logrotate options for this file.
+      title: /opt/so/log/elasticfleet/*.ndjson
      advanced: True
      multiline: True
      global: True