From ce05f29dc4e436060a05cf02adfe3aa9578e3ee6 Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 30 Aug 2023 13:03:28 +0000 Subject: [PATCH 1/4] Add port_bindings for port 514 --- salt/docker/defaults.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/docker/defaults.yaml b/salt/docker/defaults.yaml index e39feaf06..a5d6c5d6d 100644 --- a/salt/docker/defaults.yaml +++ b/salt/docker/defaults.yaml @@ -178,6 +178,9 @@ docker: extra_env: [] 'so-elastic-agent': final_octet: 46 + port_bindings: + - 0.0.0.0:514:514/tcp + - 0.0.0.0:514:514/udp custom_bind_mounts: [] extra_hosts: [] extra_env: [] From 655eea2b007124d9abe0674b5281435817cf290d Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 30 Aug 2023 13:03:56 +0000 Subject: [PATCH 2/4] Add port_bindings --- salt/elasticagent/enabled.sls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/elasticagent/enabled.sls b/salt/elasticagent/enabled.sls index 963b8549b..7d0f401e9 100644 --- a/salt/elasticagent/enabled.sls +++ b/salt/elasticagent/enabled.sls @@ -31,6 +31,10 @@ so-elastic-agent: - {{ XTRAHOST }} {% endfor %} {% endif %} + - port_bindings: + {% for BINDING in DOCKER.containers['so-elastic-agent'].port_bindings %} + - {{ BINDING }} + {% endfor %} - binds: - /opt/so/conf/elastic-agent/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml:ro - /opt/so/log/elasticagent:/usr/share/elastic-agent/logs From 0e22acc255cc62af53810156eabaf9471d8bbcae Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 30 Aug 2023 13:04:32 +0000 Subject: [PATCH 3/4] Add tcp and udp integration --- .../files/elastic-agent.yml.jinja | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/salt/elasticagent/files/elastic-agent.yml.jinja b/salt/elasticagent/files/elastic-agent.yml.jinja index 92aacfa44..7d0b93344 100644 --- a/salt/elasticagent/files/elastic-agent.yml.jinja +++ b/salt/elasticagent/files/elastic-agent.yml.jinja @@ -430,3 +430,54 @@ inputs: exclude_files: - >- broker|capture_loss|cluster|ecat_arp_info|known_hosts|known_services|loaded_scripts|ntp|ocsp|packet_filter|reporter|stats|stderr|stdout.log$ + - id: udp-udp-35051de0-46a5-11ee-8d5d-9f98c8182f60 + name: syslog-udp-514 + revision: 3 + type: udp + use_output: default + meta: + package: + name: udp + version: 1.10.0 + data_stream: + namespace: so + package_policy_id: 35051de0-46a5-11ee-8d5d-9f98c8182f60 + streams: + - id: udp-udp.generic-35051de0-46a5-11ee-8d5d-9f98c8182f60 + data_stream: + dataset: syslog + pipeline: syslog + host: '0.0.0.0:514' + max_message_size: 10KiB + processors: + - add_fields: + fields: + module: syslog + target: event + tags: + - syslog + - id: tcp-tcp-33d37bb0-46a5-11ee-8d5d-9f98c8182f60 + name: syslog-tcp-514 + revision: 3 + type: tcp + use_output: default + meta: + package: + name: tcp + version: 1.10.0 + data_stream: + namespace: so + package_policy_id: 33d37bb0-46a5-11ee-8d5d-9f98c8182f60 + streams: + - id: tcp-tcp.generic-33d37bb0-46a5-11ee-8d5d-9f98c8182f60 + data_stream: + dataset: syslog + pipeline: syslog + host: '0.0.0.0:514' + processors: + - add_fields: + fields: + module: syslog + target: event + tags: + - syslog From 60b0af5ab793fa1b6a592743f162e6905b797798 Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 30 Aug 2023 13:05:30 +0000 Subject: [PATCH 4/4] Allow external syslog --- salt/firewall/defaults.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml index ff127c419..ecb4bad6b 100644 --- a/salt/firewall/defaults.yaml +++ b/salt/firewall/defaults.yaml @@ -1141,6 +1141,12 @@ firewall: localhost: portgroups: - all + self: + portgroups: + - syslog + syslog: + portgroups: + - syslog customhostgroup0: portgroups: [] customhostgroup1: