CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-19 15:33:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

move node_data pillar to logstash:nodes, set extra hosts for filebeat docker

Browse Source
This commit is contained in:
m0duspwnens
2021-12-14 13:32:42 -05:00
parent 6518691c55
commit c490a3be36
8 changed files with 67 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/filebeat/etc/filebeat.yml
View File

@@ -322,9 +322,9 @@ output.logstash:
# The Logstash hosts
hosts:
{%- if grains.role not in ['so-heavynode', 'so-import', 'so-helix', 'so-eval'] %}
{%- if grains.role in ['so-sensor', 'so-fleet', 'so-node'] %}
{%- set LOADBALANCE = ['false'] %}
{%- set node_data = salt['pillar.get']('node_data') %}
{%- set node_data = salt['pillar.get']('logstash:nodes') %}
{%- for node_type, node_details in node_data.items() | sort %}
{%- if node_type in ['manager', 'managersearch', 'standalone', 'receiver' ] %}
{%- for hostname in node_data[node_type].keys() %}

6
salt/filebeat/init.sls
View File

@@ -17,12 +17,10 @@
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set LOCALHOSTNAME = salt['grains.get']('host') %}
{% set MAININT = salt['pillar.get']('host:mainint') %}
{% set LOCALHOSTIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
{% set MANAGER = salt['grains.get']('master') %}
{% set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
{% from 'filebeat/map.jinja' import THIRDPARTY with context %}
{% from 'filebeat/map.jinja' import SO with context %}
{% from 'filebeat/map.jinja' import EXTRA_HOSTS with context %}
{% set ES_INCLUDED_NODES = ['so-eval', 'so-standalone', 'so-managersearch', 'so-node', 'so-heavynode', 'so-import'] %}
include:
@@ -111,7 +109,7 @@ so-filebeat:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-filebeat:{{ VERSION }}
- hostname: so-filebeat
- user: root
- extra_hosts: {{ MANAGER }}:{{ MANAGERIP }},{{ LOCALHOSTNAME }}:{{ LOCALHOSTIP }}
- extra_hosts: {{ EXTRA_HOSTS }}
- binds:
- /nsm:/nsm:ro
- /opt/so/log/filebeat:/usr/share/filebeat/logs:rw

17
salt/filebeat/map.jinja
View File

@@ -4,3 +4,20 @@
{% import_yaml 'filebeat/securityoniondefaults.yaml' as SODEFAULTS %}
{% set SO = SODEFAULTS.securityonion_filebeat %}
{#% set SO = salt['pillar.get']('filebeat:third_party_filebeat', default=SODEFAULTS.third_party_filebeat, merge=True) %#}
{% set role = grains.role %}
{% set EXTRA_HOSTS = [] %}
{% set mainint = salt['pillar.get']('host:mainint') %}
{% set localhostip = salt['grains.get']('ip_interfaces').get(mainint)[0] %}
{% if role in ['so-sensor', 'so-fleet', 'so-node' ] %}
{% set node_data = salt['pillar.get']('logstash:nodes') %}
{% for node_type, node_details in node_data.items() | sort %}
{% if node_type in ['manager', 'managersearch', 'standalone', 'receiver' ] %}
{% for hostname in node_data[node_type].keys() %}
{% do EXTRA_HOSTS.append({hostname:node_details[hostname].ip}) %}
{% endfor %}
{% endif %}
{% endfor %}
{% else %}
{% do EXTRA_HOSTS.append({grains.host:localhostip}) %}
{% endif %}

1
salt/salt/etc/minion.d/mine_functions.conf
View File

@@ -1,4 +1,3 @@
mine_functions:
test.ping: []
network.ip_addrs:
- interface: {{ pillar.host.mainint }}