CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix annotations and defaults for logstash

Browse Source
This commit is contained in:
Mike Reeves
2023-05-03 09:17:37 -04:00
parent dd034edad6
commit c7604e893e
3 changed files with 81 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/elasticfleet/init.sls
View File

@@ -31,6 +31,7 @@ elasticfleet_sbin:
- source: salt://elasticfleet/tools/sbin - source: salt://elasticfleet/tools/sbin
- user: 947 - user: 947
- group: 939 - group: 939
- file_mode: 755
elasticfleet_sbin_jinja: elasticfleet_sbin_jinja:
file.recurse: file.recurse:
@@ -38,6 +39,7 @@ elasticfleet_sbin_jinja:
- source: salt://elasticfleet/tools/sbin_jinja - source: salt://elasticfleet/tools/sbin_jinja
- user: 947 - user: 947
- group: 939 - group: 939
- file_mode: 755
- template: jinja - template: jinja
eaconfdir: eaconfdir:

64
salt/logstash/defaults.yaml
View File

@@ -1,22 +1,56 @@
logstash: logstash:
assigned_pipelines: assigned_pipelines:
roles: roles:
fleet: standalone:
- so/0012_input_elastic_agent.conf - manager
- so/9806_output_lumberjack_fleet.conf.jinja - search
manager:
- so/0011_input_endgame.conf
- so/0012_input_elastic_agent.conf
- so/0013_input_lumberjack_fleet.conf
- so/9999_output_redis.conf.jinja
receiver: receiver:
- so/0011_input_endgame.conf - receiver
- so/0012_input_elastic_agent.conf heavynode:
- so/9999_output_redis.conf.jinja - search
search: searchnode:
- so/0900_input_redis.conf.jinja - search
- so/9805_output_elastic_agent.conf.jinja manager:
- so/9900_output_endgame.conf.jinja - manager
managersearch:
- manager
- search
fleet:
- fleet
defined_pipelines:
fleet:
- so/0012_input_elastic_agent.conf
- so/9806_output_lumberjack_fleet.conf.jinja
manager:
- so/0011_input_endgame.conf
- so/0012_input_elastic_agent.conf
- so/0013_input_lumberjack_fleet.conf
- so/9999_output_redis.conf.jinja
receiver:
- so/0011_input_endgame.conf
- so/0012_input_elastic_agent.conf
- so/9999_output_redis.conf.jinja
searchnode:
- so/0900_input_redis.conf.jinja
- so/9805_output_elastic_agent.conf.jinja
- so/9900_output_endgame.conf.jinja
custom0: []
custom1: []
custom2: []
custom3: []
custom4: []
docker_options:
port_bindings:
- 0.0.0.0:3765:3765
- 0.0.0.0:5044:5044
- 0.0.0.0:5055:5055
- 0.0.0.0:5056:5056
- 0.0.0.0:5644:5644
- 0.0.0.0:6050:6050
- 0.0.0.0:6051:6051
- 0.0.0.0:6052:6052
- 0.0.0.0:6053:6053
- 0.0.0.0:9600:9600
settings: settings:
lsheap: 500m lsheap: 500m
config: config:

35
salt/logstash/soc_logstash.yaml
View File

@@ -1,14 +1,33 @@
logstash: logstash:
assigned_pipelines: assigned_pipelines:
standalone: &assigned_pipelines
description: List of defined pipelines to add to this role.
advanced: True
helpLink: logstash.html
multiline: True
forcedType: "[]string"
receiver: *assigned_pipelines
heavynode: *assigned_pipelines
searchnode: *assigned_pipelines
manager: *assigned_pipelines
managersearch: *assigned_pipelines
fleet: *assigned_pipelines
defined_pipelines:
roles: roles:
receiver: &assigned_pipelines receiver: &defined_pipelines
description: List of pipelines assigned to this role. description: List of pipeline configurations assign to this group.
advanced: True advanced: True
helpLink: logstash.html helpLink: logstash.html
multiline: True multiline: True
fleet: *assigned_pipelines forcedType: "[]string"
manager: *assigned_pipelines fleet: *defined_pipelines
search: *assigned_pipelines manager: *defined_pipelines
search: *defined_pipelines
custom0: *defined_pipelines
custom1: *defined_pipelines
custom2: *defined_pipelines
custom3: *defined_pipelines
custom4: *defined_pipelines
settings: settings:
lsheap: lsheap:
description: Heap size to use for logstash description: Heap size to use for logstash
@@ -38,6 +57,12 @@ logstash:
helpLink: logstash.html helpLink: logstash.html
readonly: True readonly: True
advanced: True advanced: True
docker_options:
port_bindings:
description: List of ports to open to the logstash docker container. Firewall ports will still need to be added to the firewall configuration.
helpLink: logstash.html
advanced: True
multiline: True
dmz_nodes: dmz_nodes:
description: "List of receiver nodes in DMZs. Prevents sensors from sending to these receivers. Primarily used for external Elastic agents." description: "List of receiver nodes in DMZs. Prevents sensors from sending to these receivers. Primarily used for external Elastic agents."
helpLink: logstash.html helpLink: logstash.html