CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

if in dmz_nodes dont add to filebeta

Browse Source
This commit is contained in:
m0duspwnens
2022-05-11 11:51:18 -04:00
parent a641346c02
commit d8abc0a195
3 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pillar/logstash/nodes.sls
View File

@@ -2,7 +2,7 @@
{% set cached_grains = salt.saltutil.runner('cache.grains', tgt='*') %} {% set cached_grains = salt.saltutil.runner('cache.grains', tgt='*') %}
{% for minionid, ip in salt.saltutil.runner( {% for minionid, ip in salt.saltutil.runner(
'mine.get', 'mine.get',
tgt='( G@role:so-manager or G@role:so-managersearch or G@role:so-standalone or G@role:so-node or G@role:so-heavynode or G@role:so-receiver or G@role:so-helix ) and ( not I@logstash:dmz:true or not I@logstash:dmz:True )', tgt='G@role:so-manager or G@role:so-managersearch or G@role:so-standalone or G@role:so-node or G@role:so-heavynode or G@role:so-receiver or G@role:so-helix',
fun='network.ip_addrs', fun='network.ip_addrs',
tgt_type='compound') | dictsort() tgt_type='compound') | dictsort()
%} %}

11
salt/filebeat/etc/filebeat.yml
View File

@@ -443,6 +443,13 @@ output.logstash:
# The Logstash hosts # The Logstash hosts
hosts: hosts:
{# dont let filebeat send to a node designated as dmz #}
{% import_yaml 'logstash/dmz_nodes.yaml' as dmz_nodes -%}
{% if dmz_nodes.logstash.dmz_nodes -%}
{% set dmz_nodes = dmz_nodes.logstash.dmz_nodes -%}
{% else -%}
{% set dmz_nodes = [] -%}
{% endif -%}
{%- if grains.role in ['so-sensor', 'so-fleet', 'so-node', 'so-idh'] %} {%- if grains.role in ['so-sensor', 'so-fleet', 'so-node', 'so-idh'] %}
{%- set LOGSTASH = namespace() %} {%- set LOGSTASH = namespace() %}
{%- set LOGSTASH.count = 0 %} {%- set LOGSTASH.count = 0 %}
@@ -451,8 +458,10 @@ output.logstash:
{%- for node_type, node_details in node_data.items() | sort -%} {%- for node_type, node_details in node_data.items() | sort -%}
{%- if node_type in ['manager', 'managersearch', 'standalone', 'receiver' ] %} {%- if node_type in ['manager', 'managersearch', 'standalone', 'receiver' ] %}
{%- for hostname in node_data[node_type].keys() %} {%- for hostname in node_data[node_type].keys() %}
{%- set LOGSTASH.count = LOGSTASH.count + 1 %} {%- if hostname not in dmz_nodes %}
{%- set LOGSTASH.count = LOGSTASH.count + 1 %}
- "{{ hostname }}:5644" #{{ node_details[hostname].ip }} - "{{ hostname }}:5644" #{{ node_details[hostname].ip }}
{%- endif %}
{%- endfor %} {%- endfor %}
{%- endif %} {%- endif %}
{%- if LOGSTASH.count > 1 %} {%- if LOGSTASH.count > 1 %}

9
salt/logstash/dmz_nodes.yaml Normal file
View File

@@ -0,0 +1,9 @@
# Do not edit this file. Copy it to /opt/so/saltstack/local/salt/logstash/ and make changes there. It should be formatted as a list.
# logstash:
# dmz_nodes:
# - mydmznodehostname1
# - mydmznodehostname2
# - mydmznodehostname3
logstash:
dmz_nodes: