CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

specify ES vs LS in FB config

Browse Source
This commit is contained in:
Wes Lambert
2020-04-02 20:01:49 +00:00
parent be8398387e
commit eb0c23387b
1 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
salt/filebeat/etc/filebeat.yml
View File

@@ -179,7 +179,8 @@ filebeat.inputs:
close_removed: false close_removed: false
{%- endif %} {%- endif %}
#----------------------------- Logstash output --------------------------------- #----------------------------- Elasticsearch/Logstash output ---------------------------------
{%- if grains['role'] == "so-eval" %}
output.elasticsearch: output.elasticsearch:
enabled: true enabled: true
hosts: ["{{ MASTER }}:9200"] hosts: ["{{ MASTER }}:9200"]
@@ -202,12 +203,15 @@ output.elasticsearch:
when.contains: when.contains:
module: "strelka" module: "strelka"
#output.logstash: setup.template.enabled: false
{%- else %}
output.logstash:
# Boolean flag to enable or disable the output module. # Boolean flag to enable or disable the output module.
#enabled: true enabled: true
# The Logstash hosts # The Logstash hosts
#hosts: ["{{ MASTER }}:5644"] hosts: ["{{ MASTER }}:5644"]
# Number of workers per Logstash host. # Number of workers per Logstash host.
#worker: 1 #worker: 1
@@ -222,21 +226,21 @@ output.elasticsearch:
# and certificates will be accepted. In this mode, SSL based connections are # and certificates will be accepted. In this mode, SSL based connections are
# susceptible to man-in-the-middle attacks. Use only for testing. Default is # susceptible to man-in-the-middle attacks. Use only for testing. Default is
# `full`. # `full`.
#ssl.verification_mode: full ssl.verification_mode: full
# List of supported/valid TLS versions. By default all TLS versions 1.0 up to # List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled. # 1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2] ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
# Optional SSL configuration options. SSL is off by default. # Optional SSL configuration options. SSL is off by default.
# List of root certificates for HTTPS server verifications # List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/usr/share/filebeat/intraca.crt"] ssl.certificate_authorities: ["/usr/share/filebeat/intraca.crt"]
# Certificate for SSL client authentication # Certificate for SSL client authentication
#ssl.certificate: "/usr/share/filebeat/filebeat.crt" ssl.certificate: "/usr/share/filebeat/filebeat.crt"
# Client Certificate Key # Client Certificate Key
#ssl.key: "/usr/share/filebeat/filebeat.key" ssl.key: "/usr/share/filebeat/filebeat.key"
setup.template.enabled: false setup.template.enabled: false
# A dictionary of settings to place into the settings.index dictionary # A dictionary of settings to place into the settings.index dictionary
@@ -251,7 +255,7 @@ setup.template.enabled: false
# https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-source-field.html # https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-source-field.html
#_source: #_source:
#enabled: false #enabled: false
{%- endif %}
#============================== Kibana ===================================== #============================== Kibana =====================================
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.