From efc028d0a55b39a39ea484cb9c1a5cd425e63dd6 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 10 May 2021 18:08:47 -0400
Subject: [PATCH] handle the docker port bindings for filebeat modules

---
 salt/filebeat/init.sls               | 9 +++++++++
 salt/filebeat/map.jinja              | 2 ++
 salt/filebeat/thirdpartydefaults.yml | 2 +-
 3 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 salt/filebeat/map.jinja

diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index 8ab200276..eb4dc116a 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -20,6 +20,8 @@
 {% set LOCALHOSTIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
+{% from 'filebeat/map.jinja' import THIRDPARTY with context %}
+
 filebeatetcdir:
   file.directory:
     - name: /opt/so/conf/filebeat/etc
@@ -98,6 +100,13 @@ so-filebeat:
         - 0.0.0.0:514:514/udp
         - 0.0.0.0:514:514/tcp
         - 0.0.0.0:5066:5066/tcp
+{% for module in THIRDPARTY.modules.keys() %}
+  {% for submodule in THIRDPARTY.modules[module] %}
+    {% if THIRDPARTY.modules[module][submodule].enabled %}
+        - {{ THIRDPARTY.modules[module][submodule].get("var.syslog_host", "0.0.0.0") }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}/{{ THIRDPARTY.modules[module][submodule]["var.input"] }}
+    {% endif %}
+  {% endfor %}
+{% endfor %}
     - watch:
       - file: /opt/so/conf/filebeat/etc/filebeat.yml
 
diff --git a/salt/filebeat/map.jinja b/salt/filebeat/map.jinja
new file mode 100644
index 000000000..668889227
--- /dev/null
+++ b/salt/filebeat/map.jinja
@@ -0,0 +1,2 @@
+{% import_yaml 'filebeat/thirdpartydefaults.yaml' as TPDEFAULTS %}
+{% set THIRDPARTY = salt['pillar.get']('filebeat:third_party_filebeat', default=TPDEFAULTS.third_party_filebeat, merge=True) %}
\ No newline at end of file
diff --git a/salt/filebeat/thirdpartydefaults.yml b/salt/filebeat/thirdpartydefaults.yml
index 9e5fef988..1e2eb8c23 100644
--- a/salt/filebeat/thirdpartydefaults.yml
+++ b/salt/filebeat/thirdpartydefaults.yml
@@ -1,4 +1,4 @@
-thirtd_party_filebeat:
+third_party_filebeat:
   modules:
     fortinet:
       firewall: