CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update telegraf.conf

Browse Source
This commit is contained in:
Mike Reeves
2020-02-11 19:30:17 -05:00
committed by GitHub
parent cb3977a6c2
commit f7ab43e428
1 changed files with 48 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
salt/common/telegraf/etc/telegraf.conf
View File

@@ -15,6 +15,7 @@
{%- set MASTER = grains['master'] %} {%- set MASTER = grains['master'] %}
{% set NODEIP = salt['pillar.get']('node:mainip', '') %} {% set NODEIP = salt['pillar.get']('node:mainip', '') %}
{% set HELIX_API_KEY = salt['pillar.get']('fireeye:helix:api_key', '') %}
# Global tags can be specified here in key="value" format. # Global tags can be specified here in key="value" format.
@@ -86,6 +87,7 @@
############################################################################### ###############################################################################
# Configuration for sending metrics to InfluxDB # Configuration for sending metrics to InfluxDB
{% if grains['role'] != 'so-helix' %}
[[outputs.influxdb]] [[outputs.influxdb]]
## The full HTTP or UDP URL for your InfluxDB instance. ## The full HTTP or UDP URL for your InfluxDB instance.
## ##
@@ -148,7 +150,52 @@
## integer values. Enabling this option will result in field type errors if ## integer values. Enabling this option will result in field type errors if
## existing data has been written. ## existing data has been written.
# influx_uint_support = false # influx_uint_support = false
{% else %}
# A plugin that can transmit metrics over HTTP
[[outputs.http]]
## URL is the address to send metrics to
url = "https://helix-integrations.cloud.aws.apps.fireeye.com/api/upload"
## Timeout for HTTP message
# timeout = "5s"
## HTTP method, one of: "POST" or "PUT"
method = "POST"
## HTTP Basic Auth credentials
# username = "username"
# password = "pa$$word"
## OAuth2 Client Credentials Grant
# client_id = "clientid"
# client_secret = "secret"
# token_url = "https://indentityprovider/oauth2/v1/token"
# scopes = ["urn:opc:idm:__myscopes__"]
## Optional TLS Config
# tls_ca = "/etc/telegraf/ca.pem"
# tls_cert = "/etc/telegraf/cert.pem"
# tls_key = "/etc/telegraf/key.pem"
## Use TLS but skip chain & host verification
# insecure_skip_verify = false
## Data format to output.
## Each data format has it's own unique set of configuration options, read
## more about them here:
## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_OUTPUT.md
data_format = "json"
## HTTP Content-Encoding for write request body, can be set to "gzip" to
## compress body or "identity" to apply no encoding.
content_encoding = "gzip"
## Additional HTTP headers
[outputs.http.headers]
# # Should be set manually to "application/json" for json data_format
Content-Type = "application/json; charset=utf-8"
Authorization = "{{ HELIX_API_KEY }}"
{% endif %}
############################################################################### ###############################################################################
# PROCESSOR PLUGINS # # PROCESSOR PLUGINS #
############################################################################### ###############################################################################
@@ -655,7 +702,7 @@
"/scripts/checkfiles.sh", "/scripts/checkfiles.sh",
"/scripts/broloss.sh", "/scripts/broloss.sh",
"/scripts/oldpcap.sh", "/scripts/oldpcap.sh",
"/scripts/helixeps.sh", "/scripts/helixeps.sh"
] ]
data_format = "influx" data_format = "influx"
{% endif %} {% endif %}