securityonion/salt/logstash/map.jinja

{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
   or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
   https://securityonion.net/license; you may not use this file except in compliance with the
   Elastic License 2.0. #}

{% from 'vars/globals.map.jinja' import GLOBALS %}
{% import_yaml 'logstash/defaults.yaml' as LOGSTASH_DEFAULTS %}
{% set LOGSTASH_MERGED = salt['pillar.get']('logstash', LOGSTASH_DEFAULTS.logstash, merge=True) %}
{% set KAFKA_LOGSTASH = salt['pillar.get']('kafka:logstash', []) %}

{# used to store the redis nodes that logstash needs to know about to pull from the queue #}
{% set LOGSTASH_REDIS_NODES = [] %}
{# stores all logstash nodes #}
{% set LOGSTASH_NODES = [] %}
{% set logstash_node_data = salt['pillar.get']('logstash:nodes', {GLOBALS.role.split('-')[1]: {GLOBALS.hostname: {'ip': GLOBALS.node_ip}}}) %}
{% set redis_node_data = salt['pillar.get']('redis:nodes', {GLOBALS.role.split('-')[1]: {GLOBALS.hostname: {'ip': GLOBALS.node_ip}}}) %}

{% for node_type, node_details in redis_node_data.items() | sort %}
{%   if GLOBALS.role in ['so-searchnode', 'so-standalone', 'so-managersearch', 'so-fleet'] %}
{%     if node_type.startswith('manager') or node_type in ['standalone', 'receiver'] %}
{%       for hostname in redis_node_data[node_type].keys() %}
{%         do LOGSTASH_REDIS_NODES.append({hostname:node_details[hostname].ip}) %}
{%       endfor %}
{%     endif %}
{%   endif %}
{% endfor %}

{% for node_type, node_details in logstash_node_data.items() | sort %}
{%   for hostname in logstash_node_data[node_type].keys() %}
{%     do LOGSTASH_NODES.append({hostname:node_details[hostname].ip}) %}
{%   endfor %}
{% endfor %}

{# Append Kafka input pipeline when Kafka is enabled #}
{% if GLOBALS.pipeline == 'KAFKA' %}
{%   if 'so/0900_input_redis.conf.jinja' in LOGSTASH_MERGED.defined_pipelines.search %}
{%     do LOGSTASH_MERGED.defined_pipelines.search.remove('so/0900_input_redis.conf.jinja') %}
{%   endif %}
{%   if 'so/0800_input_kafka.conf.jinja' not in LOGSTASH_MERGED.defined_pipelines.search %}
{%     do LOGSTASH_MERGED.defined_pipelines.search.append('so/0800_input_kafka.conf.jinja') %}
{%   endif %}
{%   if 'so/0800_input_kafka.conf.jinja' not in LOGSTASH_MERGED.defined_pipelines.manager %}
{%     do LOGSTASH_MERGED.defined_pipelines.manager.append('so/0800_input_kafka.conf.jinja') %}
{%   endif %}
{%   if 'so/9999_output_redis.conf.jinja' in LOGSTASH_MERGED.defined_pipelines.manager %}
{%     do LOGSTASH_MERGED.defined_pipelines.manager.remove('so/9999_output_redis.conf.jinja') %}
{%   endif %}
{# Disable logstash on manager & receiver nodes unless it has an override configured #}
{%   if not KAFKA_LOGSTASH %}
{%     if GLOBALS.role in ['so-manager', 'so-managerhype', 'so-receiver'] and GLOBALS.hostname not in KAFKA_LOGSTASH %}
{%       do LOGSTASH_MERGED.update({'enabled': False}) %}
{%     endif %}
{%   endif %}
{% endif %}