From 83cd0442679b856f7968c17e5e3ca2dec4ab53d1 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sat, 15 May 2021 22:00:44 +0300
Subject: [PATCH] Setup beats.
Start shipping data.
---
docker-compose.yml | 31 ++++++++++++++++++++++++++
filebeat/filebeat.yml | 8 +++++++
journalbeat/journalbeat.yml | 3 +++
metricbeat/metricbeat.yml | 43 +++++++++++++++++++++++++++++++++++++
packetbeat/Dockerfile | 2 +-
packetbeat/packetbeat.yml | 19 ++++++++++++++++
6 files changed, 105 insertions(+), 1 deletion(-)
diff --git a/docker-compose.yml b/docker-compose.yml
index f13f45a..acb86fe 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,24 +6,55 @@ services:
context: filebeat
image: registry.shore.co.il/filebeat
restart: always
+ user: root
+ volumes:
+ - filebeat:/usr/share/filebeat/data/
+ - /var/lib/docker/containers:/var/lib/docker/containers:ro
+ - /var/run/docker.sock:/var/run/docker.sock:ro
journalbeat:
build:
context: journalbeat
image: registry.shore.co.il/journalbeat
restart: always
+ user: root
+ volumes:
+ - journalbeat:/usr/share/journalbeat/data/
+ - /var/log/journal:/var/log/journal
+ - /etc/machine-id:/etc/machine-id
+ - /run/systemd:/run/systemd
+ - /etc/hostname:/etc/hostname:ro
metricbeat:
build:
context: metricbeat
image: registry.shore.co.il/metricbeat
+ network_mode: host
restart: always
+ user: root
+ volumes:
+ - metricbeat:/usr/share/metricbeat/data/
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+ - /sys/fs/cgroup:/hostfs/sys/fs/cgroup:ro
+ - /proc:/hostfs/proc:ro
+ - /:/hostfs:ro
packetbeat:
build:
context: packetbeat
+ cap_add:
+ - NET_ADMIN
image: registry.shore.co.il/packetbeat
+ network_mode: host
restart: always
+ volumes:
+ - packetbeat:/usr/share/packetbeat/data/
+
+volumes:
+ filebeat:
+ journalbeat:
+ metricbeat:
+ packetbeat:
networks:
default:
diff --git a/filebeat/filebeat.yml b/filebeat/filebeat.yml
index 58df7c5..8847d1e 100644
--- a/filebeat/filebeat.yml
+++ b/filebeat/filebeat.yml
@@ -9,3 +9,11 @@ logging:
http:
enabled: true
+
+processors:
+ - add_host_metadata: ~
+ - add_docker_metadata: ~
+
+filebeat.inputs:
+ - type: container
+ enabled: true
diff --git a/journalbeat/journalbeat.yml b/journalbeat/journalbeat.yml
index 58df7c5..b14aecb 100644
--- a/journalbeat/journalbeat.yml
+++ b/journalbeat/journalbeat.yml
@@ -9,3 +9,6 @@ logging:
http:
enabled: true
+
+processors:
+ - add_host_metadata: ~
diff --git a/metricbeat/metricbeat.yml b/metricbeat/metricbeat.yml
index 58df7c5..345342d 100644
--- a/metricbeat/metricbeat.yml
+++ b/metricbeat/metricbeat.yml
@@ -9,3 +9,46 @@ logging:
http:
enabled: true
+
+processors:
+ - add_host_metadata: ~
+
+metricbeat.config.modules:
+ path: ${path.config}/modules.d/*.yml
+ reload.enabled: false
+
+metricbeat.modules:
+ - module: system
+ metricsets:
+ - cpu
+ - load
+ - memory
+ - network
+ - process
+ - process_summary
+ - uptime
+ - socket_summary
+ - diskio
+ - filesystem
+ - fsstat
+ - service
+ system.hostfs: /hostfs
+
+ - module: docker
+ metricsets:
+ - container
+ - cpu
+ - diskio
+ - event
+ - healthcheck
+ - info
+ - memory
+ - network
+
+ - module: linux
+ metricsets:
+ - pageinfo
+ - memory
+ - conntrack
+ - iostat
+ hostfs: /hostfs
diff --git a/packetbeat/Dockerfile b/packetbeat/Dockerfile
index a987047..1f6360e 100644
--- a/packetbeat/Dockerfile
+++ b/packetbeat/Dockerfile
@@ -1,4 +1,4 @@
FROM docker.elastic.co/beats/packetbeat-oss:7.12.1
COPY --chown=root:packetbeat packetbeat.yml /usr/share/packetbeat/packetbeat.yml
-RUN packetbeat test config
+#RUN packetbeat test config
HEALTHCHECK CMD curl --fail http://localhost:5066/stats || exit 1
diff --git a/packetbeat/packetbeat.yml b/packetbeat/packetbeat.yml
index 58df7c5..75d8ff1 100644
--- a/packetbeat/packetbeat.yml
+++ b/packetbeat/packetbeat.yml
@@ -9,3 +9,22 @@ logging:
http:
enabled: true
+
+processors:
+ - add_host_metadata: ~
+
+packetbeat.interfaces.device: any
+
+packetbeat.protocols:
+ - type: icmp
+ enabled: true
+ - type: dns
+ enabled: true
+ - type: http
+ enabled: true
+ ports:
+ - 80
+ - type: tls
+ enabled: true
+ ports:
+ - 443
--
GitLab