Beats on the OpenBSD router.

ebe13570 · nimrod · 0c1eb77e · ebe13570 · ebe13570 · ebe13570
Commit ebe13570 authored 4 years ago by nimrod
--- a/roles/router/files/filebeat.yml
+++ b/roles/router/files/filebeat.yml
+---
+output.elasticsearch:
+  hosts:
+    - https://elasticsearch.shore.co.il:443
+
+logging:
+  level: warning
+  json: true
+  to_syslog: true
+  metrics.enabled: false
+
+processors:
+  - add_host_metadata: ~
+
+filebeat:
+  inputs:
+    - type: log
+      enabled: true
+      paths:
+        - /var/log/*.log
+        - /var/log/authlog
+        - /var/log/daemon
+
+  config.modules:
+    path: ${path.config}/modules.d/*.yml
+    reload:
+      enabled: false
--- a/roles/router/files/metricbeat.yml
+++ b/roles/router/files/metricbeat.yml
+---
+output.elasticsearch:
+  hosts:
+    - https://elasticsearch.shore.co.il:443
+
+logging:
+  level: warning
+  json: true
+  to_syslog: true
+  metrics.enabled: false
+
+#processors:
+#  - add_host_metadata: ~
+
+metricbeat.config.modules:
+  path: ${path.config}/modules.d/*.yml
+  reload.enabled: false
+
+metricbeat.modules:
+  - module: system
+    metricsets:
+      - cpu
+      - load
+      - memory
+      #- network
+      #- process
+      #- process_summary
+      - uptime
+      - socket_summary
+      #- diskio
+      - filesystem
+      - fsstat
+      #- service
--- a/roles/router/files/packetbeat.yml
+++ b/roles/router/files/packetbeat.yml
+---
+output.elasticsearch:
+  hosts:
+    - https://elasticsearch.shore.co.il:443
+
+logging:
+  level: warning
+  json: true
+  to_syslog: true
+  metrics.enabled: false
+
+#processors:
+#  - add_host_metadata: ~
+
+packetbeat:
+  interfaces.device: em1
+  protocols:
+    - type: icmp
+      enabled: true
+    - type: dns
+      enabled: true
+    - type: http
+      enabled: true
+      ports:
+        - 80
+    - type: tls
+      enabled: true
+      ports:
+        - 443
+    #- type: dhcp
+    #  enabled: true
+    #  ports:
+    #    - 67
+    #    - 68
--- a/roles/router/handlers/main.yaml
+++ b/roles/router/handlers/main.yaml
@@ -75,3 +75,18 @@
  service:
    name: sshd
    state: restarted
+
+- name: Restart the filebeat daemon
+  service:
+    name: filebeat
+    state: restarted
+
+- name: Restart the metricbeat daemon
+  service:
+    name: metricbeat
+    state: restarted
+
+- name: Restart the packetbeat daemon
+  service:
+    name: packetbeat
+    state: restarted
--- a/roles/router/tasks/main.yaml
+++ b/roles/router/tasks/main.yaml
@@ -491,3 +491,39 @@
  tags:
    - cron
    - mail
+
+- name: Install beats
+  loop: &beats
+    - filebeat
+    - metricbeat
+    - packetbeat
+  community.general.openbsd_pkg:
+    name: '{{ item }}'
+    state: present
+  tags:
+    - packages
+    - beats
+
+- name: Configure beats
+  loop: *beats
+  ansible.builtin.copy:
+    backup: true
+    dest: '/etc/{{ item }}/{{ item }}.yml'
+    group: wheel
+    mode: 0o0644
+    owner: root
+    src: '{{ item }}.yml'
+    validate: '{{ item }} test config -c %s'
+  notify:
+    - Restart the {{ item }} daemon
+  tags:
+    - beats
+
+- name: Enable beats
+  loop: *beats
+  service:
+    enabled: true
+    name: '{{ item }}'
+    state: started
+  tags:
+    - beats