diff --git a/roles/router/files/filebeat.yml b/roles/router/files/filebeat.yml
new file mode 100644
index 0000000000000000000000000000000000000000..fe2bf08cc9538568bdeb6fcbd6a58c2bdcc6f02a
--- /dev/null
+++ b/roles/router/files/filebeat.yml
@@ -0,0 +1,27 @@
+---
+output.elasticsearch:
+  hosts:
+    - https://elasticsearch.shore.co.il:443
+
+logging:
+  level: warning
+  json: true
+  to_syslog: true
+  metrics.enabled: false
+
+processors:
+  - add_host_metadata: ~
+
+filebeat:
+  inputs:
+    - type: log
+      enabled: true
+      paths:
+        - /var/log/*.log
+        - /var/log/authlog
+        - /var/log/daemon
+
+  config.modules:
+    path: ${path.config}/modules.d/*.yml
+    reload:
+      enabled: false
diff --git a/roles/router/files/metricbeat.yml b/roles/router/files/metricbeat.yml
new file mode 100644
index 0000000000000000000000000000000000000000..2306b4652348c34a1986d0d6ecd6b74545c80abc
--- /dev/null
+++ b/roles/router/files/metricbeat.yml
@@ -0,0 +1,33 @@
+---
+output.elasticsearch:
+  hosts:
+    - https://elasticsearch.shore.co.il:443
+
+logging:
+  level: warning
+  json: true
+  to_syslog: true
+  metrics.enabled: false
+
+#processors:
+#  - add_host_metadata: ~
+
+metricbeat.config.modules:
+  path: ${path.config}/modules.d/*.yml
+  reload.enabled: false
+
+metricbeat.modules:
+  - module: system
+    metricsets:
+      - cpu
+      - load
+      - memory
+      #- network
+      #- process
+      #- process_summary
+      - uptime
+      - socket_summary
+      #- diskio
+      - filesystem
+      - fsstat
+      #- service
diff --git a/roles/router/files/packetbeat.yml b/roles/router/files/packetbeat.yml
new file mode 100644
index 0000000000000000000000000000000000000000..90f02376d8f532032ebc123f6789ac1490234757
--- /dev/null
+++ b/roles/router/files/packetbeat.yml
@@ -0,0 +1,34 @@
+---
+output.elasticsearch:
+  hosts:
+    - https://elasticsearch.shore.co.il:443
+
+logging:
+  level: warning
+  json: true
+  to_syslog: true
+  metrics.enabled: false
+
+#processors:
+#  - add_host_metadata: ~
+
+packetbeat:
+  interfaces.device: em1
+  protocols:
+    - type: icmp
+      enabled: true
+    - type: dns
+      enabled: true
+    - type: http
+      enabled: true
+      ports:
+        - 80
+    - type: tls
+      enabled: true
+      ports:
+        - 443
+    #- type: dhcp
+    #  enabled: true
+    #  ports:
+    #    - 67
+    #    - 68
diff --git a/roles/router/handlers/main.yaml b/roles/router/handlers/main.yaml
index f5409e7eea5ad0a3c0fa8c298a65c5dd5dbccacc..c95d484d18b2d5ceb363dbd09187982c1b6ca243 100644
--- a/roles/router/handlers/main.yaml
+++ b/roles/router/handlers/main.yaml
@@ -75,3 +75,18 @@
   service:
     name: sshd
     state: restarted
+
+- name: Restart the filebeat daemon
+  service:
+    name: filebeat
+    state: restarted
+
+- name: Restart the metricbeat daemon
+  service:
+    name: metricbeat
+    state: restarted
+
+- name: Restart the packetbeat daemon
+  service:
+    name: packetbeat
+    state: restarted
diff --git a/roles/router/tasks/main.yaml b/roles/router/tasks/main.yaml
index 1305b090bf3234982900d94985a2b418893e137c..9707220c79cdf16d13b13c31f99f1b3f4a9037d4 100644
--- a/roles/router/tasks/main.yaml
+++ b/roles/router/tasks/main.yaml
@@ -491,3 +491,39 @@
   tags:
     - cron
     - mail
+
+- name: Install beats
+  loop: &beats
+    - filebeat
+    - metricbeat
+    - packetbeat
+  community.general.openbsd_pkg:
+    name: '{{ item }}'
+    state: present
+  tags:
+    - packages
+    - beats
+
+- name: Configure beats
+  loop: *beats
+  ansible.builtin.copy:
+    backup: true
+    dest: '/etc/{{ item }}/{{ item }}.yml'
+    group: wheel
+    mode: 0o0644
+    owner: root
+    src: '{{ item }}.yml'
+    validate: '{{ item }} test config -c %s'
+  notify:
+    - Restart the {{ item }} daemon
+  tags:
+    - beats
+
+- name: Enable beats
+  loop: *beats
+  service:
+    enabled: true
+    name: '{{ item }}'
+    state: started
+  tags:
+    - beats