From ebe135700ed5cc462bb89939b90de7a2b9b5fe39 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sun, 16 May 2021 23:01:23 +0300
Subject: [PATCH] Beats on the OpenBSD router.
---
roles/router/files/filebeat.yml | 27 +++++++++++++++++++++++
roles/router/files/metricbeat.yml | 33 ++++++++++++++++++++++++++++
roles/router/files/packetbeat.yml | 34 +++++++++++++++++++++++++++++
roles/router/handlers/main.yaml | 15 +++++++++++++
roles/router/tasks/main.yaml | 36 +++++++++++++++++++++++++++++++
5 files changed, 145 insertions(+)
create mode 100644 roles/router/files/filebeat.yml
create mode 100644 roles/router/files/metricbeat.yml
create mode 100644 roles/router/files/packetbeat.yml
diff --git a/roles/router/files/filebeat.yml b/roles/router/files/filebeat.yml
new file mode 100644
index 0000000..fe2bf08
--- /dev/null
+++ b/roles/router/files/filebeat.yml
@@ -0,0 +1,27 @@
+---
+output.elasticsearch:
+ hosts:
+ - https://elasticsearch.shore.co.il:443
+
+logging:
+ level: warning
+ json: true
+ to_syslog: true
+ metrics.enabled: false
+
+processors:
+ - add_host_metadata: ~
+
+filebeat:
+ inputs:
+ - type: log
+ enabled: true
+ paths:
+ - /var/log/*.log
+ - /var/log/authlog
+ - /var/log/daemon
+
+ config.modules:
+ path: ${path.config}/modules.d/*.yml
+ reload:
+ enabled: false
diff --git a/roles/router/files/metricbeat.yml b/roles/router/files/metricbeat.yml
new file mode 100644
index 0000000..2306b46
--- /dev/null
+++ b/roles/router/files/metricbeat.yml
@@ -0,0 +1,33 @@
+---
+output.elasticsearch:
+ hosts:
+ - https://elasticsearch.shore.co.il:443
+
+logging:
+ level: warning
+ json: true
+ to_syslog: true
+ metrics.enabled: false
+
+#processors:
+# - add_host_metadata: ~
+
+metricbeat.config.modules:
+ path: ${path.config}/modules.d/*.yml
+ reload.enabled: false
+
+metricbeat.modules:
+ - module: system
+ metricsets:
+ - cpu
+ - load
+ - memory
+ #- network
+ #- process
+ #- process_summary
+ - uptime
+ - socket_summary
+ #- diskio
+ - filesystem
+ - fsstat
+ #- service
diff --git a/roles/router/files/packetbeat.yml b/roles/router/files/packetbeat.yml
new file mode 100644
index 0000000..90f0237
--- /dev/null
+++ b/roles/router/files/packetbeat.yml
@@ -0,0 +1,34 @@
+---
+output.elasticsearch:
+ hosts:
+ - https://elasticsearch.shore.co.il:443
+
+logging:
+ level: warning
+ json: true
+ to_syslog: true
+ metrics.enabled: false
+
+#processors:
+# - add_host_metadata: ~
+
+packetbeat:
+ interfaces.device: em1
+ protocols:
+ - type: icmp
+ enabled: true
+ - type: dns
+ enabled: true
+ - type: http
+ enabled: true
+ ports:
+ - 80
+ - type: tls
+ enabled: true
+ ports:
+ - 443
+ #- type: dhcp
+ # enabled: true
+ # ports:
+ # - 67
+ # - 68
diff --git a/roles/router/handlers/main.yaml b/roles/router/handlers/main.yaml
index f5409e7..c95d484 100644
--- a/roles/router/handlers/main.yaml
+++ b/roles/router/handlers/main.yaml
@@ -75,3 +75,18 @@
service:
name: sshd
state: restarted
+
+- name: Restart the filebeat daemon
+ service:
+ name: filebeat
+ state: restarted
+
+- name: Restart the metricbeat daemon
+ service:
+ name: metricbeat
+ state: restarted
+
+- name: Restart the packetbeat daemon
+ service:
+ name: packetbeat
+ state: restarted
diff --git a/roles/router/tasks/main.yaml b/roles/router/tasks/main.yaml
index 1305b09..9707220 100644
--- a/roles/router/tasks/main.yaml
+++ b/roles/router/tasks/main.yaml
@@ -491,3 +491,39 @@
tags:
- cron
- mail
+
+- name: Install beats
+ loop: &beats
+ - filebeat
+ - metricbeat
+ - packetbeat
+ community.general.openbsd_pkg:
+ name: '{{ item }}'
+ state: present
+ tags:
+ - packages
+ - beats
+
+- name: Configure beats
+ loop: *beats
+ ansible.builtin.copy:
+ backup: true
+ dest: '/etc/{{ item }}/{{ item }}.yml'
+ group: wheel
+ mode: 0o0644
+ owner: root
+ src: '{{ item }}.yml'
+ validate: '{{ item }} test config -c %s'
+ notify:
+ - Restart the {{ item }} daemon
+ tags:
+ - beats
+
+- name: Enable beats
+ loop: *beats
+ service:
+ enabled: true
+ name: '{{ item }}'
+ state: started
+ tags:
+ - beats
--
GitLab