Puppet Class: wazuh::filebeat

Defined in:
manifests/filebeat.pp

Overview

Wazuh App Copyright © 2019 Wazuh Inc. (License GPLv2) Setup for Filebeat

Parameters:

  • filebeat_elasticsearch_ip (Any) (defaults to: '<YOUR_ELASTICSEARCH_IP>')
  • filebeat_elasticsearch_port (Any) (defaults to: '9200')
  • elasticsearch_server_ip (Any) (defaults to: "\"${filebeat_elasticsearch_ip}:${filebeat_elasticsearch_port}\"")
  • filebeat_package (Any) (defaults to: 'filebeat')
  • filebeat_service (Any) (defaults to: 'filebeat')
  • filebeat_version (Any) (defaults to: '7.2.0')
  • wazuh_app_version (Any) (defaults to: '3.9.4_7.2.0')
  • wazuh_extensions_version (Any) (defaults to: 'v3.9.4')
  • wazuh_filebeat_module (Any) (defaults to: 'wazuh-filebeat-0.1.tar.gz') 


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'manifests/filebeat.pp', line 3

class wazuh::filebeat (
  $filebeat_elasticsearch_ip = '<YOUR_ELASTICSEARCH_IP>',
  $filebeat_elasticsearch_port = '9200',
  $elasticsearch_server_ip = "\"${filebeat_elasticsearch_ip}:${filebeat_elasticsearch_port}\"",

  $filebeat_package = 'filebeat',
  $filebeat_service = 'filebeat',
  $filebeat_version = '7.2.0',
  $wazuh_app_version = '3.9.4_7.2.0',
  $wazuh_extensions_version = 'v3.9.4',
  $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz',
){

  class {'wazuh::repo_elastic':}

  package { 'Installing Filebeat...':
    ensure => $filebeat_version,
    name   => $filebeat_package,
  }

  file { 'Configure filebeat.yml':
    owner   => 'root',
    path    => '/etc/filebeat/filebeat.yml',
    group   => 'root',
    mode    => '0644',
    notify  => Service[$filebeat_service], ## Restarts the service
    content => template('wazuh/filebeat_yml.erb'),
  }

  exec { 'Installing wazuh-template.json...':
    path    => '/usr/bin',
    command => "curl -so /etc/filebeat/wazuh-template.json 'https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json'",
    notify  => Service['filebeat']
  }

  exec { 'Installing filebeat module ... Downloading package':
    path    => '/usr/bin',
    command => "curl -o /root/${$wazuh_filebeat_module} https://packages-dev.wazuh.com/3.x/filebeat/${$wazuh_filebeat_module}",
  }

  exec { 'Unpackaging ...':
    command => '/bin/tar -xzvf /root/wazuh-filebeat-0.1.tar.gz -C /usr/share/filebeat/module',
    notify  => Service['filebeat']
  }

  file { '/usr/share/filebeat/module/wazuh':
    ensure => 'directory',
    mode   => '0755',
  }

  service { 'filebeat':
    ensure => running,
    enable => true,
  }
}