diff options
Diffstat (limited to 'roles/packetbeat')
| -rw-r--r-- | roles/packetbeat/README.md | 3 | ||||
| -rw-r--r-- | roles/packetbeat/handlers/main.yml | 7 | ||||
| -rw-r--r-- | roles/packetbeat/meta/main.yml | 5 | ||||
| -rw-r--r-- | roles/packetbeat/tasks/main.yml | 27 | ||||
| -rw-r--r-- | roles/packetbeat/templates/packetbeat.yml.j2 | 212 | ||||
| -rw-r--r-- | roles/packetbeat/vars/main/vars.yml | 6 | ||||
| -rw-r--r-- | roles/packetbeat/vars/main/vault.yml | 8 |
7 files changed, 0 insertions, 268 deletions
diff --git a/roles/packetbeat/README.md b/roles/packetbeat/README.md deleted file mode 100644 index 14d54ae..0000000 --- a/roles/packetbeat/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Role "packetbeat" - -The packetbeat role installs and configures the packetbeat reporting agent. diff --git a/roles/packetbeat/handlers/main.yml b/roles/packetbeat/handlers/main.yml deleted file mode 100644 index 596958d..0000000 --- a/roles/packetbeat/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: restart packetbeat - service: - name: packetbeat - state: restarted - tags: - - role::packetbeat diff --git a/roles/packetbeat/meta/main.yml b/roles/packetbeat/meta/main.yml deleted file mode 100644 index 0e42a9a..0000000 --- a/roles/packetbeat/meta/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -dependencies: - - role: elasticsearch-repos - tags: - - role::packetbeat diff --git a/roles/packetbeat/tasks/main.yml b/roles/packetbeat/tasks/main.yml deleted file mode 100644 index d68ff00..0000000 --- a/roles/packetbeat/tasks/main.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Install Packetbeat - apt: - pkg: packetbeat - state: present - tags: - - role::packetbeat - -- name: Configure Packetbeat - template: - src: packetbeat.yml.j2 - dest: /etc/packetbeat/packetbeat.yml - mode: 0644 - owner: root - group: root - tags: - - role::packetbeat - notify: - - restart packetbeat - -- name: Start and enable Packetbeat - service: - name: packetbeat - state: started - enabled: true - tags: - - role::packetbeat diff --git a/roles/packetbeat/templates/packetbeat.yml.j2 b/roles/packetbeat/templates/packetbeat.yml.j2 deleted file mode 100644 index 441d8bd..0000000 --- a/roles/packetbeat/templates/packetbeat.yml.j2 +++ /dev/null @@ -1,212 +0,0 @@ -# You can find the full configuration reference here: -# https://www.elastic.co/guide/en/beats/packetbeat/index.html - -# =============================== Network device =============================== - -# Select the network interface to sniff the data. On Linux, you can use the -# "any" keyword to sniff on all connected interfaces. -packetbeat.interfaces.device: any - -# The network CIDR blocks that are considered "internal" networks for -# the purpose of network perimeter boundary classification. The valid -# values for internal_networks are the same as those that can be used -# with processor network conditions. -# -# For a list of available values see: -# https://www.elastic.co/guide/en/beats/packetbeat/current/defining-processors.html#condition-network -packetbeat.interfaces.internal_networks: - - private - -# =================================== Flows ==================================== - -# Set `enabled: false` or comment out all options to disable flows reporting. -packetbeat.flows: - # Set network flow timeout. Flow is killed if no packet is received before being - # timed out. - timeout: 30s - - # Configure reporting period. If set to -1, only killed flows will be reported - period: 10s - -# =========================== Transaction protocols ============================ - -packetbeat.protocols: -- type: icmp - # Enable ICMPv4 and ICMPv6 monitoring. The default is true. - enabled: true - -- type: amqp - # Configure the ports where to listen for AMQP traffic. You can disable - # the AMQP protocol by commenting out the list of ports. - ports: [5672] - -- type: cassandra - # Configure the ports where to listen for Cassandra traffic. You can disable - # the Cassandra protocol by commenting out the list of ports. - ports: [9042] - -- type: dhcpv4 - # Configure the DHCP for IPv4 ports. - ports: [67, 68] - -- type: dns - # Configure the ports where to listen for DNS traffic. You can disable - # the DNS protocol by commenting out the list of ports. - ports: [53] - -- type: http - # Configure the ports where to listen for HTTP traffic. You can disable - # the HTTP protocol by commenting out the list of ports. - ports: [80, 8080, 8000, 5000, 8002] - -- type: memcache - # Configure the ports where to listen for memcache traffic. You can disable - # the Memcache protocol by commenting out the list of ports. - ports: [11211] - -- type: mysql - # Configure the ports where to listen for MySQL traffic. You can disable - # the MySQL protocol by commenting out the list of ports. - ports: [3306,3307] - -- type: pgsql - # Configure the ports where to listen for Pgsql traffic. You can disable - # the Pgsql protocol by commenting out the list of ports. - ports: [5432] - -- type: redis - # Configure the ports where to listen for Redis traffic. You can disable - # the Redis protocol by commenting out the list of ports. - ports: [6379] - -- type: thrift - # Configure the ports where to listen for Thrift-RPC traffic. You can disable - # the Thrift-RPC protocol by commenting out the list of ports. - ports: [9090] - -- type: mongodb - # Configure the ports where to listen for MongoDB traffic. You can disable - # the MongoDB protocol by commenting out the list of ports. - ports: [27017] - -- type: nfs - # Configure the ports where to listen for NFS traffic. You can disable - # the NFS protocol by commenting out the list of ports. - ports: [2049] - -- type: tls - # Configure the ports where to listen for TLS traffic. You can disable - # the TLS protocol by commenting out the list of ports. - ports: - - 443 # HTTPS - - 993 # IMAPS - - 995 # POP3S - - 5223 # XMPP over SSL - - 8443 - - 8883 # Secure MQTT - - 9243 # Elasticsearch - -- type: sip - # Configure the ports where to listen for SIP traffic. You can disable - # the SIP protocol by commenting out the list of ports. - ports: [5060] - -# ======================= Elasticsearch template setting ======================= - -setup.template.settings: - index.number_of_shards: 1 - #index.codec: best_compression - #_source.enabled: false - -# ================================== General =================================== - -# The name of the shipper that publishes the network data. It can be used to group -# all the transactions sent by a single shipper in the web interface. -#name: - -# A list of tags to include in every event. In the default configuration file -# the forwarded tag causes Packetbeat to not add any host fields. If you are -# monitoring a network tap or mirror port then add the forwarded tag. -#tags: [forwarded] - -# Optional fields that you can specify to add additional information to the -# output. -#fields: -# env: staging - -# ================================= Dashboards ================================= -# These settings control loading the sample dashboards to the Kibana index. Loading -# the dashboards is disabled by default and can be enabled either by setting the -# options here or by using the `setup` command. -#setup.dashboards.enabled: false - -# The URL from where to download the dashboards archive. By default this URL -# has a value which is computed based on the Beat name and version. For released -# versions, this URL points to the dashboard archive on the artifacts.elastic.co -# website. -#setup.dashboards.url: - -# =================================== Kibana =================================== - -# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. -# This requires a Kibana endpoint configuration. -setup.kibana: - - # Kibana Host - # Scheme and port can be left out and will be set to the default (http and 5601) - # In case you specify and additional path, the scheme is required: http://localhost:5601/path - # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601 - #host: "localhost:5601" - - # Kibana Space ID - # ID of the Kibana Space into which the dashboards should be loaded. By default, - # the Default Space will be used. - #space.id: - -# =============================== Elastic Cloud ================================ - -# These settings simplify using Packetbeat with the Elastic Cloud (https://cloud.elastic.co/). - -# The cloud.id setting overwrites the `output.elasticsearch.hosts` and -# `setup.kibana.host` options. -# You can find the `cloud.id` in the Elastic Cloud web UI. -#cloud.id: - -# The cloud.auth setting overwrites the `output.elasticsearch.username` and -# `output.elasticsearch.password` settings. The format is `<user>:<pass>`. -#cloud.auth: - -# ================================== Outputs =================================== - -# Configure what output to use when sending the data collected by the beat. - -# ---------------------------- Elasticsearch Output ---------------------------- - -output.elasticsearch: - # Array of hosts to connect to. - hosts: ["{{ packetbeat_elasticsearch_host }}"] - - protocol: "https" - username: "{{ packetbeat_elastic_username }}" - password: "{{ packetbeat_elastic_password}}" - - ssl: - enabled: true - ca_trusted_fingerprint: "{{ packetbeat_elastic_fingerprint }}" - -processors: - - # Add forwarded to tags when processing data from a network tap or mirror. - if.contains.tags: forwarded - then: - - drop_fields: - fields: [host] - else: - - add_host_metadata: ~ - - add_cloud_metadata: ~ - - add_docker_metadata: ~ - - detect_mime_type: - field: http.request.body.content - target: http.request.mime_type - - detect_mime_type: - field: http.response.body.content - target: http.response.mime_type diff --git a/roles/packetbeat/vars/main/vars.yml b/roles/packetbeat/vars/main/vars.yml deleted file mode 100644 index cad0514..0000000 --- a/roles/packetbeat/vars/main/vars.yml +++ /dev/null @@ -1,6 +0,0 @@ -packetbeat_elasticsearch_host: "10.5.0.0:9200" - -packetbeat_elastic_username: "pydis" -packetbeat_elastic_password: "{{ encrypted_packetbeat_elastic_password }}" -packetbeat_elastic_fingerprint: >- - e75cfe8591cb5d30ce31f9a094053f4e0090ebd057a120ac9dcbbf5754fb5a73 diff --git a/roles/packetbeat/vars/main/vault.yml b/roles/packetbeat/vars/main/vault.yml deleted file mode 100644 index ca476d4..0000000 --- a/roles/packetbeat/vars/main/vault.yml +++ /dev/null @@ -1,8 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -61666235353637366266353437636237373538656435393466653566653432616631336662363638 -3033373166663265663334373739633238326336323539310a333262366432643161633935316135 -35353331666138613231313764366132393935303866383739663861333839373231636261646436 -3164313239633863300a343335383637366164643939376639663433336633616237623663366566 -39646433623065353537306562303363333162333061613130653361313835373930346461663961 -34646664333166653063626335616536396562393534386134643930373965303834633039333635 -616233636263623239323431643230656435 |