From 838e8f6b3635dfc37c13de335de14680ec902d9d Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Tue, 26 Nov 2019 16:41:51 +0100
Subject: [PATCH] ansible-playbooks/general#92 Initial code
---
README.md | 1 +
handlers/main.yml | 19 +++
meta/main.yml | 4 +
tasks/config.yml | 12 ++
tasks/install.yml | 22 ++++
tasks/main.yml | 16 +++
templates/packetbeat.yml | 243 +++++++++++++++++++++++++++++++++++++++
7 files changed, 317 insertions(+)
create mode 100644 README.md
create mode 100644 handlers/main.yml
create mode 100644 meta/main.yml
create mode 100644 tasks/config.yml
create mode 100644 tasks/install.yml
create mode 100644 tasks/main.yml
create mode 100644 templates/packetbeat.yml
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..bbe09b5
--- /dev/null
+++ b/README.md
@@ -0,0 +1 @@
+https://www.elastic.co/guide/en/beats/packetbeat/7.4/packetbeat-getting-started.html
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..2c7d1e4
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,19 @@
+---
+# file: roles/packetbeat/handlers/main.yml
+
+- name: Add Packetbeat to Boot-List
+ systemd:
+ name: packetbeat
+ state: started
+ daemon_reload: yes
+ enabled: yes
+
+- name: Start Packetbeat
+ service:
+ name: packetbeat
+ state: started
+
+- name: Restart Packetbeat
+ service:
+ name: packetbeat
+ state: restarted
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..55ae93d
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+ - { role: kibana }
diff --git a/tasks/config.yml b/tasks/config.yml
new file mode 100644
index 0000000..f2cdd2a
--- /dev/null
+++ b/tasks/config.yml
@@ -0,0 +1,12 @@
+---
+# file: roles/packetbeat/tasks/config.yml
+
+- name: Configure packetbeat
+ template:
+ src: packetbeat.yml
+ dest: /etc/packetbeat/packetbeat.yml
+ owner: root
+ group: root
+ mode: 0600
+ notify:
+ - Restart Packetbeat
diff --git a/tasks/install.yml b/tasks/install.yml
new file mode 100644
index 0000000..1c68b60
--- /dev/null
+++ b/tasks/install.yml
@@ -0,0 +1,22 @@
+---
+# file: roles/packetbeat/tasks/install.yml
+
+- name: Apt Key
+ apt_key:
+ url: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
+ state: present
+
+- name: Apt Repository
+ apt_repository:
+ repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main'
+ state: present
+ mode: 0644
+
+- name: Install Packetbeat
+ apt:
+ pkg: packetbeat
+ state: present
+ update_cache: yes
+ notify:
+ - Add Packetbeat to Boot-List
+ - Start Packetbeat
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..64f9b40
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+# file: roles/packetbeat/tasks/main.yml
+
+- name: Packetbeat Role
+ set_fact:
+ role_packetbeat_started: yes
+ tags:
+ - always
+
+- block:
+
+ - include_tasks: install.yml
+
+ - include_tasks: config.yml
+
+ when: not excluded_roles or "packetbeat" not in excluded_roles
diff --git a/templates/packetbeat.yml b/templates/packetbeat.yml
new file mode 100644
index 0000000..c81aa79
--- /dev/null
+++ b/templates/packetbeat.yml
@@ -0,0 +1,243 @@
+#################### Packetbeat Configuration Example #########################
+
+# This file is an example configuration file highlighting only the most common
+# options. The packetbeat.reference.yml file from the same directory contains all the
+# supported options with more comments. You can use it as a reference.
+#
+# You can find the full configuration reference here:
+# https://www.elastic.co/guide/en/beats/packetbeat/index.html
+
+#============================== Network device ================================
+
+# Select the network interface to sniff the data. On Linux, you can use the
+# "any" keyword to sniff on all connected interfaces.
+packetbeat.interfaces.device: any
+
+#================================== Flows =====================================
+
+# Set `enabled: false` or comment out all options to disable flows reporting.
+packetbeat.flows:
+ # Set network flow timeout. Flow is killed if no packet is received before being
+ # timed out.
+ timeout: 30s
+
+ # Configure reporting period. If set to -1, only killed flows will be reported
+ period: 10s
+
+#========================== Transaction protocols =============================
+
+packetbeat.protocols:
+ - type: icmp
+ # Enable ICMPv4 and ICMPv6 monitoring. Default: false
+ enabled: true
+
+ - type: amqp
+ # Configure the ports where to listen for AMQP traffic. You can disable
+ # the AMQP protocol by commenting out the list of ports.
+ ports: [5672]
+
+ - type: cassandra
+ #Cassandra port for traffic monitoring.
+ ports: [9042]
+
+ - type: dhcpv4
+ # Configure the DHCP for IPv4 ports.
+ ports: [67, 68]
+
+ - type: dns
+ # Configure the ports where to listen for DNS traffic. You can disable
+ # the DNS protocol by commenting out the list of ports.
+ ports: [53]
+
+ - type: http
+ # Configure the ports where to listen for HTTP traffic. You can disable
+ # the HTTP protocol by commenting out the list of ports.
+ ports: [80, 8080, 8000, 5000, 8002]
+
+ - type: memcache
+ # Configure the ports where to listen for memcache traffic. You can disable
+ # the Memcache protocol by commenting out the list of ports.
+ ports: [11211]
+
+ - type: mysql
+ # Configure the ports where to listen for MySQL traffic. You can disable
+ # the MySQL protocol by commenting out the list of ports.
+ ports: [3306,3307]
+
+ - type: pgsql
+ # Configure the ports where to listen for Pgsql traffic. You can disable
+ # the Pgsql protocol by commenting out the list of ports.
+ ports: [5432]
+
+ - type: redis
+ # Configure the ports where to listen for Redis traffic. You can disable
+ # the Redis protocol by commenting out the list of ports.
+ ports: [6379]
+
+ - type: thrift
+ # Configure the ports where to listen for Thrift-RPC traffic. You can disable
+ # the Thrift-RPC protocol by commenting out the list of ports.
+ ports: [9090]
+
+ - type: mongodb
+ # Configure the ports where to listen for MongoDB traffic. You can disable
+ # the MongoDB protocol by commenting out the list of ports.
+ ports: [27017]
+
+ - type: nfs
+ # Configure the ports where to listen for NFS traffic. You can disable
+ # the NFS protocol by commenting out the list of ports.
+ ports: [2049]
+
+ - type: tls
+ # Configure the ports where to listen for TLS traffic. You can disable
+ # the TLS protocol by commenting out the list of ports.
+ ports:
+ - 443 # HTTPS
+ - 993 # IMAPS
+ - 995 # POP3S
+ - 5223 # XMPP over SSL
+ - 8443
+ - 8883 # Secure MQTT
+ - 9243 # Elasticsearch
+
+#==================== Elasticsearch template setting ==========================
+
+setup.template.settings:
+ index.number_of_shards: 1
+ #index.codec: best_compression
+ #_source.enabled: false
+
+#================================ General =====================================
+
+# The name of the shipper that publishes the network data. It can be used to group
+# all the transactions sent by a single shipper in the web interface.
+#name:
+
+# The tags of the shipper are included in their own field with each
+# transaction published.
+#tags: ["service-X", "web-tier"]
+
+# Optional fields that you can specify to add additional information to the
+# output.
+#fields:
+# env: staging
+
+
+#============================== Dashboards =====================================
+# These settings control loading the sample dashboards to the Kibana index. Loading
+# the dashboards is disabled by default and can be enabled either by setting the
+# options here or by using the `setup` command.
+#setup.dashboards.enabled: false
+
+# The URL from where to download the dashboards archive. By default this URL
+# has a value which is computed based on the Beat name and version. For released
+# versions, this URL points to the dashboard archive on the artifacts.elastic.co
+# website.
+#setup.dashboards.url:
+
+#============================== Kibana =====================================
+
+# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
+# This requires a Kibana endpoint configuration.
+setup.kibana:
+
+# Kibana Host
+# Scheme and port can be left out and will be set to the default (http and 5601)
+# In case you specify and additional path, the scheme is required: http://localhost:5601/path
+# IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
+#host: "localhost:5601"
+
+# Kibana Space ID
+# ID of the Kibana Space into which the dashboards should be loaded. By default,
+# the Default Space will be used.
+#space.id:
+
+#============================= Elastic Cloud ==================================
+
+# These settings simplify using Packetbeat with the Elastic Cloud (https://cloud.elastic.co/).
+
+# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
+# `setup.kibana.host` options.
+# You can find the `cloud.id` in the Elastic Cloud web UI.
+#cloud.id:
+
+# The cloud.auth setting overwrites the `output.elasticsearch.username` and
+# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
+#cloud.auth:
+
+#================================ Outputs =====================================
+
+# Configure what output to use when sending the data collected by the beat.
+
+#-------------------------- Elasticsearch output ------------------------------
+{% if 'logserver' in groups and inventory_hostname in groups.logserver %}
+output.elasticsearch:
+ # Array of hosts to connect to.
+ hosts: ["localhost:9200"]
+
+ # Optional protocol and basic auth credentials.
+ #protocol: "https"
+ username: "elastic"
+ password: "{{ elasticsearch.users.elastic|default("") }}"
+{% else %}
+#----------------------------- Logstash output --------------------------------
+output.logstash:
+ # The Logstash hosts
+ hosts: ["localhost:5044"]
+
+ # Optional SSL. By default is off.
+ # List of root certificates for HTTPS server verifications
+ #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
+
+ # Certificate for SSL client authentication
+ #ssl.certificate: "/etc/pki/client/cert.pem"
+
+ # Client Certificate Key
+ #ssl.key: "/etc/pki/client/cert.key"
+{% endif %}
+#================================ Processors =====================================
+
+# Configure processors to enhance or manipulate events generated by the beat.
+
+processors:
+ - add_host_metadata: ~
+ - add_cloud_metadata: ~
+
+ #================================ Logging =====================================
+
+ # Sets log level. The default log level is info.
+ # Available log levels are: error, warning, info, debug
+ #logging.level: debug
+
+ # At debug level, you can selectively enable logging only for some components.
+ # To enable all selectors use ["*"]. Examples of other selectors are "beat",
+ # "publish", "service".
+ #logging.selectors: ["*"]
+
+ #============================== X-Pack Monitoring ===============================
+ # packetbeat can export internal metrics to a central Elasticsearch monitoring
+ # cluster. This requires xpack monitoring to be enabled in Elasticsearch. The
+ # reporting is disabled by default.
+
+ # Set to true to enable the monitoring reporter.
+ #monitoring.enabled: false
+
+ # Sets the UUID of the Elasticsearch cluster under which monitoring data for this
+ # Packetbeat instance will appear in the Stack Monitoring UI. If output.elasticsearch
+ # is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch.
+ #monitoring.cluster_uuid:
+
+ # Uncomment to send the metrics to Elasticsearch. Most settings from the
+ # Elasticsearch output are accepted here as well.
+ # Note that the settings should point to your Elasticsearch *monitoring* cluster.
+ # Any setting that is not set is automatically inherited from the Elasticsearch
+ # output configuration, so if you have the Elasticsearch output configured such
+ # that it is pointing to your Elasticsearch monitoring cluster, you can simply
+ # uncomment the following line.
+ #monitoring.elasticsearch:
+
+ #================================= Migration ==================================
+
+ # This allows to enable 6.7 migration aliases
+ #migration.6_to_7.enabled: true
--
GitLab