gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7632da1019'
${ noResults }
hetzner-ansible/templates/elastic/config/logstash/pipeline/filebeat.conf.j2

107 lines
3.5 KiB
Django/Jinja
Raw Blame History

input {
beats {
port => 5044
host => "0.0.0.0"
ecs_compatibility => "v1"
ssl => true
ssl_certificate_authorities => "/usr/share/logstash/config/certificates/ca/ca.crt"
ssl_key => "/usr/share/logstash/config/certificates/{{ logstash_certificate }}/{{ logstash_certificate }}.pkcs8.key"
ssl_certificate => "/usr/share/logstash/config/certificates/{{ logstash_certificate }}/{{ logstash_certificate }}.crt"
}
}
filter {
if [message] =~ /^{.*}$/ {
json {
source => "message"
}
if [stack_trace] {
ruby {
code => "event.set('message_full', event.get('message') + ':' + 10.chr + event.get('stack_trace'))"
}
} else {
ruby {
code => "event.set('message_full', event.get('message'))"
}
}
}
mutate {
remove_field => [ "[id]", "[agent]", "[log][file][path]", "[docker][container][labels]" ]
}
}
output {
if "audit" in [tags] {
elasticsearch {
hosts => ["https://{{ elastic_id }}:{{ service_port_elasticsearch }}"]
cacert => "/usr/share/logstash/config/certificates/ca/ca.crt"
user => "{{ elastic_admin_username }}"
password => "{{ elastic_admin_password }}"
index => "auditlog-%{+YYYY.MM}"
manage_template => false
}
}
else if [event][dataset] == "system.auth" {
elasticsearch {
hosts => ["https://{{ elastic_id }}:{{ service_port_elasticsearch }}"]
cacert => "/usr/share/logstash/config/certificates/ca/ca.crt"
user => "{{ elastic_admin_username }}"
password => "{{ elastic_admin_password }}"
index => "authlog-%{+YYYY.MM}"
manage_template => false
}
}
else if [event][dataset] == "system.syslog" {
elasticsearch {
hosts => ["https://{{ elastic_id }}:{{ service_port_elasticsearch }}"]
cacert => "/usr/share/logstash/config/certificates/ca/ca.crt"
user => "{{ elastic_admin_username }}"
password => "{{ elastic_admin_password }}"
index => "syslog-%{+YYYY.MM}"
manage_template => false
}
}
else if [container][name] and [@metadata][beat] {
elasticsearch {
hosts => ["https://{{ elastic_id }}:{{ service_port_elasticsearch }}"]
cacert => "/usr/share/logstash/config/certificates/ca/ca.crt"
user => "{{ elastic_admin_username }}"
password => "{{ elastic_admin_password }}"
index => "%{[container][name]}-%{+YYYY.MM}"
manage_template => false
}
}
else if [@metadata][beat] {
elasticsearch {
hosts => ["https://{{ elastic_id }}:{{ service_port_elasticsearch }}"]
cacert => "/usr/share/logstash/config/certificates/ca/ca.crt"
user => "{{ elastic_admin_username }}"
password => "{{ elastic_admin_password }}"
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM}"
manage_template => false
}
}
else {
elasticsearch {
hosts => ["https://{{ elastic_id }}:{{ service_port_elasticsearch }}"]
cacert => "/usr/share/logstash/config/certificates/ca/ca.crt"
user => "{{ elastic_admin_username }}"
password => "{{ elastic_admin_password }}"
index => "uncategorized-%{+YYYY.MM}"
manage_template => false
}
}
}
Reference in New Issue View Git Blame Copy Permalink