Added IPTables module support to Filebeat config

The IPtables module is currently absent in the filebeat config, meaning that IPtables log data cannot be parsed into fields by filebeat. This commit adds the appropriate configuration section to allow this to be optionally enabled and configured with other iptables logfile locations. The module is disabled by default, as filebeat will crash if the appropriate log files are not found. Change-Id: Ibd44234fd736d70e9e0bd5c4c6cab45f907c6d3c
2020-02-26 12:22:36 +00:00 · 2020-02-26 12:22:36 +00:00 · 3551abc257
commit 3551abc257
parent 1ba435f78e
2 changed files with 16 additions and 0 deletions
--- a/elk_metrics_7x/roles/elastic_filebeat/defaults/main.yml
+++ b/elk_metrics_7x/roles/elastic_filebeat/defaults/main.yml
@ -300,3 +300,9 @@ processors: {}
 # Logging level
 # Available log levels are error, warning, info, debug
 filebeat_log_level: "{{ elastic_beat_log_level | default('info') }}"
+
+# Enable IPtables logging module
+filebeat_iptables_enabled: false
+# The following allows one to specify log files in non-standard locations,
+# defaulting to log collection in syslog
+filebeat_iptables_log_paths: ["var/log/syslog"]
--- a/elk_metrics_7x/roles/elastic_filebeat/templates/filebeat.yml.j2
+++ b/elk_metrics_7x/roles/elastic_filebeat/templates/filebeat.yml.j2
@ -209,6 +209,16 @@ filebeat.modules:
    # can be added under this section.
    #input:

+#------------------------------ IP Tables Module ------------------------------
+{% if (filebeat_iptables_enabled | bool) %}
+- module: iptables
+  # Syslog
+  log:
+    enabled: "true"
+    var.input: "file"
+    var.paths: {{ filebeat_iptables_log_paths | to_json }}
+{% endif %}
+
 #-------------------------------- Kafka Module --------------------------------
 #- module: kafka
  # All logs