From 3551abc25789c01d57fe675427e9f4fb9316db94 Mon Sep 17 00:00:00 2001 From: Duncan Walker Date: Wed, 26 Feb 2020 12:22:36 +0000 Subject: [PATCH] Added IPTables module support to Filebeat config The IPtables module is currently absent in the filebeat config, meaning that IPtables log data cannot be parsed into fields by filebeat. This commit adds the appropriate configuration section to allow this to be optionally enabled and configured with other iptables logfile locations. The module is disabled by default, as filebeat will crash if the appropriate log files are not found. Change-Id: Ibd44234fd736d70e9e0bd5c4c6cab45f907c6d3c --- .../roles/elastic_filebeat/defaults/main.yml | 6 ++++++ .../roles/elastic_filebeat/templates/filebeat.yml.j2 | 10 ++++++++++ 2 files changed, 16 insertions(+) diff --git a/elk_metrics_7x/roles/elastic_filebeat/defaults/main.yml b/elk_metrics_7x/roles/elastic_filebeat/defaults/main.yml index 019b4c34..dc71109f 100644 --- a/elk_metrics_7x/roles/elastic_filebeat/defaults/main.yml +++ b/elk_metrics_7x/roles/elastic_filebeat/defaults/main.yml @@ -300,3 +300,9 @@ processors: {} # Logging level # Available log levels are error, warning, info, debug filebeat_log_level: "{{ elastic_beat_log_level | default('info') }}" + +# Enable IPtables logging module +filebeat_iptables_enabled: false +# The following allows one to specify log files in non-standard locations, +# defaulting to log collection in syslog +filebeat_iptables_log_paths: ["var/log/syslog"] diff --git a/elk_metrics_7x/roles/elastic_filebeat/templates/filebeat.yml.j2 b/elk_metrics_7x/roles/elastic_filebeat/templates/filebeat.yml.j2 index be689d5e..5811b40e 100644 --- a/elk_metrics_7x/roles/elastic_filebeat/templates/filebeat.yml.j2 +++ b/elk_metrics_7x/roles/elastic_filebeat/templates/filebeat.yml.j2 @@ -209,6 +209,16 @@ filebeat.modules: # can be added under this section. #input: +#------------------------------ IP Tables Module ------------------------------ +{% if (filebeat_iptables_enabled | bool) %} +- module: iptables + # Syslog + log: + enabled: "true" + var.input: "file" + var.paths: {{ filebeat_iptables_log_paths | to_json }} +{% endif %} + #-------------------------------- Kafka Module -------------------------------- #- module: kafka # All logs