-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathfilebeat_playbook_bind9
74 lines (64 loc) · 2.15 KB
/
filebeat_playbook_bind9
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
---
- name: Provision hosts with filebeat capabilities
hosts: all
become: yes
tasks:
- name: Install all galaxy roles
shell: ansible-galaxy install elastic.beats,v7.17.0 --roles-path="/etc/ansible/roles"
# https://www.elastic.co/guide/en/beats/filebeat/8.0/elasticsearch-output.html
- name: Installing filebeat for collection
include_role:
name: elastic.beats
vars:
beat: "filebeat"
beat_conf:
# Enable the following 4 items if a custom index will be used
#setup.template.enabled: true
#setup.template.name: "daca"
#setup.template.pattern: "daca-*"
#setup.ilm.enabled: false
filebeat.inputs:
- type: filestream
enabled: true
paths:
- "/var/cache/bind/query*.log"
fields:
filename: "query*.log"
- type: filestream
enabled: true
paths:
- "/tmp/filebeat.json*"
fields:
filename: "filebeat.json*"
output_conf:
elasticsearch:
hosts: ['192.168.1.248:9200']
protocol: "http"
#index: "%{[fields.filename]}-%{+yyyy.MM.dd}"
# Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
#username: "elastic"
#password: "changeme"
# https://www.elastic.co/guide/en/beats/filebeat/8.0/file-output.html
- name: Installing filebeat for collection
include_role:
name: elastic.beats
vars:
beat: "filebeat"
beat_conf:
filebeat.inputs:
- type: filestream
enabled: true
paths:
- "/var/cache/bind/query*.log"
fields:
filename: "query*.log"
output_conf:
file:
path: "/tmp"
filename: "filebeat.json"
logging_conf:
files:
# Too small rotation can cause data-loss
rotateeverybytes: 209715200
use_repository: "true"