Last active
April 19, 2019 20:30
-
-
Save iamhowardtheduck/3cedfdc458dd6da63f7c968952f80857 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| clear | |
| ## Set variables for easy coding | |
| # Outputs | |
| pBeatOut="sudo tee -a /etc/packetbeat/packetbeat.yml" | |
| mBeatOut="sudo tee -a /etc/metricbeat/metricbeat.yml" | |
| fBeatOut="sudo tee -a /etc/filebeat/filebeat.yml" | |
| hBeatOut="sudo tee -a /etc/heartbeat/heartbeat.yml" | |
| # Metricbeat Modules | |
| mBeatSys="sudo tee -a /etc/metricbeat/modules.d/system.yml" | |
| fBeatSys="sudo tee -a /etc/filebeat/modules.d/system.yml" | |
| ## End variables for easy coding | |
| echo "We will now begin the installation of the Elastic repo, install several Beats, and ask configuration questions." | |
| echo "" | |
| read -n 1 -s -r -p "Press any key to continue" | |
| clear | |
| echo "Import Elastic gpg key" | |
| echo "" | |
| sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch | |
| echo "Import Elastic gpg key: $(tput setaf 2)[$(tput setaf 4)OK$(tput setaf 2)]$(tput setaf 3)" | |
| $(tput setaf 7) | |
| # | |
| # | |
| # create Elastic repo | |
| echo "Creating Elastic repository" | |
| echo | |
| sudo touch /etc/yum.repos.d/elasticsearch.repo | |
| echo "[elasticsearch-7.x]" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
| echo "name=Elasticsearch repository for 7.x packages" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
| echo "baseurl=https://artifacts.elastic.co/packages/7.x/yum" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
| echo "gpgcheck=1" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
| echo "gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
| echo "enabled=1" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
| echo "autorefresh=1" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
| echo "type=rpm-md" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
| sudo yum install metricbeat heartbeat-elastic packetbeat filebeat -y | |
| sudo metricbeat modules enable system | |
| sudo filebeat modules enable system | |
| echo "" | |
| echo "The Elastic repo has been installed, as has Metricbeat, Heartbeat, Packetbeat, and Filebeat." | |
| echo "" | |
| echo "Would you like to configure Beats to feed Elastic now?" | |
| read -p "Continue (y/n)?" choice | |
| case "$choice" in | |
| y|Y ) echo "ECE Eclipse will now prompt for several items to configure Beats.";; | |
| n|N ) echo "Please come back when you are ready to continue." ; ;; | |
| * ) echo "Invalid Option";; | |
| esac | |
| read -n 1 -s -r -p "Press any key to continue" | |
| clear | |
| # | |
| # Make backups and prepare for *beat.yml creation. | |
| # | |
| echo "" | |
| echo "Output Configuration. Let's do this first, and pass it to all the Beats!" | |
| echo "" | |
| echo "Making a copy of the original '*.yml' file and renaming with the extension .bak in the same location." | |
| echo "" | |
| read -n 1 -s -r -p "Press any key to continue" | |
| echo "" | |
| sudo mv /etc/packetbeat/packetbeat.yml /etc/packetbeat/packetbeat.yml.bak | |
| sudo touch /etc/packetbeat/packetbeat.yml | |
| echo "" | |
| sudo mv /etc/metricbeat/metricbeat.yml /etc/metricbeat/metricbeat.yml.bak | |
| sudo touch /etc/metricbeat/metricbeat.yml | |
| echo "" | |
| sudo mv /etc/filebeat/filebeat.yml /etc/filebeat/filebeat.yml.bak | |
| sudo touch /etc/filebeat/filebeat.yml | |
| echo "" | |
| sudo mv /etc/heartbeat/heartbeat.yml /etc/heartbeat/heartbeat.yml.bak | |
| sudo touch /etc/heartbeat/heartbeat.yml | |
| # | |
| # There can be only one output, so Highlander rules. | |
| # | |
| # | |
| # Beats Output Config Section | |
| # | |
| main_menu () { | |
| options=( | |
| "Elastic Cloud" | |
| "Elastic Cloud Enterprise" | |
| "Elastic On-Prem" | |
| "Kafka" | |
| "Redis" | |
| "File" | |
| "Console" | |
| "Logstash" | |
| "Make like a tree, and leave. :P" | |
| ) | |
| select option in "${options[@]}"; do | |
| case $option in | |
| ${options[0]}) | |
| clear | |
| echo "Elastic Cloud" | |
| echo "" | |
| cloudID=$(dialog --title "What is your Cloud ID?" --backtitle "Cloud ID Input Section" --inputbox "Found in the Elastic Cloud UI:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| cloudAuth=$(dialog --title "What is your Cloud Auth?" --backtitle "Cloud Auth Input Section" --inputbox "Typically elastic:somePassword:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| echo "This is your Cloud ID: $cloudID" | |
| echo "This is your Cloud Auth: $cloudAuth" | |
| # PACKETBEAT | |
| echo "#============================= Elastic Cloud ==================================" | ${pBeatOut} | |
| echo "cloud.id: ${cloudID}" | ${pBeatOut} | |
| echo "cloud.auth: ${cloudAuth}" | ${pBeatOut} | |
| echo "#============================= Elastic Cloud ==================================" | ${pBeatOut} | |
| # METRICBEAT | |
| echo "#============================= Elastic Cloud ==================================" | ${mBeatOut} | |
| echo "cloud.id: ${cloudID}" | ${mBeatOut} | |
| echo "cloud.auth: ${cloudAuth}" | ${mBeatOut} | |
| echo "#============================= Elastic Cloud ==================================" | ${mBeatOut} | |
| # FILEBEAT | |
| echo "#============================= Elastic Cloud ==================================" | ${fBeatOut} | |
| echo "cloud.id: ${cloudID}" | ${fBeatOut} | |
| echo "cloud.auth: ${cloudAuth}" | ${fBeatOut} | |
| echo "#============================= Elastic Cloud ==================================" | ${fBeatOut} | |
| # HEARTBEAT | |
| echo "#============================= Elastic Cloud ==================================" | ${hBeatOut} | |
| echo "cloud.id: ${cloudID}" | ${hBeatOut} | |
| echo "cloud.auth: ${cloudAuth}" | ${hBeatOut} | |
| echo "#============================= Elastic Cloud ==================================" | ${hBeatOut} | |
| # | |
| break | |
| ;; | |
| ${options[1]}) | |
| clear | |
| echo "Elastic Cloud Enterprise" | |
| echo "" | |
| Ehosts=$(dialog --title "ECE Elastic Host (Not Kibana)" --backtitle "ECE Elastic Config Section" --inputbox "ECE Elastic Host" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| EuserName=$(dialog --title "ECE Username (typically 'elastic')" --backtitle "ECE Elastic Config Section" --inputbox "Username:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| EpassWord=$(dialog --title "ECE Cluster Password (default for 'elastic')" --backtitle "ECE Elastic Config Section" --inputbox "Password:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| Khosts=$(dialog --title "ECE Kibana Host (Not Elastic)" --backtitle "ECE Kibana Config Section" --inputbox "ECE Kibana Host" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| KuserName=$(dialog --title "ECE Cluster Username (default for 'elastic')" --backtitle "ECE Kibana Config Section" --inputbox "Password:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| KpassWord=$(dialog --title "ECE Cluster Password (default for 'elastic')" --backtitle "ECE Kibana Config Section" --inputbox "Password:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| # PACKETBEAT | |
| echo "#=============================== ECE Output ===================================" | ${pBeatOut} | |
| echo "output.elasticsearch:" | ${pBeatOut} | |
| echo " hosts: [\"${Ehosts}\"]" | ${pBeatOut} | |
| echo " username: \"${EuserName}\"" | ${pBeatOut} | |
| echo " password: \"${EpassWord}\"" | ${pBeatOut} | |
| echo " ssl.verification_mode: none" | ${pBeatOut} | |
| echo " protocol: \"https\"" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "setup.kibana:" | ${pBeatOut} | |
| echo " host: \"${Khosts}\"" | ${pBeatOut} | |
| echo " username: \"${KuserName}\"" | ${pBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${pBeatOut} | |
| echo " ssl.verification_mode: none" | ${pBeatOut} | |
| echo " protocol: \"https\"" | ${pBeatOut} | |
| echo "#=============================== ECE Output ===================================" | ${pBeatOut} | |
| # METRICBEAT | |
| echo "#=============================== ECE Output ===================================" | ${mBeatOut} | |
| echo "output.elasticsearch:" | ${mBeatOut} | |
| echo " hosts: [\"${Ehosts}\"]" | ${mBeatOut} | |
| echo " username: \"${EuserName}\"" | ${mBeatOut} | |
| echo " password: \"${EpassWord}\"" | ${mBeatOut} | |
| echo " ssl.verification_mode: none" | ${mBeatOut} | |
| echo " protocol: \"https\"" | ${mBeatOut} | |
| echo "###" |${mBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${mBeatOut} | |
| echo "###" | ${mBeatOut} | |
| echo "setup.kibana:" | ${mBeatOut} | |
| echo " host: \"${Khosts}\"" | ${mBeatOut} | |
| echo " username: \"${KuserName}\"" | ${mBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${mBeatOut} | |
| echo " ssl.verification_mode: none" | ${mBeatOut} | |
| echo " protocol: \"https\"" | ${mBeatOut} | |
| echo "#=============================== ECE Output ===================================" | ${mBeatOut} | |
| # FILEBEAT | |
| echo "#=============================== ECE Output ===================================" | ${fBeatOut} | |
| echo "output.elasticsearch:" | ${fBeatOut} | |
| echo " hosts: [\"${Ehosts}\"]" | ${fBeatOut} | |
| echo " username: \"${EuserName}\"" | ${fBeatOut} | |
| echo " password: \"${EpassWord}\"" | ${fBeatOut} | |
| echo " ssl.verification_mode: none" | ${fBeatOut} | |
| echo " protocol: \"https\"" | ${fBeatOut} | |
| echo "###" | ${fBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${fBeatOut} | |
| echo "###" | ${fBeatOut} | |
| echo "setup.kibana:" | ${fBeatOut} | |
| echo " host: \"${Khosts}\"" | ${fBeatOut} | |
| echo " username: \"${KuserName}\"" | ${fBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${fBeatOut} | |
| echo " ssl.verification_mode: none" | ${fBeatOut} | |
| echo " protocol: \"https\"" | ${fBeatOut} | |
| echo "#=============================== ECE Output ===================================" | ${fBeatOut} | |
| # HEARTBEAT | |
| echo "#=============================== ECE Output ===================================" | ${hBeatOut} | |
| echo "output.elasticsearch:" | ${hBeatOut} | |
| echo " hosts: [\"${Ehosts}\"]" | ${hBeatOut} | |
| echo " username: \"${EuserName}\"" | ${hBeatOut} | |
| echo " password: \"${EpassWord}\"" | ${hBeatOut} | |
| echo " ssl.verification_mode: none" | ${hBeatOut} | |
| echo " protocol: \"https\"" | ${hBeatOut} | |
| echo "###" | ${hBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${hBeatOut} | |
| echo "###" | ${hBeatOut} | |
| echo "setup.kibana:" | ${hBeatOut} | |
| echo " host: \"${Khosts}\"" | ${hBeatOut} | |
| echo " username: \"${KuserName}\"" | ${hBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${hBeatOut} | |
| echo " ssl.verification_mode: none" | ${hBeatOut} | |
| echo " protocol: \"https\"" | ${hBeatOut} | |
| echo "#=============================== ECE Output ===================================" | ${hBeatOut} | |
| # | |
| break | |
| ;; | |
| ${options[2]}) | |
| clear | |
| echo "Elasticsearch On-Prem" | |
| echo "" | |
| Ehosts=$(dialog --title "Elastic Host & Port (e.g. localhost:9200 OR 10.0.0.1:9200)" --backtitle "Elastic On-Prem Config Section" --inputbox "Elastic Host" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| Eproto=$(dialog --title "Elastic Protocol (http OR https)" --backtitle "Elastic On-Prem Config Section" --inputbox "Elastic Protocol:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| EuserName=$(dialog --title "Elastic Username (typically 'elastic')" --backtitle "Elastic On-Prem Config Section" --inputbox "Username:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| EpassWord=$(dialog --title "Elastic Cluster Password (default for 'elastic')" --backtitle "Elastic On-Prem Config Section" --inputbox "Password:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| Khosts=$(dialog --title "Kibana Host (e.g. localhost:5601 OR 10.0.0.1:5601)" --backtitle "Kibana On-Prem Config Section" --inputbox "Kibana Host" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| Kproto=$(dialog --title "Kibana Protocol (http OR https)" --backtitle "Kibana On-Prem Config Section" --inputbox "Kibana Protocol:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| KuserName=$(dialog --title "Kibana Username (default for 'elastic')" --backtitle "Kibana On-Prem Config Section" --inputbox "Password:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| KpassWord=$(dialog --title "Kibana Password (default for 'elastic')" --backtitle "Kibana On-Prem Config Section" --inputbox "Password:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| # PACKETBEAT | |
| echo "#=========================== Elastic On-Prem ==================================" | ${pBeatOut} | |
| echo "output.elasticsearch:" | ${pBeatOut} | |
| echo " hosts: [\"${Ehosts}\"]" | ${pBeatOut} | |
| echo " username: \"${EuserName}\"" | ${pBeatOut} | |
| echo " password: \"${EpassWord}\"" | ${pBeatOut} | |
| echo " ssl.verification_mode: none" | ${pBeatOut} | |
| echo " protocol: \"${Eproto}\"" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "setup.kibana:" | ${pBeatOut} | |
| echo " host: \"${Khosts}\"" | ${pBeatOut} | |
| echo " username: \"${KuserName}\"" | ${pBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${pBeatOut} | |
| echo " ssl.verification_mode: none" | ${pBeatOut} | |
| echo " protocol: \"${Kproto}\"" | ${pBeatOut} | |
| echo "#=========================== Elastic On-Prem ==================================" | ${pBeatOut} | |
| # METRICBEAT | |
| echo "#=========================== Elastic On-Prem ==================================" | ${mBeatOut} | |
| echo "output.elasticsearch:" | ${mBeatOut} | |
| echo " hosts: [\"${Ehosts}\"]" | ${mBeatOut} | |
| echo " username: \"${EuserName}\"" | ${mBeatOut} | |
| echo " password: \"${EpassWord}\"" | ${mBeatOut} | |
| echo " ssl.verification_mode: none" | ${mBeatOut} | |
| echo " protocol: \"${Eproto}\"" | ${mBeatOut} | |
| echo "###" |${mBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${mBeatOut} | |
| echo "###" | ${mBeatOut} | |
| echo "setup.kibana:" | ${mBeatOut} | |
| echo " host: \"${Khosts}\"" | ${mBeatOut} | |
| echo " username: \"${KuserName}\"" | ${mBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${mBeatOut} | |
| echo " ssl.verification_mode: none" | ${mBeatOut} | |
| echo " protocol: \"${Kproto}\"" | ${mBeatOut} | |
| echo "#=========================== Elastic On-Prem ==================================" | ${mBeatOut} | |
| # FILEBEAT | |
| echo "#=========================== Elastic On-Prem ==================================" | ${fBeatOut} | |
| echo "output.elasticsearch:" | ${fBeatOut} | |
| echo " hosts: [\"${Ehosts}\"]" | ${fBeatOut} | |
| echo " username: \"${EuserName}\"" | ${fBeatOut} | |
| echo " password: \"${EpassWord}\"" | ${fBeatOut} | |
| echo " ssl.verification_mode: none" | ${fBeatOut} | |
| echo " protocol: \"${Eproto}\"" | ${fBeatOut} | |
| echo "###" | ${fBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${fBeatOut} | |
| echo "###" | ${fBeatOut} | |
| echo "setup.kibana:" | ${fBeatOut} | |
| echo " host: \"${Khosts}\"" | ${fBeatOut} | |
| echo " username: \"${KuserName}\"" | ${fBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${fBeatOut} | |
| echo " ssl.verification_mode: none" | ${fBeatOut} | |
| echo " protocol: \"${Kproto}\"" | ${fBeatOut} | |
| echo "#=========================== Elastic On-Prem ==================================" | ${fBeatOut} | |
| # HEARTBEAT | |
| echo "#=========================== Elastic On-Prem ==================================" | ${hBeatOut} | |
| echo "output.elasticsearch:" | ${hBeatOut} | |
| echo " hosts: [\"${Ehosts}\"]" | ${hBeatOut} | |
| echo " username: \"${EuserName}\"" | ${hBeatOut} | |
| echo " password: \"${EpassWord}\"" | ${hBeatOut} | |
| echo " ssl.verification_mode: none" | ${hBeatOut} | |
| echo " protocol: \"${Eproto}\"" | ${hBeatOut} | |
| echo "###" | ${hBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${hBeatOut} | |
| echo "###" | ${hBeatOut} | |
| echo "setup.kibana:" | ${hBeatOut} | |
| echo " host: \"${Khosts}\"" | ${hBeatOut} | |
| echo " username: \"${KuserName}\"" | ${hBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${hBeatOut} | |
| echo " ssl.verification_mode: none" | ${hBeatOut} | |
| echo " protocol: \"${Kproto}\"" | ${hBeatOut} | |
| echo "#=========================== Elastic On-Prem ==================================" | ${hBeatOut} | |
| # | |
| break | |
| ;; | |
| ${options[3]}) | |
| clear | |
| echo "Kafka Output" | |
| echo "" | |
| Kafkahosts=$(dialog --title "Kafka Host & Port (e.g. localhost:9092)" --backtitle "Elastic Kafka Output Config Section" --inputbox "Kafka Host" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| KafkaTopic=$(dialog --title "Kafka Topic (e.g. Packetbeat)" --backtitle "Elastic Kafka Topic Config Section" --inputbox "Kafka Topic" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| KafkaClient=$(dialog --title "Kafka Client (default: beats; Used for debugging)" --backtitle "Elastic Kafka Client Config Section" --inputbox "Kafka Client" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| Khosts=$(dialog --title "Kibana Host (Not Elastic)" --backtitle "Kibana Kafka Config Section" --inputbox "Kibana Host" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| Kproto=$(dialog --title "Kibana Protocol (http OR https)" --backtitle "Kibana Kafka Config Section" --inputbox "Kibana Protocol:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| KuserName=$(dialog --title "Kibana Username (default for \'elastic\')" --backtitle "Kibana Kafka Config Section" --inputbox "Username:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| KpassWord=$(dialog --title "Kibana Password (default for \'elastic\')" --backtitle "Kibana Kafka Config Section" --inputbox "Password:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| # PACKETBEAT | |
| echo "#=========================== Elastic Kafka Output ==============================" | ${pBeatOut} | |
| echo "output.kafka:" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " hosts: [\"${Kafkahosts}\"]" | ${pBeatOut} | |
| echo " topic: \"${KafkaTopic}\"" | ${pBeatOut} | |
| echo " client_id: \"${KafkaClient}\"" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "setup.kibana:" | ${pBeatOut} | |
| echo " host: \"${Khosts}\"" | ${pBeatOut} | |
| echo " username: \"${KuserName}\"" | ${pBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${pBeatOut} | |
| echo " ssl.verification_mode: none" | ${pBeatOut} | |
| echo " protocol: \"${Kproto}\"" | ${pBeatOut} | |
| echo "#=========================== Elastic Kafka Output ==============================" | ${pBeatOut} | |
| # METRICBEAT | |
| echo "#=========================== Elastic Kafka Output ==============================" | ${mBeatOut} | |
| echo "output.kafka:" | ${mBeatOut} | |
| echo " enabled: true" | ${mBeatOut} | |
| echo " hosts: [\"${Kafkahosts}\"]" | ${mBeatOut} | |
| echo " topic: \"${KafkaTopic}\"" | ${mBeatOut} | |
| echo " client_id: \"${KafkaClient}\"" | ${mBeatOut} | |
| echo "###" | ${mBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${mBeatOut} | |
| echo "###" | ${mBeatOut} | |
| echo "setup.kibana:" | ${mBeatOut} | |
| echo " host: \"${Khosts}\"" | ${mBeatOut} | |
| echo " username: \"${KuserName}\"" | ${mBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${mBeatOut} | |
| echo " ssl.verification_mode: none" | ${mBeatOut} | |
| echo " protocol: \"${Kproto}\"" | ${mBeatOut} | |
| echo "#=========================== Elastic Kafka Output ==============================" | ${mBeatOut} | |
| # FILEBEAT | |
| echo "#=========================== Elastic Kafka Output ==============================" | ${fBeatOut} | |
| echo "output.kafka:" | ${fBeatOut} | |
| echo " enabled: true" | ${fBeatOut} | |
| echo " hosts: [\"${Kafkahosts}\"]" | ${fBeatOut} | |
| echo " topic: \"${KafkaTopic}\"" | ${fBeatOut} | |
| echo " client_id: \"${KafkaClient}\"" | ${fBeatOut} | |
| echo "###" | ${fBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${fBeatOut} | |
| echo "###" | ${fBeatOut} | |
| echo "setup.kibana:" | ${fBeatOut} | |
| echo " host: \"${Khosts}\"" | ${fBeatOut} | |
| echo " username: \"${KuserName}\"" | ${fBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${fBeatOut} | |
| echo " ssl.verification_mode: none" | ${fBeatOut} | |
| echo " protocol: \"${Kproto}\"" | ${fBeatOut} | |
| echo "#=========================== Elastic Kafka Output ==============================" | ${fBeatOut} | |
| # HEARTBEAT | |
| echo "#=========================== Elastic Kafka Output ==============================" | ${hBeatOut} | |
| echo "output.kafka:" | ${hBeatOut} | |
| echo " enabled: true" | ${hBeatOut} | |
| echo " hosts: [\"${Kafkahosts}\"]" | ${hBeatOut} | |
| echo " topic: \"${KafkaTopic}\"" | ${hBeatOut} | |
| echo " client_id: \"${KafkaClient}\"" | ${hBeatOut} | |
| echo "###" | ${hBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${hBeatOut} | |
| echo "###" | ${hBeatOut} | |
| echo "setup.kibana:" | ${hBeatOut} | |
| echo " host: \"${Khosts}\"" | ${hBeatOut} | |
| echo " username: \"${KuserName}\"" | ${hBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${hBeatOut} | |
| echo " ssl.verification_mode: none" | ${hBeatOut} | |
| echo " protocol: \"${Kproto}\"" | ${hBeatOut} | |
| echo "#=========================== Elastic Kafka Output ==============================" | ${hBeatOut} | |
| # | |
| break | |
| ;; | |
| ${options[4]}) | |
| clear | |
| echo "Redis Output" | |
| echo "" | |
| Redishosts=$(dialog --title "Redis Host & Port (e.g. localhost:6379)" --backtitle "Elastic Redis Output Config Section" --inputbox "Redis Host" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| RedisKey=$(dialog --title "Redis Key (e.g. Packetbeat)" --backtitle "Elastic Redis Key Config Section" --inputbox "Redis Key" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| Khosts=$(dialog --title "Kibana Host (Not Elastic)" --backtitle "Kibana Config Section" --inputbox "Kibana Host" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| Kproto=$(dialog --title "Kibana Protocol (http OR https)" --backtitle "Kibana Redis Config Section" --inputbox "Kibana Protocol:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| KuserName=$(dialog --title "Kibana Username (default for 'elastic')" --backtitle "Kibana Config Section" --inputbox "Username:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| KpassWord=$(dialog --title "Kibana Password (default for 'elastic')" --backtitle "Kibana Config Section" --inputbox "Password:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| # PACKETBEAT | |
| echo "#=========================== Elastic Redis Output ==============================" | ${pBeatOut} | |
| echo "output.redis:" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " hosts: [\"${Redishosts}\"]" | ${pBeatOut} | |
| echo " key: \"${RedisKey}\"" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "setup.kibana:" | ${pBeatOut} | |
| echo " host: \"${Khosts}\"" | ${pBeatOut} | |
| echo " username: \"${KuserName}\"" | ${pBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${pBeatOut} | |
| echo " ssl.verification_mode: none" | ${pBeatOut} | |
| echo " protocol: \"${kProto}\"" | ${pBeatOut} | |
| echo "#=========================== Elastic Redis Output ==============================" | ${pBeatOut} | |
| # METRICEBEAT | |
| echo "#=========================== Elastic Redis Output ==============================" | ${mBeatOut} | |
| echo "output.redis:" | ${mBeatOut} | |
| echo " enabled: true" | ${mBeatOut} | |
| echo " hosts: [\"${Redishosts}\"]" | ${mBeatOut} | |
| echo " key: \"${RedisKey}\"" | ${mBeatOut} | |
| echo "###" | ${mBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${mBeatOut} | |
| echo "###" | ${mBeatOut} | |
| echo "setup.kibana:" | ${mBeatOut} | |
| echo " host: \"${Khosts}\"" | ${mBeatOut} | |
| echo " username: \"${KuserName}\"" | ${mBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${mBeatOut} | |
| echo " ssl.verification_mode: none" | ${mBeatOut} | |
| echo " protocol: \"${kProto}\"" | ${mBeatOut} | |
| echo "#=========================== Elastic Redis Output ==============================" | ${mBeatOut} | |
| # FILEBEAT | |
| echo "#=========================== Elastic Redis Output ==============================" | ${fBeatOut} | |
| echo "output.redis:" | ${fBeatOut} | |
| echo " enabled: true" | ${fBeatOut} | |
| echo " hosts: [\"${Redishosts}\"]" | ${fBeatOut} | |
| echo " key: \"${RedisKey}\"" | ${fBeatOut} | |
| echo "###" | ${fBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${fBeatOut} | |
| echo "###" | ${fBeatOut} | |
| echo "setup.kibana:" | ${fBeatOut} | |
| echo " host: \"${Khosts}\"" | ${fBeatOut} | |
| echo " username: \"${KuserName}\"" | ${fBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${fBeatOut} | |
| echo " ssl.verification_mode: none" | ${fBeatOut} | |
| echo " protocol: \"${kProto}\"" | ${fBeatOut} | |
| echo "#=========================== Elastic Redis Output ==============================" | ${fBeatOut} | |
| # HEARTBEAT | |
| echo "#=========================== Elastic Redis Output ==============================" | ${hBeatOut} | |
| echo "output.redis:" | ${hBeatOut} | |
| echo " enabled: true" | ${hBeatOut} | |
| echo " hosts: [\"${Redishosts}\"]" | ${hBeatOut} | |
| echo " key: \"${RedisKey}\"" | ${hBeatOut} | |
| echo "###" | ${hBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${hBeatOut} | |
| echo "###" | ${hBeatOut} | |
| echo "setup.kibana:" | ${hBeatOut} | |
| echo " host: \"${Khosts}\"" | ${hBeatOut} | |
| echo " username: \"${KuserName}\"" | ${hBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${hBeatOut} | |
| echo " ssl.verification_mode: none" | ${hBeatOut} | |
| echo " protocol: \"${kProto}\"" | ${hBeatOut} | |
| echo "#=========================== Elastic Redis Output ==============================" | ${hBeatOut} | |
| # | |
| break | |
| ;; | |
| ${options[5]}) | |
| clear | |
| echo "" | |
| echo "File Output" | |
| echo "" | |
| filePath=$(dialog --title "File path to write to (e.g. /tmp/packebeat)" --backtitle "File Path Output Config Section" --inputbox "File Path" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| fileName=$(dialog --title "File name to write as (e.g. Packetbeat)" --backtitle "File Name Output Config Section" --inputbox "File Name" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| Khosts=$(dialog --title "Kibana Host (Not Elastic)" --backtitle "Kibana Config Section" --inputbox "Kibana Host" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| Kproto=$(dialog --title "Kibana Protocol (http OR https)" --backtitle "Kibana Config Section" --inputbox "Kibana Protocol:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| KuserName=$(dialog --title "Kibana Username (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Username:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| KpassWord=$(dialog --title "Kibana Password (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Password:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| # PACKETBEAT | |
| echo "#=========================== Elastic File Output ===============================" | ${pBeatOut} | |
| echo "output.file:" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " path: \"${filePath}\"" | ${pBeatOut} | |
| echo " filename: \"${fileName}\"" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "setup.kibana:" | ${pBeatOut} | |
| echo " host: \"${Khosts}\"" | ${pBeatOut} | |
| echo " username: \"${KuserName}\"" | ${pBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${pBeatOut} | |
| echo " ssl.verification_mode: none" | ${pBeatOut} | |
| echo " protocol: \"${kProto}\"" | ${pBeatOut} | |
| echo "#=========================== Elastic File Output ===============================" | ${pBeatOut} | |
| # METRICBEAT | |
| echo "#=========================== Elastic File Output ===============================" | ${mBeatOut} | |
| echo "output.file:" | ${mBeatOut} | |
| echo " enabled: true" | ${mBeatOut} | |
| echo " path: \"${filePath}\"" | ${mBeatOut} | |
| echo " filename: \"${fileName}\"" | ${mBeatOut} | |
| echo "###" | ${mBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${mBeatOut} | |
| echo "###" | ${mBeatOut} | |
| echo "setup.kibana:" | ${mBeatOut} | |
| echo " host: \"${Khosts}\"" | ${mBeatOut} | |
| echo " username: \"${KuserName}\"" | ${mBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${mBeatOut} | |
| echo " ssl.verification_mode: none" | ${mBeatOut} | |
| echo " protocol: \"${kProto}\"" | ${mBeatOut} | |
| echo "#=========================== Elastic File Output ===============================" | ${mBeatOut} | |
| # FILEBEAT | |
| echo "#=========================== Elastic File Output ===============================" | ${fBeatOut} | |
| echo "output.file:" | ${fBeatOut} | |
| echo " enabled: true" | ${fBeatOut} | |
| echo " path: \"${filePath}\"" | ${fBeatOut} | |
| echo " filename: \"${fileName}\"" | ${fBeatOut} | |
| echo "###" | ${fBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${fBeatOut} | |
| echo "###" | ${fBeatOut} | |
| echo "setup.kibana:" | ${fBeatOut} | |
| echo " host: \"${Khosts}\"" | ${fBeatOut} | |
| echo " username: \"${KuserName}\"" | ${fBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${fBeatOut} | |
| echo " ssl.verification_mode: none" | ${fBeatOut} | |
| echo " protocol: \"${kProto}\"" | ${fBeatOut} | |
| echo "#=========================== Elastic File Output ===============================" | ${fBeatOut} | |
| # HEARTBEAT | |
| echo "#=========================== Elastic File Output ===============================" | ${hBeatOut} | |
| echo "output.file:" | ${hBeatOut} | |
| echo " enabled: true" | ${hBeatOut} | |
| echo " path: \"${filePath}\"" | ${hBeatOut} | |
| echo " filename: \"${fileName}\"" | ${hBeatOut} | |
| echo "###" | ${hBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${hBeatOut} | |
| echo "###" | ${hBeatOut} | |
| echo "setup.kibana:" | ${hBeatOut} | |
| echo " host: \"${Khosts}\"" | ${hBeatOut} | |
| echo " username: \"${KuserName}\"" | ${hBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${hBeatOut} | |
| echo " ssl.verification_mode: none" | ${hBeatOut} | |
| echo " protocol: \"${kProto}\"" | ${hBeatOut} | |
| echo "#=========================== Elastic File Output ===============================" | ${hBeatOut} | |
| break | |
| ;; | |
| ${options[6]}) | |
| clear | |
| echo "" | |
| echo "Console Output" | |
| echo "" | |
| # PACKETBEAT | |
| echo "#============================== Console Output ================================" | ${pBeatOut} | |
| echo "output.console:" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo "#============================== Console Output ================================" | ${pBeatOut} | |
| # METRICBEAT | |
| echo "#============================== Console Output ================================" | ${mBeatOut} | |
| echo "output.console:" | ${mBeatOut} | |
| echo " enabled: true" | ${mBeatOut} | |
| echo "#============================== Console Output ================================" | ${mBeatOut} | |
| # FILEBEAT | |
| echo "#============================== Console Output ================================" | ${fBeatOut} | |
| echo "output.console:" | ${fBeatOut} | |
| echo " enabled: true" | ${fBeatOut} | |
| echo "#============================== Console Output ================================" | ${fBeatOut} | |
| # HEARTBEAT | |
| echo "#============================== Console Output ================================" | ${hBeatOut} | |
| echo "output.console:" | ${hBeatOut} | |
| echo " enabled: true" | ${hBeatOut} | |
| echo "#============================== Console Output ================================" | ${hBeatOut} | |
| # | |
| break | |
| ;; | |
| ${options[7]}) | |
| clear | |
| echo "" | |
| echo "Logstash Output" | |
| echo "" | |
| LogHost=$(dialog --title "Logstash Host (e.g. localhost:5044)" --backtitle "Logstash Host & Port Output Config Section" --inputbox "Logstash Host:Port:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| LogIndex=$(dialog --title "Logstash Index (e.g. packetbeat)" --backtitle "Logstash Index: packetbeat-7.0.0-YYYY.mm.dd" --input "Logstash Index Name (must be ALL lowercase):" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| Khosts=$(dialog --title "Kibana Host (Not Elastic)" --backtitle "Kibana Config Section" --inputbox "Kibana Host" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| Kproto=$(dialog --title "Kibana Protocol (http OR https)" --backtitle "Kibana Config Section" --inputbox "Kibana Protocol:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| KuserName=$(dialog --title "Kibana Username (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Username:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| KpassWord=$(dialog --title "Kibana Password (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Password:" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| # PACKETBEAT | |
| echo "#============================== Logstash Output ===============================" | ${pBeatOut} | |
| echo "output.logstash:" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " hosts: [\"${LogHost}\"]" | ${pBeatOut} | |
| echo " index: ${LogIndex}" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "setup.kibana:" | ${pBeatOut} | |
| echo " host: \"${Khosts}\"" | ${pBeatOut} | |
| echo " username: \"${KuserName}\"" | ${pBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${pBeatOut} | |
| echo " ssl.verification_mode: none" | ${pBeatOut} | |
| echo " protocol: \"${kProto}\"" | ${pBeatOut} | |
| echo "#============================== Logstash Output ===============================" | ${pBeatOut} | |
| # METRICBEAT | |
| echo "#============================== Logstash Output ===============================" | ${mBeatOut} | |
| echo "output.logstash:" | ${mBeatOut} | |
| echo " enabled: true" | ${mBeatOut} | |
| echo " hosts: [\"${LogHost}\"]" | ${mBeatOut} | |
| echo " index: ${LogIndex}" | ${mBeatOut} | |
| echo "###" | ${mBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${mBeatOut} | |
| echo "###" | ${mBeatOut} | |
| echo "setup.kibana:" | ${mBeatOut} | |
| echo " host: \"${Khosts}\"" | ${mBeatOut} | |
| echo " username: \"${KuserName}\"" | ${mBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${mBeatOut} | |
| echo " ssl.verification_mode: none" | ${mBeatOut} | |
| echo " protocol: \"${kProto}\"" | ${mBeatOut} | |
| echo "#============================== Logstash Output ===============================" | ${mBeatOut} | |
| # FILEBEAT | |
| echo "#============================== Logstash Output ===============================" | ${fBeatOut} | |
| echo "output.logstash:" | ${fBeatOut} | |
| echo " enabled: true" | ${fBeatOut} | |
| echo " hosts: [\"${LogHost}\"]" | ${fBeatOut} | |
| echo " index: ${LogIndex}" | ${fBeatOut} | |
| echo "###" | ${fBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${fBeatOut} | |
| echo "###" | ${fBeatOut} | |
| echo "setup.kibana:" | ${fBeatOut} | |
| echo " host: \"${Khosts}\"" | ${fBeatOut} | |
| echo " username: \"${KuserName}\"" | ${fBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${fBeatOut} | |
| echo " ssl.verification_mode: none" | ${fBeatOut} | |
| echo " protocol: \"${kProto}\"" | ${fBeatOut} | |
| echo "#============================== Logstash Output ===============================" | ${fBeatOut} | |
| # HEARTBEAT | |
| echo "#============================== Logstash Output ===============================" | ${hBeatOut} | |
| echo "output.logstash:" | ${hBeatOut} | |
| echo " enabled: true" | ${hBeatOut} | |
| echo " hosts: [\"${LogHost}\"]" | ${hBeatOut} | |
| echo " index: ${LogIndex}" | ${hBeatOut} | |
| echo "###" | ${hBeatOut} | |
| echo "# Kibana Config Sub-Section" | ${hBeatOut} | |
| echo "###" | ${hBeatOut} | |
| echo "setup.kibana:" | ${hBeatOut} | |
| echo " host: \"${Khosts}\"" | ${hBeatOut} | |
| echo " username: \"${KuserName}\"" | ${hBeatOut} | |
| echo " password: \"${KpassWord}\"" | ${hBeatOut} | |
| echo " ssl.verification_mode: none" | ${hBeatOut} | |
| echo " protocol: \"${kProto}\"" | ${hBeatOut} | |
| echo "#============================== Logstash Output ===============================" | ${hBeatOut} | |
| # | |
| break | |
| ;; | |
| ${options[8]}) | |
| exit | |
| ;; | |
| *) | |
| echo invalid option | |
| ;; | |
| esac | |
| done | |
| } | |
| main_menu | |
| # | |
| # BEATS CONFIG SECTION | |
| # | |
| beats_menu () { | |
| options=( | |
| "All Beats - Defaults Enabled" | |
| "Packetbeat" | |
| "Metricbeat" | |
| "Filebeat" | |
| "Heartbeat" | |
| "Make like a tree, and leave." | |
| ) | |
| select option in "${options[@]}"; do | |
| case $option in | |
| ${options[0]}) | |
| clear | |
| echo "" | |
| echo "All Beats" | |
| echo "" | |
| # PACKETBEAT | |
| echo "###" | ${pBeatOut} | |
| echo "# INTERFACE CONFIG SECTION" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "packetbeat.interfaces.device: any" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "packetbeat.interfaces.type: af_packet" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "packetbeat.interfaces.snaplen: 65535" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "packetbeat.interfaces.buffer_size_mb: 30" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "packetbeat.interfaces.with_vlans: true" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# FLOW CONFIG SECTION" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "packetbeat.flows:" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " timeout: 30s" | ${pBeatOut} | |
| echo " period: 30s" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# PROTOCOL CONFIG SECTION" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "packetbeat.protocols:" | ${pBeatOut} | |
| echo "- type: icmp" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: amqp" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [5672]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: cassandra" | ${pBeatOut} | |
| echo " ports: [9042]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: dhcpv4" | ${pBeatOut} | |
| echo " ports: [67, 68]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: dns" | ${pBeatOut} | |
| echo " ports: [53]" | ${pBeatOut} | |
| echo " include_authorities: true" | ${pBeatOut} | |
| echo " include_additionals: true" | ${pBeatOut} | |
| echo " send_request: true" | ${pBeatOut} | |
| echo " send_response: true" | ${pBeatOut} | |
| echo " transaction_timeout: 10s" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: http" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [80, 8080, 8000, 5000, 8002]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: memcache" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [11211]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: mysql" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [3306]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: pgsql" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [5432]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: redis" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [6379]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: thrift" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [9090]" | ${pBeatOut} | |
| echo " capture_reply: true" | ${pBeatOut} | |
| echo " transaction_timeout: 10s" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: mongodb" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [27017]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: nfs" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [2049]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: tls" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [443]" | ${pBeatOut} | |
| echo " send_certificates: true" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# MONITORED PROCESSES SECTION" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "packetbeat.procs:" | ${pBeatOut} | |
| echo " enabled: false" | ${pBeatOut} | |
| echo " monitored:" | ${pBeatOut} | |
| echo " - process: mysqld" | ${pBeatOut} | |
| echo " cmdline_grep: mysqld" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo " - process: pgsql" | ${pBeatOut} | |
| echo " cmdline_grep: postgres" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo " - process: nginx" | ${pBeatOut} | |
| echo " cmdline_grep: nginx" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo " - process: app" | ${pBeatOut} | |
| echo " cmdline_grep: gunicorn" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "packetbeat.ignore_outgoing: false" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# GENERAL SETTINGS SECTION" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "#name: Auto-defined by hostname" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "#tags: [\"Takes-Make-It\", \"Easy-To-Group-Servers\"]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "queue:" | ${pBeatOut} | |
| echo " mem:" | ${pBeatOut} | |
| echo " events: 9996" | ${pBeatOut} | |
| echo " flush.min_events: 2048" | ${pBeatOut} | |
| echo " flush.timeout: 1s" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "# Sets the maximum number of CPUs that can be executing simultaneously. The default is the number of logical CPUs available in the system." | ${pBeatOut} | |
| echo "#max_procs:" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# PROCESSORS SECTION" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# PLEASE RETURN AFTER REVIEWING ONBOARDED DATA TO MANUALLY CONFIGURE" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "#processors:" | ${pBeatOut} | |
| echo "#- drop_event:" | ${pBeatOut} | |
| echo "# when:" | ${pBeatOut} | |
| echo "# equals:" | ${pBeatOut} | |
| echo "# http.code: 200" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "#- rename:" | ${pBeatOut} | |
| echo "# fields:" | ${pBeatOut} | |
| echo "# - from: \"a\"" | ${pBeatOut} | |
| echo "# to: \"b\"" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "#- dissect:" | ${pBeatOut} | |
| echo "# tokenizer: \"%{key1} - %{key2}\"" | ${pBeatOut} | |
| echo "# field: \"message\"" | ${pBeatOut} | |
| echo "# target_prefix: \"dissect\"" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "# The following example enriches each event with metadata from the cloud" | ${pBeatOut} | |
| echo "# provider about the host machine. It works on EC2, GCE, DigitalOcean," | ${pBeatOut} | |
| echo "# Tencent Cloud, and Alibaba Cloud. Please come back after confirming" | ${pBeatOut} | |
| echo "# which cloud provider you will be leveraging." | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "#- add_cloud_metadata: ~" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "# The following example enriches each event with the machine\'s local time zone" | ${pBeatOut} | |
| echo "# offset from UTC." | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "#- add_locale:" | ${pBeatOut} | |
| echo "# format: offset" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "# The following example enriches each event with docker metadata, it matches" | ${pBeatOut} | |
| echo "# container id from log path available in \`source\` field (by default it expects" | ${pBeatOut} | |
| echo "# it to be /var/lib/docker/containers/*/*.log)." | ${pBeatOut} | |
| echo "#" | ${pBeatOut} | |
| echo "#processors:" | ${pBeatOut} | |
| echo "#- add_docker_metadata: ~" | ${pBeatOut} | |
| echo "#" | ${pBeatOut} | |
| echo "# The following example enriches each event with host metadata." | ${pBeatOut} | |
| echo "#" | ${pBeatOut} | |
| echo "#processors:" | ${pBeatOut} | |
| echo "#- add_host_metadata:" | ${pBeatOut} | |
| echo "# netinfo.enabled: false" | ${pBeatOut} | |
| echo "#" | ${pBeatOut} | |
| echo "# The following example enriches each event with process metadata using" | ${pBeatOut} | |
| echo "# process IDs included in the event." | ${pBeatOut} | |
| echo "#" | ${pBeatOut} | |
| echo "#processors:" | ${pBeatOut} | |
| echo "#- add_process_metadata:" | ${pBeatOut} | |
| echo "# match_pids: [\"system.process.ppid\"]" | ${pBeatOut} | |
| echo "# target: system.process.parent" | ${pBeatOut} | |
| echo "#" | ${pBeatOut} | |
| echo "# The following example decodes fields containing JSON strings" | ${pBeatOut} | |
| echo "# and replaces the strings with valid JSON objects." | ${pBeatOut} | |
| echo "#" | ${pBeatOut} | |
| echo "#processors:" | ${pBeatOut} | |
| echo "#- decode_json_fields:" | ${pBeatOut} | |
| echo "# fields: [\"field1\", \"field2\", ...]" | ${pBeatOut} | |
| echo "# process_array: false" | ${pBeatOut} | |
| echo "# max_depth: 1" | ${pBeatOut} | |
| echo "# target: \"\"" | ${pBeatOut} | |
| echo "# overwrite_keys: false" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# LOGGING SECTION" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "logging.level: info # Available log levels are: error, warning, info, debug" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "# Send all logging output to syslog. The default is false." | ${pBeatOut} | |
| echo "#logging.to_syslog: false" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "# Send all logging output to Windows Event Logs. The default is false." | ${pBeatOut} | |
| echo "#logging.to_eventlog: false" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "# Set to true to log messages in json format." | ${pBeatOut} | |
| echo "#logging.json: false" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| # METRICBEAT | |
| echo "#========================== Modules configuration ============================" | ${mBeatOut} | |
| echo "metricbeat.config.modules:" | ${mBeatOut} | |
| echo " path: /etc/metricbeat/modules.d/*.yml" | ${mBeatOut} | |
| echo " reload.period: 10s" | ${mBeatOut} | |
| echo " reload.enabled: false" | ${mBeatOut} | |
| echo "#========================== Modules configuration ============================" | ${mBeatOut} | |
| echo "" | ${mBeatOut} | |
| echo "#==================== Elasticsearch template setting ==========================" | ${mBeatOut} | |
| echo "setup.template.settings:" | ${mBeatOut} | |
| echo " index.number_of_shards: 1" | ${mBeatOut} | |
| echo " index.codec: best_compression" | ${mBeatOut} | |
| echo "#==================== Elasticsearch template setting ==========================" | ${mBeatOut} | |
| echo "" | ${mBeatOut} | |
| echo "#================================ Processors =====================================" | ${mBeatOut} | |
| echo "processors:" | ${mBeatOut} | |
| echo " - add_host_metadata: ~" | ${mBeatOut} | |
| echo " - add_cloud_metadata: ~" | ${mBeatOut} | |
| echo "#================================ Processors =====================================" | ${mBeatOut} | |
| echo "" | ${mBeatOut} | |
| echo "#================================ Logging =====================================" | ${mBeatOut} | |
| echo "logging.level: debug" | ${mBeatOut} | |
| echo "#================================ Logging =====================================" | ${mBeatOut} | |
| echo "" | ${mBeatOut} | |
| echo "#============================== Xpack Monitoring ===============================" | ${mBeatOut} | |
| echo "#xpack.monitoring.enabled: false" | ${mBeatOut} | |
| echo "#xpack.monitoring.elasticsearch:" | ${mBeatOut} | |
| echo "#============================== Xpack Monitoring ===============================" | ${mBeatOut} | |
| sudo metricbeat modules enable system | |
| sudo mv /etc/metricbeat/modules.d/system.yml /etc/metricbeat/modules.d/system.yml.bak | |
| sudo touch /etc/metricbeat/modules.d/system.yml | |
| echo "- module: system" | ${mBeatSys} | |
| echo " period: 10s" | ${mBeatSys} | |
| echo " metricsets:" | ${mBeatSys} | |
| echo " - cpu" | ${mBeatSys} | |
| echo " - load" | ${mBeatSys} | |
| echo " - memory" | ${mBeatSys} | |
| echo " - network" | ${mBeatSys} | |
| echo " - process" | ${mBeatSys} | |
| echo " - process_summary" | ${mBeatSys} | |
| echo " - socket_summary" | ${mBeatSys} | |
| echo " - core" | ${mBeatSys} | |
| echo " - diskio" | ${mBeatSys} | |
| echo " - socket" | ${mBeatSys} | |
| echo " process.include_top_n:" | ${mBeatSys} | |
| echo " by_cpu: 5 # include top 5 processes by CPU" | ${mBeatSys} | |
| echo " by_memory: 5 # include top 5 processes by memory" | ${mBeatSys} | |
| echo "" | ${mBeatSys} | |
| echo "- module: system" | ${mBeatSys} | |
| echo " period: 1m" | ${mBeatSys} | |
| echo " metricsets:" | ${mBeatSys} | |
| echo " - filesystem" | ${mBeatSys} | |
| echo " - fsstat" | ${mBeatSys} | |
| echo " processors:" | ${mBeatSys} | |
| echo " - drop_event.when.regexp:" | ${mBeatSys} | |
| echo " system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)'" | ${mBeatSys} | |
| echo "" | ${mBeatSys} | |
| echo "- module: system" | ${mBeatSys} | |
| echo " period: 15m" | ${mBeatSys} | |
| echo " metricsets:" | ${mBeatSys} | |
| echo " - uptime" | ${mBeatSys} | |
| # FILEBEAT | |
| syslogProto=$(dialog --title "Syslog Protocol (udp OR tcp)" --backtitle "Syslog Config Section" --inputbox "Syslog Protocol (udp OR tcp):" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| syslogHost=$(dialog --title "Syslog Host (localhost OR 192.168.0.1)" --backtitle "Syslog Config Section" --inputbox "Syslog Host (localhost OR 192.168.0.1):" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| syslogPort=$(dialog --title "Syslog Port (Must not conflict with existing used port)" --backtitle "Syslog Config Section" --inputbox "Syslog Port (Must not conflict with existing used port):" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| #netflowPort=$(dialog --title "Netflow Port (Must not conflict with existing used port)" --backtitle "Netflow Config Section" --inputbox "Netflow Port (Must not conflict with existing used port):" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| echo "#=========================== Filebeat inputs =============================" | ${fBeatOut} | |
| echo "filebeat.inputs:" | ${fBeatOut} | |
| echo "" | ${fBeatOut} | |
| echo "#------------------------------ Log input --------------------------------" | ${fBeatOut} | |
| echo "- type: log" | ${fBeatOut} | |
| echo " enabled: true" | ${fBeatOut} | |
| echo " paths:" | ${fBeatOut} | |
| echo " - /var/log/*.log" | ${fBeatOut} | |
| echo "" | ${fBeatOut} | |
| echo "#------------------------------ Syslog input --------------------------------" | ${fBeatOut} | |
| echo "- type: syslog" | ${fBeatOut} | |
| echo " protocol.${syslogProto}:" | ${fBeatOut} | |
| echo " host: \"${syslogHost}:${syslogPort}\"" | ${fBeatOut} | |
| echo "" | ${fBeatOut} | |
| echo "#------------------------------ NetFlow input --------------------------------" | ${fBeatOut} | |
| echo "#- type: netflow" | ${fBeatOut} | |
| echo "# host: \"${netflowHost}:${netflowPort}\"" | ${fBeatOut} | |
| echo "# protocols: [ v5, v9, ipfix ]" | ${fBeatOut} | |
| echo "" | ${fBeatOut} | |
| echo "#=========================== Filebeat inputs =============================" | ${fBeatOut} | |
| echo "" | ${fBeatOut} | |
| echo "#================================ Logging ===============================" | ${fBeatOut} | |
| echo "logging.level: debug" | ${fBeatOut} | |
| echo "#================================ Logging ===============================" | ${fBeatOut} | |
| echo "" | ${fBeatOut} | |
| echo "#==================== Elasticsearch template setting ========================" | ${fBeatOut} | |
| echo "setup.template.settings:" | ${fBeatOut} | |
| echo " index.number_of_shards: 1" | ${fBeatOut} | |
| echo " index.codec: best_compression" | ${fBeatOut} | |
| echo "#==================== Elasticsearch template setting ========================" | ${fBeatOut} | |
| sudo filebeat modules enable system | |
| sudo mv /etc/filebeat/modules.d/system.yml /etc/filebeat/modules.d/system.yml.bak | |
| echo "- module: system" | ${fBeatSys} | |
| echo " syslog:" | ${fBeatSys} | |
| echo " enabled: true" | ${fBeatSys} | |
| echo " var.paths: [\"/var/log/messages\"]" | ${fBeatSys} | |
| echo "" | ${fBeatSys} | |
| echo " # Authorization logs" | ${fBeatSys} | |
| echo " auth:" | ${fBeatSys} | |
| echo " enabled: true" | ${fBeatSys} | |
| echo " var.paths: [\"/var/log/secure\"]" | ${fBeatSys} | |
| # HEARTBEAT | |
| iHeartHTTP=$(dialog --title "What is the website you wish to check? (e.g. google.com OR google.com:443)" --backtitle "Heartbeat HTTP Config Section" --inputbox "What is the website you wish to check? (e.g. google.com OR google.com:443):" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| iHeartPING=$(dialog --title "What is the website OR IP you wish to check? (e.g. google.com OR 10.0.0.1)" --backtitle "Heartbeat PING Config Section" --inputbox "What is the website OR IP you wish to check? (e.g. google.com OR 10.0.0.1):" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| echo "############################# Heartbeat ######################################" | ${hBeatOut} | |
| echo "heartbeat.config.monitors:" | ${hBeatOut} | |
| echo " path: /etc/heartbeat/heartbeat.yml" | ${hBeatOut} | |
| echo "heartbeat.monitors:" | ${hBeatOut} | |
| echo "- type: http" | ${hBeatOut} | |
| echo " urls: [\"http://${iHeartHTTP}\"]" | ${hBeatOut} | |
| echo " ipv4: true" | ${hBeatOut} | |
| echo " ipv6: true" | ${hBeatOut} | |
| echo " mode: any" | ${hBeatOut} | |
| echo "" | ${hBeatOut} | |
| echo "- type: icmp" | ${hBeatOut} | |
| echo " enabled: true" | ${hBeatOut} | |
| echo " schedule: '*/5 * * * * * *' " | ${hBeatOut} | |
| echo " hosts: [\"${iHeartPING}\"]" | ${hBeatOut} | |
| echo " ipv4: true" | ${hBeatOut} | |
| echo " ipv6: true" | ${hBeatOut} | |
| echo " mode: any" | ${hBeatOut} | |
| echo " timeout: 16s" | ${hBeatOut} | |
| echo " wait: 1s" | ${hBeatOut} | |
| echo "" | ${hBeatOut} | |
| echo "#==================== Elasticsearch template setting ==========================" | ${hBeatOut} | |
| echo "" | ${hBeatOut} | |
| echo "setup.template.settings:" | ${hBeatOut} | |
| echo " index.number_of_shards: 1" | ${hBeatOut} | |
| echo " index.codec: best_compression" | ${hBeatOut} | |
| echo "" | ${hBeatOut} | |
| echo "#================================ Processors ===============================" | ${hBeatOut} | |
| echo "" | ${hBeatOut} | |
| echo "processors:" | ${hBeatOut} | |
| echo " - add_host_metadata: ~" | ${hBeatOut} | |
| echo " - add_cloud_metadata: ~" | ${hBeatOut} | |
| echo "" | ${hBeatOut} | |
| echo "#================================ Logging ==================================" | ${hBeatOut} | |
| echo "logging.level: debug" | ${hBeatOut} | |
| break | |
| ;; | |
| ${options[1]}) | |
| clear | |
| echo "Packetbeat" | |
| echo "###" | ${pBeatOut} | |
| echo "# INTERFACE CONFIG SECTION" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "packetbeat.interfaces.device: any" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "packetbeat.interfaces.type: af_packet" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "packetbeat.interfaces.snaplen: 65535" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "packetbeat.interfaces.buffer_size_mb: 30" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "packetbeat.interfaces.with_vlans: true" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# FLOW CONFIG SECTION" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "packetbeat.flows:" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " timeout: 30s" | ${pBeatOut} | |
| echo " period: 30s" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# PROTOCOL CONFIG SECTION" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "packetbeat.protocols:" | ${pBeatOut} | |
| echo "- type: icmp" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: amqp" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [5672]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: cassandra" | ${pBeatOut} | |
| echo " ports: [9042]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: dhcpv4" | ${pBeatOut} | |
| echo " ports: [67, 68]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: dns" | ${pBeatOut} | |
| echo " ports: [53]" | ${pBeatOut} | |
| echo " include_authorities: true" | ${pBeatOut} | |
| echo " include_additionals: true" | ${pBeatOut} | |
| echo " send_request: true" | ${pBeatOut} | |
| echo " send_response: true" | ${pBeatOut} | |
| echo " transaction_timeout: 10s" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: http" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [80, 8080, 8000, 5000, 8002]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: memcache" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [11211]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: mysql" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [3306]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: pgsql" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [5432]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: redis" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [6379]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: thrift" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [9090]" | ${pBeatOut} | |
| echo " capture_reply: true" | ${pBeatOut} | |
| echo " transaction_timeout: 10s" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: mongodb" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [27017]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: nfs" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [2049]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "- type: tls" | ${pBeatOut} | |
| echo " enabled: true" | ${pBeatOut} | |
| echo " ports: [443]" | ${pBeatOut} | |
| echo " send_certificates: true" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# MONITORED PROCESSES SECTION" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "packetbeat.procs:" | ${pBeatOut} | |
| echo " enabled: false" | ${pBeatOut} | |
| echo " monitored:" | ${pBeatOut} | |
| echo " - process: mysqld" | ${pBeatOut} | |
| echo " cmdline_grep: mysqld" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo " - process: pgsql" | ${pBeatOut} | |
| echo " cmdline_grep: postgres" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo " - process: nginx" | ${pBeatOut} | |
| echo " cmdline_grep: nginx" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo " - process: app" | ${pBeatOut} | |
| echo " cmdline_grep: gunicorn" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "packetbeat.ignore_outgoing: false" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# GENERAL SETTINGS SECTION" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "#name: Auto-defined by hostname" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "#tags: [\"Takes-Make-It", "Easy-To-Group-Servers\"]" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "queue:" | ${pBeatOut} | |
| echo " mem:" | ${pBeatOut} | |
| echo " events: 9996" | ${pBeatOut} | |
| echo " flush.min_events: 2048" | ${pBeatOut} | |
| echo " flush.timeout: 1s" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "# Sets the maximum number of CPUs that can be executing simultaneously. The default is the number of logical CPUs available in the system." | ${pBeatOut} | |
| echo "#max_procs:" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# PROCESSORS SECTION" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# PLEASE RETURN AFTER REVIEWING ONBOARDED DATA TO MANUALLY CONFIGURE" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "#processors:" | ${pBeatOut} | |
| echo "#- drop_event:" | ${pBeatOut} | |
| echo "# when:" | ${pBeatOut} | |
| echo "# equals:" | ${pBeatOut} | |
| echo "# http.code: 200" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "#- rename:" | ${pBeatOut} | |
| echo "# fields:" | ${pBeatOut} | |
| echo "# - from: \"a\"" | ${pBeatOut} | |
| echo "# to: \"b\"" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "#- dissect:" | ${pBeatOut} | |
| echo "# tokenizer: \"%{key1} - %{key2}\"" | ${pBeatOut} | |
| echo "# field: \"message\"" | ${pBeatOut} | |
| echo "# target_prefix: \"dissect\"" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "# The following example enriches each event with metadata from the cloud" | ${pBeatOut} | |
| echo "# provider about the host machine. It works on EC2, GCE, DigitalOcean," | ${pBeatOut} | |
| echo "# Tencent Cloud, and Alibaba Cloud. Please come back after confirming" | ${pBeatOut} | |
| echo "# which cloud provider you will be leveraging." | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "#- add_cloud_metadata: ~" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "# The following example enriches each event with the machine\'s local time zone" | ${pBeatOut} | |
| echo "# offset from UTC." | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "#- add_locale:" | ${pBeatOut} | |
| echo "# format: offset" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "# The following example enriches each event with docker metadata, it matches" | ${pBeatOut} | |
| echo "# container id from log path available in \`source\` field (by default it expects" | ${pBeatOut} | |
| echo "# it to be /var/lib/docker/containers/*/*.log)." | ${pBeatOut} | |
| echo "#" | ${pBeatOut} | |
| echo "#processors:" | ${pBeatOut} | |
| echo "#- add_docker_metadata: ~" | ${pBeatOut} | |
| echo "#" | ${pBeatOut} | |
| echo "# The following example enriches each event with host metadata." | ${pBeatOut} | |
| echo "#" | ${pBeatOut} | |
| echo "#processors:" | ${pBeatOut} | |
| echo "#- add_host_metadata:" | ${pBeatOut} | |
| echo "# netinfo.enabled: false" | ${pBeatOut} | |
| echo "#" | ${pBeatOut} | |
| echo "# The following example enriches each event with process metadata using" | ${pBeatOut} | |
| echo "# process IDs included in the event." | ${pBeatOut} | |
| echo "#" | ${pBeatOut} | |
| echo "#processors:" | ${pBeatOut} | |
| echo "#- add_process_metadata:" | ${pBeatOut} | |
| echo "# match_pids: [\"system.process.ppid\"]" | ${pBeatOut} | |
| echo "# target: system.process.parent" | ${pBeatOut} | |
| echo "#" | ${pBeatOut} | |
| echo "# The following example decodes fields containing JSON strings" | ${pBeatOut} | |
| echo "# and replaces the strings with valid JSON objects." | ${pBeatOut} | |
| echo "#" | ${pBeatOut} | |
| echo "#processors:" | ${pBeatOut} | |
| echo "#- decode_json_fields:" | ${pBeatOut} | |
| echo "# fields: [\"field1\", \"field2\", ...]" | ${pBeatOut} | |
| echo "# process_array: false" | ${pBeatOut} | |
| echo "# max_depth: 1" | ${pBeatOut} | |
| echo "# target: \"\"" | ${pBeatOut} | |
| echo "# overwrite_keys: false" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "# LOGGING SECTION" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| echo "logging.level: info # Available log levels are: error, warning, info, debug" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "# Send all logging output to syslog. The default is false." | ${pBeatOut} | |
| echo "#logging.to_syslog: false" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "# Send all logging output to Windows Event Logs. The default is false." | ${pBeatOut} | |
| echo "#logging.to_eventlog: false" | ${pBeatOut} | |
| echo "" | ${pBeatOut} | |
| echo "# Set to true to log messages in json format." | ${pBeatOut} | |
| echo "#logging.json: false" | ${pBeatOut} | |
| echo "###" | ${pBeatOut} | |
| break | |
| ;; | |
| ${options[2]}) | |
| clear | |
| echo "Metricbeat" | |
| echo "#========================== Modules configuration ============================" | ${mBeatOut} | |
| echo "metricbeat.config.modules:" | ${mBeatOut} | |
| echo " path: /etc/metricbeat/modules.d/*.yml" | ${mBeatOut} | |
| echo " reload.period: 10s" | ${mBeatOut} | |
| echo " reload.enabled: false" | ${mBeatOut} | |
| echo "#========================== Modules configuration ============================" | ${mBeatOut} | |
| echo "" | ${mBeatOut} | |
| echo "#==================== Elasticsearch template setting ==========================" | ${mBeatOut} | |
| echo "setup.template.settings:" | ${mBeatOut} | |
| echo " index.number_of_shards: 1" | ${mBeatOut} | |
| echo " index.codec: best_compression" | ${mBeatOut} | |
| echo "#==================== Elasticsearch template setting ==========================" | ${mBeatOut} | |
| echo "" | ${mBeatOut} | |
| echo "#================================ Processors =====================================" | ${mBeatOut} | |
| echo "processors:" | ${mBeatOut} | |
| echo " - add_host_metadata: ~" | ${mBeatOut} | |
| echo " - add_cloud_metadata: ~" | ${mBeatOut} | |
| echo "#================================ Processors =====================================" | ${mBeatOut} | |
| echo "" | ${mBeatOut} | |
| echo "#================================ Logging =====================================" | ${mBeatOut} | |
| echo "logging.level: debug" | ${mBeatOut} | |
| echo "#================================ Logging =====================================" | ${mBeatOut} | |
| echo "" | ${mBeatOut} | |
| echo "#============================== Xpack Monitoring ===============================" | ${mBeatOut} | |
| echo "#xpack.monitoring.enabled: false" | ${mBeatOut} | |
| echo "#xpack.monitoring.elasticsearch:" | ${mBeatOut} | |
| echo "#============================== Xpack Monitoring ===============================" | ${mBeatOut} | |
| sudo mv /etc/metricbeat/modules.d/system.yml /etc/metricbeat/modules.d/system.yml.bak | |
| sudo touch /etc/metricbeat/modules.d/system.yml | |
| echo "- module: system" | ${mBeatSys} | |
| echo " period: 10s" | ${mBeatSys} | |
| echo " metricsets:" | ${mBeatSys} | |
| echo " - cpu" | ${mBeatSys} | |
| echo " - load" | ${mBeatSys} | |
| echo " - memory" | ${mBeatSys} | |
| echo " - network" | ${mBeatSys} | |
| echo " - process" | ${mBeatSys} | |
| echo " - process_summary" | ${mBeatSys} | |
| echo " - socket_summary" | ${mBeatSys} | |
| echo " - core" | ${mBeatSys} | |
| echo " - diskio" | ${mBeatSys} | |
| echo " - socket" | ${mBeatSys} | |
| echo " process.include_top_n:" | ${mBeatSys} | |
| echo " by_cpu: 5 # include top 5 processes by CPU" | ${mBeatSys} | |
| echo " by_memory: 5 # include top 5 processes by memory" | ${mBeatSys} | |
| echo "" | ${mBeatSys} | |
| echo "- module: system" | ${mBeatSys} | |
| echo " period: 1m" | ${mBeatSys} | |
| echo " metricsets:" | ${mBeatSys} | |
| echo " - filesystem" | ${mBeatSys} | |
| echo " - fsstat" | ${mBeatSys} | |
| echo " processors:" | ${mBeatSys} | |
| echo " - drop_event.when.regexp:" | ${mBeatSys} | |
| echo " system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)'" | ${mBeatSys} | |
| echo "" | ${mBeatSys} | |
| echo "- module: system" | ${mBeatSys} | |
| echo " period: 15m" | ${mBeatSys} | |
| echo " metricsets:" | ${mBeatSys} | |
| echo " - uptime" | ${mBeatSys} | |
| break | |
| ;; | |
| ${options[3]}) | |
| clear | |
| echo "Filebeat" | |
| syslogProto=$(dialog --title "Syslog Protocol (udp OR tcp)" --backtitle "Syslog Config Section" --inputbox "Syslog Protocol (udp OR tcp):" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| syslogHost=$(dialog --title "Syslog Host (localhost OR 192.168.0.1)" --backtitle "Syslog Config Section" --inputbox "Syslog Host (localhost OR 192.168.0.1):" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| syslogPort=$(dialog --title "Syslog Port (Must not conflict with existing used port)" --backtitle "Syslog Config Section" --inputbox "Syslog Port (Must not conflict with existing used port):" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| #netflowPort=$(dialog --title "Netflow Port (Must not conflict with existing used port)" --backtitle "Netflow Config Section" --inputbox "Netflow Port (Must not conflict with existing used port):" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| echo "#=========================== Filebeat inputs =============================" | ${fBeatOut} | |
| echo "filebeat.inputs:" | ${fBeatOut} | |
| echo "" | ${fBeatOut} | |
| echo "#------------------------------ Log input --------------------------------" | ${fBeatOut} | |
| echo "- type: log" | ${fBeatOut} | |
| echo " enabled: true" | ${fBeatOut} | |
| echo " paths:" | ${fBeatOut} | |
| echo " - /var/log/*.log" | ${fBeatOut} | |
| echo "" | ${fBeatOut} | |
| echo "#------------------------------ Syslog input --------------------------------" | ${fBeatOut} | |
| echo "- type: syslog" | ${fBeatOut} | |
| echo " protocol.${syslogProto}:" | ${fBeatOut} | |
| echo " host: \"${syslogHost}:${syslogPort}\"" | ${fBeatOut} | |
| echo "" | ${fBeatOut} | |
| echo "#------------------------------ NetFlow input --------------------------------" | ${fBeatOut} | |
| echo "#- type: netflow" | ${fBeatOut} | |
| echo "# host: \"${netflowHost}:${netflowPort}\"" | ${fBeatOut} | |
| echo "# protocols: [ v5, v9, ipfix ]" | ${fBeatOut} | |
| echo "" | ${fBeatOut} | |
| echo "#=========================== Filebeat inputs =============================" | ${fBeatOut} | |
| echo "" | ${fBeatOut} | |
| echo "#================================ Logging ===============================" | ${fBeatOut} | |
| echo "logging.level: info" | ${fBeatOut} | |
| echo "#================================ Logging ===============================" | ${fBeatOut} | |
| echo "" | ${fBeatOut} | |
| echo "#==================== Elasticsearch template setting ========================" | ${fBeatOut} | |
| echo "setup.template.settings:" | ${fBeatOut} | |
| echo " index.number_of_shards: 1" | ${fBeatOut} | |
| echo " index.codec: best_compression" | ${fBeatOut} | |
| echo "#==================== Elasticsearch template setting ========================" | ${fBeatOut} | |
| break | |
| ;; | |
| ${options[4]}) | |
| clear | |
| echo "Hearteat" | |
| iHeartHTTP=$(dialog --title "What is the website you wish to check? (e.g. google.com OR google.com:443)" --backtitle "Heartbeat HTTP Config Section" --inputbox "What is the website you wish to check? (e.g. google.com OR google.com:443):" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| iHeartPING=$(dialog --title "What is the website OR IP you wish to check? (e.g. google.com OR 10.0.0.1)" --backtitle "Heartbeat PING Config Section" --inputbox "What is the website OR IP you wish to check? (e.g. google.com OR 10.0.0.1):" 8 99 3>&1 1>&2 2>&3 3>&- ) | |
| echo "############################# Heartbeat ######################################" | ${hBeatOut} | |
| echo "heartbeat.config.monitors:" | ${hBeatOut} | |
| echo " path: /etc/heartbeat/heartbeat.yml" | ${hBeatOut} | |
| echo "heartbeat.monitors:" | ${hBeatOut} | |
| echo "- type: http" | ${hBeatOut} | |
| echo " urls: [\"http://${iHeartHTTP}\"]" | ${hBeatOut} | |
| echo " ipv4: true" | ${hBeatOut} | |
| echo " ipv6: true" | ${hBeatOut} | |
| echo " mode: any" | ${hBeatOut} | |
| echo "" | ${hBeatOut} | |
| echo "- type: icmp" | ${hBeatOut} | |
| echo " enabled: true" | ${hBeatOut} | |
| echo " schedule: '*/5 * * * * * *' " | ${hBeatOut} | |
| echo " hosts: [\"${iHeartPING}\"]" | ${hBeatOut} | |
| echo " ipv4: true" | ${hBeatOut} | |
| echo " ipv6: true" | ${hBeatOut} | |
| echo " mode: any" | ${hBeatOut} | |
| echo " timeout: 16s" | ${hBeatOut} | |
| echo " wait: 1s" | ${hBeatOut} | |
| echo "" | ${hBeatOut} | |
| echo "#==================== Elasticsearch template setting ==========================" | ${hBeatOut} | |
| echo "" | ${hBeatOut} | |
| echo "setup.template.settings:" | ${hBeatOut} | |
| echo " index.number_of_shards: 1" | ${hBeatOut} | |
| echo " index.codec: best_compression" | ${hBeatOut} | |
| echo "" | ${hBeatOut} | |
| echo "#================================ Processors ===============================" | ${hBeatOut} | |
| echo "" | ${hBeatOut} | |
| echo "processors:" | ${hBeatOut} | |
| echo " - add_host_metadata: ~" | ${hBeatOut} | |
| echo " - add_cloud_metadata: ~" | ${hBeatOut} | |
| echo "" | ${hBeatOut} | |
| echo "#================================ Logging ==================================" | ${hBeatOut} | |
| echo "logging.level: debug" | ${hBeatOut} | |
| break | |
| ;; | |
| ${options[5]}) | |
| clear | |
| echo "Make like a tree, and leave." | |
| exit | |
| ;; | |
| *) | |
| echo invalid option | |
| ;; | |
| esac | |
| done | |
| } | |
| beats_menu | |
| clear | |
| echo "" | |
| echo "Now is the time to setup, start, and enable at boot our Beats" | |
| echo "" | |
| read -n 1 -s -r -p "Press any key to continue" | |
| clear | |
| ignition_menu () { | |
| options=( | |
| "All Beats" | |
| "Packetbeat Only" | |
| "Metricbeat Only" | |
| "Filebeat Only" | |
| "Heartbeat Only" | |
| "Make like a tree, and leave." | |
| ) | |
| select option in "${options[@]}"; do | |
| case $option in | |
| ${options[0]}) | |
| clear | |
| sudo packetbeat setup && sudo service packetbeat start && sudo systemctl enable packetbeat | |
| sudo metricbeat setup && sudo service packetbeat start && sudo systemctl enable metricbeat | |
| sudo filebeat setup && sudo service filebeat start && sudo systemctl enable filebeat | |
| sudo heartbeat setup && sudo service heartbeat-elastic start && sudo systemctl enable heartbeat-elastic | |
| break | |
| ;; | |
| ${options[1]}) | |
| clear | |
| sudo packetbeat setup && sudo service packetbeat start && sudo systemctl enable packetbeat | |
| break | |
| ;; | |
| ${options[2]}) | |
| clear | |
| sudo metricbeat setup && sudo service packetbeat start && sudo systemctl enable metricbeatclear | |
| break | |
| ;; | |
| ${options[3]}) | |
| clear | |
| sudo filebeat setup && sudo service filebeat start && sudo systemctl enable filebeat | |
| break | |
| ;; | |
| ${options[4]}) | |
| clear | |
| sudo heartbeat setup && sudo service heartbeat-elastic start && sudo systemctl enable heartbeat-elastic | |
| break | |
| ;; | |
| ${options[5]}) | |
| clear | |
| echo "Make like a tree, and leave." | |
| exit | |
| ;; | |
| *) | |
| echo invalid option | |
| ;; | |
| esac | |
| done | |
| } | |
| ignition_menu |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment