Skip to content

Instantly share code, notes, and snippets.

@iamhowardtheduck

iamhowardtheduck/ECE-Eclipse-RC.sh

Last active April 16, 2019 02:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save iamhowardtheduck/e331e3b5e80190216a30f4bddc22f44f to your computer and use it in GitHub Desktop.
Save iamhowardtheduck/e331e3b5e80190216a30f4bddc22f44f to your computer and use it in GitHub Desktop.
Download ZIP
ECE Eclipse - Rolling Build, Release Candidate, Testing, NOT FOR PRODUCTION
Raw
ECE-Eclipse-RC.sh
sudo yum install dialog -y
cmd=(dialog --radiolist "ECE: Eclipse Installation" 22 95 16)
options=(1 "Prepare system for ECE install, then reboot." off # any option can be set to default to "on"
2 "Install ECE, download all available versions, & create an Elastic cluster." off
3 "Configure the Elasticsearch repository, download, install, and configure Beats." off
4 "Make like a tree, and leave." off)
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
clear
for choice in $choices
do
case $choice in
1) clear
echo "Welcome to the ECE Auto-Install Script PART 1."
echo ""
echo "DO NOT RUN THIS AS ROOT, BUT AS A USER WITH ROOT RIGHTS"
echo ""
echo "IT WILL FAIL IF YOU RUN AS ROOT, SO DO NOT DO IT!"
echo ""
echo "This is designed to be run on a minimal server install of CentOS 7 AFTER 'yum update' has been run and the system was rebooted."
echo ""
echo "Once done, your system will reboot; once it does start PART 2."
read -n 1 -s -r -p "Press any key to continue"
sudo yum install wget -y
sudo /sbin/grubby --update-kernel=ALL --args='cgroup_enable=memory cgroup.memory=nokmem swapaccount=1'
echo "overlay" | sudo tee -a /etc/modules-load.d/overlay.conf
sudo grub2-set-default 0
sudo grub2-mkconfig -o /etc/grub2.cfg
sudo touch /etc/yum.repos.d/docker.repo
echo "[dockerrepo]" | sudo tee -a /etc/yum.repos.d/docker.repo
echo "name=Docker Repository" | sudo tee -a /etc/yum.repos.d/docker.repo
echo "baseurl=https://download.docker.com/linux/centos/7/x86_64/stable" | sudo tee -a /etc/yum.repos.d/docker.repo
echo "enabled=1" | sudo tee -a /etc/yum.repos.d/docker.repo
echo "gpgcheck=1" | sudo tee -a /etc/yum.repos.d/docker.repo
echo "gpgkey=https://download.docker.com/linux/centos/gpg" | sudo tee -a /etc/yum.repos.d/docker.repo
sudo yum makecache fast -y
sudo yum install docker-ce-18.09.2* -y
sudo systemctl stop docker
echo "vm.max_map_count=262144" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.ip_forward = 1" | sudo tee -a /etc/sysctl.conf
sudo install -o $USER -g $USER -d -m 700 /mnt/data
sudo install -o $USER -g $USER -d -m 700 /mnt/data/docker
sudo systemctl disable firewalld
sudo mkdir -p /etc/systemd/system/docker.service.d
sudo touch /etc/systemd/system/docker.service.d/docker.conf
echo "[Unit]" | sudo tee -a /etc/systemd/system/docker.service.d/docker.conf
echo "Description=Docker Service" | sudo tee -a /etc/systemd/system/docker.service.d/docker.conf
echo "After=multi-user.target" | sudo tee -a /etc/systemd/system/docker.service.d/docker.conf
echo "" | sudo tee -a /etc/systemd/system/docker.service.d/docker.conf
echo "[Service]" | sudo tee -a /etc/systemd/system/docker.service.d/docker.conf
echo "ExecStart=" | sudo tee -a /etc/systemd/system/docker.service.d/docker.conf
echo "ExecStart=/usr/bin/dockerd --data-root /mnt/data/docker --storage-driver=overlay --bip=172.17.42.1/16" | sudo tee -a /etc/systemd/system/docker.service.d/docker.conf
sudo systemctl daemon-reload
sudo systemctl restart docker
sudo systemctl enable docker
sudo usermod -aG docker $USER
sudo touch /etc/sysctl.d/70-cloudenterprise.conf
echo "net.ipv4.tcp_max_syn_backlog=65536" | sudo tee -a /etc/sysctl.d/70-cloudenterprise.conf
echo "net.core.somaxconn=32768" | sudo tee -a /etc/sysctl.d/70-cloudenterprise.conf
echo "net.core.netdev_max_backlog=32768" | sudo tee -a /etc/sysctl.d/70-cloudenterprise.conf
echo "exclude=docker-ce" | sudo tee -a /etc/yum.conf
echo ""
echo ""
echo ""
clear
echo "The system now requires a reboot. Please re-run the script and selection option 2."
echo ""
echo ""
read -n 1 -s -r -p "Press any key to reboot now."
sudo reboot now
;;
2) clear
echo "Welcome to the ECE Auto-Install Script PART 2."
echo ""
echo "DO NOT RUN THIS AS ROOT, BUT AS A USER WITH ROOT RIGHTS"
echo ""
echo "IT WILL FAIL IF YOU RUN AS ROOT, SO DO NOT DO IT!"
echo ""
echo "This is designed to be run on a minimal server install of CentOS 7 AFTER 'yum update' & ECE Install Part 1 has been run."
echo ""
read -n 1 -s -r -p "Press any key to continue"
clear
sudo docker info | grep Root
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) install
adminPassword=$(grep -oP '(?<=adminconsole_root_password":")[^"]*' /mnt/data/elastic/bootstrap-state/bootstrap-secrets.json)
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.7.1 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.7.0 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.5.4 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.5.3 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.5.2 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.5.1 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.5.0 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.4.3 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.4.2 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.4.1 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.4.0 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.3.2 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.3.1 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.3.0 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.2.4 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.2.3 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.2.2 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.1.4 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.1.3 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.14 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.13 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.12 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.11 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.10 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.9 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.8 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.7 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.6 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.5 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.4 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.3 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.2 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.1 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.5.3 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.5.2 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.5.1 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.5.0 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.4.3 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.4.2 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.4.1 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.4.0 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 2.4.6 --user admin --pass ${adminPassword}
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 2.4.5 --user admin --pass ${adminPassword}
clear
echo ""
echo ""
echo "What is the IP address of this system?"
read myIP
clear
echo ""
echo ""
echo ""
echo "Beginning ECE Eclipse cluster deployment"
echo ""
EclipseUser=$(whoami)
curl -k -X POST -u admin:${adminPassword} https://${myIP}:12443/api/v1/clusters/elasticsearch -H 'content-type: application/json' -d '{
"cluster_name" : "ECE Eclipse",
"plan" : {
"elasticsearch" : {
"version" : "6.7.1"
},
"cluster_topology" : [
{
"memory_per_node" : 8192,
"node_count_per_zone" : 1,
"node_type" : {
"data" : true,
"ingest" : true,
"master" : true,
"ml" : true
},
"zone_count" : 1
}
]
}
}' >> /home/${EclipseUser}/Deployment.txt
sudo touch /home/${EclipseUser}/kibanaConfig.json
ECID=$(grep -oP '(?<=elasticsearch_cluster_id": ")[^"]*' /home/${EclipseUser}/Deployment.txt)
echo "{" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json
echo "\"elasticsearch_cluster_id\": \"${ECID}\","| sudo tee -a /home/${EclipseUser}/kibanaConfig.json
echo "\"plan\": {" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json
echo " \"kibana\": {}," | sudo tee -a /home/${EclipseUser}/kibanaConfig.json
echo " \"cluster_topology\": [" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json
echo " {" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json
echo " \"instance_configuration_id\": \"kibana\"," | sudo tee -a /home/${EclipseUser}/kibanaConfig.json
echo " \"zone_count\": 1," | sudo tee -a /home/${EclipseUser}/kibanaConfig.json
echo " \"size\": {" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json
echo " \"resource\": \"memory\"," | sudo tee -a /home/${EclipseUser}/kibanaConfig.json
echo " \"value\": 2048" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json
echo " }" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json
echo " }" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json
echo " ]" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json
echo " }" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json
echo "}" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json
curl -k -X POST -u admin:${adminPassword} https://${myIP}:12443/api/v1/clusters/kibana -H 'content-type: application/json' -d @/home/${EclipseUser}/kibanaConfig.json
clear
echo ""
echo ""
echo ""
echo "Moving bootstrap-secrets.json to ${EclipseUser}'s home folder."
sudo cp /mnt/data/elastic/bootstrap-state/bootstrap-secrets.json /home/${EclipseUser}
sudo chmod 777 /home/${EclipseUser}/bootstrap-secrets.json
echo ""
echo "Your ECE login username will be \"admin\" and the password is \"${adminPassword}\"."
echo ""
echo ""
pWord=$(grep -oP '(?<=password": ")[^"]*' /home/${EclipseUser}/Deployment.txt)
echo "Your ECE Eclipse login username will be \"elastic\" and the password is \"${pWord}\"."
echo ""
echo "You can access ECE via https://${myIP}:12443"
echo ""
echo "These credentials will be located at /home/${EclipseUser}/Summary.txt."
echo ""
echo "Please store these in a secure location."
sudo touch /home/${EclipseUser}/Summary.txt
echo "Access ECE here: https://${myIP}:12443" | sudo tee -a /home/${EclipseUser}/Summary.txt
echo "" | sudo tee -a /home/${EclipseUser}/Summary.txt
echo "" | sudo tee -a /home/${EclipseUser}/Summary.txt
echo "Login to ECE as \"admin\" with the password \"${pword}\"." | sudo tee -a /home/${EclipseUser}/Summary.txt
echo "" | sudo tee -a /home/${EclipseUser}/Summary.txt
echo "" | sudo tee -a /home/${EclipseUser}/Summary.txt
echo "Login to the ECE Eclipse cluster as \"elastic\" with the password \"${pWord}\"." | sudo tee -a /home/${EclipseUser}/Summary.txt
read -n 1 -s -r -p "Press any key to end"
clear
;;
3) clear
echo ""
echo "We will now begin the installation of the Elastic repo, install several Beats, and ask configuration questions."
echo ""
echo "Import Elastic gpg key"
echo ""
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
echo "Import Elastic gpg key: $(tput setaf 2)[$(tput setaf 4)OK$(tput setaf 2)]$(tput setaf 7)"
#
#
# create Elastic repo
echo "Creating Elastic repository"
echo
sudo touch /etc/yum.repos.d/elasticsearch.repo
echo "[elasticsearch-6.x]" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo
echo "name=Elasticsearch repository for 6.x packages" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo
echo "baseurl=https://artifacts.elastic.co/packages/6.x/yum" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo
echo "gpgcheck=1" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo
echo "gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo
echo "enabled=1" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo
echo "autorefresh=1" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo
echo "type=rpm-md" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo
sudo yum install metricbeat heartbeat-elastic packetbeat filebeat -y
echo ""
echo "The Elastic repo has been installed, as has Metricbeat, Heartbeat, Packetbeat, and Filebeat."
echo ""
echo "Would you like to configure Beats to feed Elastic now?"
read -p "Continue (y/n)?" choice
case "$choice" in
y|Y ) echo "ECE Eclipse will now prompt for several items to configure Beats.";;
n|N ) echo "Please come back when you are ready to continue." ; ;;
* ) echo "Invalid Option";;
esac
read -n 1 -s -r -p "Press any key to continue"
clear
cmd=(dialog --radiolist "ECE: Eclipse Beats Configuration" 22 95 16)
options=(1 "Packetbeat" off # any option can be set to default to "on"
2 "Metricbeat" off
3 "Filebeat" off
4 "Heartbeat" off)
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
clear
for choice in $choices
do
case $choice in
1) clear
echo "Making a copy of the original 'packetbeat.yml' file and renaming with the extension .bak in the same location."
sudo mv /etc/packetbeat/packetbeat.yml /etc/packetbeat/packetbeat.yml.bak
sudo touch /etc/packetbeat/packetbeat.yml
cmd=(dialog --separate-output --checklist "Which Packetbeat protocols & options would you like to configure:" 22 76 16)
options=(1 "ALL - Recommended Option" off # any option can be set to default to "on"
2 "INTERFACE ASSIGNMENTS, TYPES, & FLOWS" off
3 "PROTOCOL SECTION" off
4 "MONITORED PROCESSES" off
5 "GENERAL SETTINGS" off
6 "PROCESSORS" off
7 "LOGGING" off
8 "OUTPUTS - REQUIRED" on
)
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
clear
for choice in $choices
do
case $choice in
1)
echo "Packetbeat Eclipse Configuration" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# INTERFACE CONFIG SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "packetbeat.interfaces.device: any" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "packetbeat.interfaces.type: af_packet" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "packetbeat.interfaces.snaplen: 65535" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "packetbeat.interfaces.buffer_size_mb: 30" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "packetbeat.interfaces.with_vlans: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# FLOW CONFIG SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "packetbeat.flows:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " timeout: 30s" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " period: 30s" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# PROTOCOL CONFIG SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "packetbeat.protocols:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: icmp" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: amqp" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [5672]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: cassandra" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [9042]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: dhcpv4" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [67, 68]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: dns" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [53]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " include_authorities: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " include_additionals: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " send_request: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " send_response: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " transaction_timeout: 10s" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: http" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [80, 8080, 8000, 5000, 8002]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: memcache" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [11211]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: mysql" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [3306]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: pgsql" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [5432]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: redis" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [6379]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: thrift" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [9090]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " capture_reply: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " transaction_timeout: 10s" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: mongodb" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [27017]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: nfs" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [2049]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: tls" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [443]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " send_certificates: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# MONITORED PROCESSES SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "packetbeat.procs:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: false" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " monitored:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " - process: mysqld" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " cmdline_grep: mysqld" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " - process: pgsql" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " cmdline_grep: postgres" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " - process: nginx" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " cmdline_grep: nginx" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " - process: app" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " cmdline_grep: gunicorn" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "packetbeat.ignore_outgoing: false" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# GENERAL SETTINGS SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#name: Auto-defined by hostname" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#tags: ["Takes-Make-It", "Easy-To-Group-Servers"]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "queue:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " mem:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " events: 4096" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " flush.min_events: 2048" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " flush.timeout: 1s" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# Sets the maximum number of CPUs that can be executing simultaneously. The default is the number of logical CPUs available in the system." | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#max_procs:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# PROCESSORS SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# PLEASE RETURN AFTER REVIEWING ONBOARDED DATA TO MANUALLY CONFIGURE" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- drop_event:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# when:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# equals:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# http.code: 200" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- rename:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# fields:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# - from: \"a\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# to: \"b\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- dissect:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# tokenizer: \"%{key1} - %{key2}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# field: \"message\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# target_prefix: \"dissect\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# The following example enriches each event with metadata from the cloud" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# provider about the host machine. It works on EC2, GCE, DigitalOcean," | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# Tencent Cloud, and Alibaba Cloud. Please come back after confirming" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# which cloud provider you will be leveraging." | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- add_cloud_metadata: ~" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# The following example enriches each event with the machine\'s local time zone" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# offset from UTC." | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- add_locale:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# format: offset" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# The following example enriches each event with docker metadata, it matches" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# container id from log path available in \`source\` field (by default it expects" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# it to be /var/lib/docker/containers/*/*.log)." | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- add_docker_metadata: ~" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# The following example enriches each event with host metadata." | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- add_host_metadata:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# netinfo.enabled: false" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# The following example enriches each event with process metadata using" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# process IDs included in the event." | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- add_process_metadata:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# match_pids: [\"system.process.ppid\"]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# target: system.process.parent" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# The following example decodes fields containing JSON strings" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# and replaces the strings with valid JSON objects." | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- decode_json_fields:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# fields: [\"field1\", \"field2\", ...]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# process_array: false" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# max_depth: 1" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# target: \"\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# overwrite_keys: false" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# LOGGING SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "logging.level: info \# Available log levels are: error, warning, info, debug" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# Send all logging output to syslog. The default is false." | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#logging.to_syslog: false" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# Send all logging output to Windows Event Logs. The default is false." | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#logging.to_eventlog: false" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# Set to true to log messages in json format." | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#logging.json: false" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# OUTPUTS SECTION - REQUIRED" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
cmd=(dialog --separate-output --radiolist "Which would you like to configure?" 22 76 16)
options=(1"Elastic Cloud" off # any option can be set to default to "on"
2 "Elastic Cloud Enterprise" off
3 "Elastic On-Prem" off
4 "Kafka" off
5 "Redis" off
6 "File" off
7 "Console" off
8 "Logstash" off
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
clear
for choice in $choices
do
case $choice in
1) clear
cloudID=$(dialog --title "What is your Cloud ID?" --backtitle "Cloud ID Input Section" --inputbox "Found in the Elastic Cloud UI:" 8 40 3>&1 1>&2 2>&3 3>&- )
cloudAuth=$(dialog --title "What is your Cloud Auth?" --backtitle "Cloud Auth Input Section" --inputbox "Typically elastic:somePassword:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "This is your Cloud ID: $cloudID"
echo "This is your Cloud Auth: $cloudAuth"
echo "#============================= Elastic Cloud ==================================" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "cloud.id: ${cloudID}" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "cloud.auth: ${cloudAuth}" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#============================= Elastic Cloud ==================================" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
2) clear
Ehosts=$(dialog --title "ECE Elastic Host (Not Kibana)" --backtitle "ECE Elastic Config Section" --inputbox "ECE Elastic Host" 8 40 3>&1 1>&2 2>&3 3>&- )
EuserName=$(dialog --title "ECE Username (typically \'elastic\')" --backtitle "ECE Elastic Config Section" --inputbox "Username:" 8 40 3>&1 1>&2 2>&3 3>&- )
EpassWord=$(dialog --title "ECE Cluster Password (default for \'elastic\')" --backtitle "ECE Elastic Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- )
Khosts=$(dialog --title "ECE Kibana Host (Not Elastic)" --backtitle "ECE Kibana Config Section" --inputbox "ECE Kibana Host" 8 40 3>&1 1>&2 2>&3 3>&- )
KuserName=$(dialog --title "ECE Cluster Username (default for \'elastic\')" --backtitle "ECE Kibana Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- )
KpassWord=$(dialog --title "ECE Cluster Password (default for \'elastic\')" --backtitle "ECE Kibana Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "#=============================== ECE Output ===================================" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "output.elasticsearch:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " hosts: [\"${Ehosts}\"]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " username: \"${EuserName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " password: \"${EpassWord}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ssl.verification_mode: none" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " protocol: \"https\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# Kibana Config Sub-Section" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "setup.kibana:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " host: \"${Khosts}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " username: \"${KuserName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " password: \"${KpassWord}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ssl.verification_mode: none" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " protocol: \"https\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#=============================== ECE Output ===================================" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
3)
clear
Ehosts=$(dialog --title "Elastic Host (Not Kibana)" --backtitle "Elastic On-Prem Config Section" --inputbox "ECE Elastic Host" 8 40 3>&1 1>&2 2>&3 3>&- )
EuserName=$(dialog --title "Elastic Username (typically \'elastic\')" --backtitle "Elastic On-Prem Config Section" --inputbox "Username:" 8 40 3>&1 1>&2 2>&3 3>&- )
EpassWord=$(dialog --title "Elastic Cluster Password (default for \'elastic\')" --backtitle "Elastic On-Prem Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- )
Khosts=$(dialog --title "Kibana Host (Not Elastic)" --backtitle "Kibana On-Prem Config Section" --inputbox "ECE Kibana Host" 8 40 3>&1 1>&2 2>&3 3>&- )
KuserName=$(dialog --title "Kibana Username (default for \'elastic\')" --backtitle "Kibana On-Prem Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- )
KpassWord=$(dialog --title "Kibana Password (default for \'elastic\')" --backtitle "Kibana On-Prem Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "#============================== Elastic Output ================================" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "output.elasticsearch:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " hosts: [\"${Ehosts}\"]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " username: \"${EuserName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " password: \"${EpassWord}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ssl.verification_mode: none" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " protocol: \"https\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# Kibana Config Sub-Section" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "setup.kibana:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " host: \"${Khosts}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " username: \"${KuserName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " password: \"${KpassWord}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ssl.verification_mode: none" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " protocol: \"https\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#============================== Elastic Output ================================" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
4)
clear
Kafkahosts=$(dialog --title "Kafka Host & Port (e.g. localhost:9092)" --backtitle "Elastic Kafka Output Config Section" --inputbox "Kafka Host" 8 40 3>&1 1>&2 2>&3 3>&- )
KafkaTopic=$(dialog --title "Kafka Topic (e.g. Packetbeat)" --backtitle "Elastic Kafka Topic Config Section" --inputbox "Kafka Topic" 8 40 3>&1 1>&2 2>&3 3>&- )
KafkaClient=$(dialog --title "Kafka Client (default: beats; Used for debugging)" --backtitle "Elastic Kafka Client Config Section" --inputbox "Kafka Client" 8 40 3>&1 1>&2 2>&3 3>&- )
Khosts=$(dialog --title "Kibana Host (Not Elastic)" --backtitle "Kibana Config Section" --inputbox "Kibana Host" 8 40 3>&1 1>&2 2>&3 3>&- )
KuserName=$(dialog --title "Kibana Username (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Username:" 8 40 3>&1 1>&2 2>&3 3>&- )
KpassWord=$(dialog --title "Kibana Password (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "#=========================== Elastic Kafka Output ==============================" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "output.kafka:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " hosts: [\"${Kafkahosts}\"]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " topic: \"${KafkaTopic}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " client_id: \"${KafkaClient}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# Kibana Config Sub-Section" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "setup.kibana:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " host: \"${Khosts}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " username: \"${KuserName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " password: \"${KpassWord}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ssl.verification_mode: none" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " protocol: \"https\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#=========================== Elastic Kafka Output ==============================" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
5)
clear
Redishosts=$(dialog --title "Redis Host & Port (e.g. localhost:6379)" --backtitle "Elastic Redis Output Config Section" --inputbox "Redis Host" 8 40 3>&1 1>&2 2>&3 3>&- )
RedisKey=$(dialog --title "Redis Key (e.g. Packetbeat)" --backtitle "Elastic Redis Key Config Section" --inputbox "Redis Key" 8 40 3>&1 1>&2 2>&3 3>&- )
Khosts=$(dialog --title "Kibana Host (Not Elastic)" --backtitle "Kibana Config Section" --inputbox "Kibana Host" 8 40 3>&1 1>&2 2>&3 3>&- )
KuserName=$(dialog --title "Kibana Username (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Username:" 8 40 3>&1 1>&2 2>&3 3>&- )
KpassWord=$(dialog --title "Kibana Password (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "#=========================== Elastic Redis Output ==============================" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "output.redis:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " hosts: [\"${Redishosts}\"]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " key: \"${RedisKey}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# Kibana Config Sub-Section" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "setup.kibana:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " host: \"${Khosts}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " username: \"${KuserName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " password: \"${KpassWord}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ssl.verification_mode: none" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " protocol: \"https\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#=========================== Elastic Redis Output ==============================" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
6)
clear
filePath=$(dialog --title "File path to write to (e.g. /tmp/packebeat)" --backtitle "File Path Output Config Section" --inputbox "File Path" 8 40 3>&1 1>&2 2>&3 3>&- )
fileName=$(dialog --title "File name to write as (e.g. Packetbeat)" --backtitle "File Name Output Config Section" --inputbox "File Name" 8 40 3>&1 1>&2 2>&3 3>&- )
Khosts=$(dialog --title "Kibana Host (Not Elastic)" --backtitle "Kibana Config Section" --inputbox "Kibana Host" 8 40 3>&1 1>&2 2>&3 3>&- )
KuserName=$(dialog --title "Kibana Username (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Username:" 8 40 3>&1 1>&2 2>&3 3>&- )
KpassWord=$(dialog --title "Kibana Password (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "#=========================== Elastic File Output ===============================" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "output.file:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " path: \"${filePath}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " filename: \"${fileName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# Kibana Config Sub-Section" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "setup.kibana:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " host: \"${Khosts}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " username: \"${KuserName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " password: \"${KpassWord}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ssl.verification_mode: none" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " protocol: \"https\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#=========================== Elastic File Output ===============================" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
7)
clear
echo "#============================== Console Output ================================" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "output.console:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#============================== Console Output ================================" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
8)
clear
LogHost=$(dialog --title "Logstash Host (e.g. localhost:5044)" --backtitle "Logstash Host & Port Output Config Section" --inputbox "Logstash Host:Port:" 8 40 3>&1 1>&2 2>&3 3>&- )
LogIndex=$(dialog --title "Logstash Index (e.g. packetbeat)" --backtitle "Logstash Index: packetbeat-7.0.0-YYYY.mm.dd" --input "Logstash Index Name (must be ALL lowercase):" 8 40 3>&1 1>&2 2>&3 3>&- )
Khosts=$(dialog --title "Kibana Host (Not Elastic)" --backtitle "Kibana Config Section" --inputbox "Kibana Host" 8 40 3>&1 1>&2 2>&3 3>&- )
KuserName=$(dialog --title "Kibana Username (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Username:" 8 40 3>&1 1>&2 2>&3 3>&- )
KpassWord=$(dialog --title "Kibana Password (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "#============================== Logstash Output ===============================" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "output.logstash:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " hosts: [\"${LogHost}\"]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " index: ${LogIndex}" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# Kibana Config Sub-Section" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "setup.kibana:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " host: \"${Khosts}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " username: \"${KuserName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " password: \"${KpassWord}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ssl.verification_mode: none" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " protocol: \"https\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#============================== Logstash Output ===============================" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
2)
clear
iFace=$(dialog --title "What interface(s) will you configure Packetbeat to listen on?" --backtitle "Packetbeat Interface Config Section" --inputbox "Listening Interface (e.g. \"any\" or \"em1, em2\" ):" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "packetbeat.interfaces.device: ${iFace}" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
3)
clear
cmd=(dialog --separate-output --checklist "Which Packetbeat protocols would you like to configure?" 22 76 16)
options=(1 "All Protocols with default port configs - Recommended" off
2 "ICMP" off
3 "AMQP" off
4 "Cassandra" off
5 "DHCPv4" off
6 "DNS" off
7 "HTTP" off
8 "Memcache" off
9 "MySQL" off
10 "PgSQL" off
11 "Redis" off
12 "Thrift" off
13 "Mongodb" off
14 "NFS" off
15 "TLS" off
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
clear
for choice in $choices
do
case $choice in
1) clear
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "packetbeat.protocols:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: icmp" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: amqp" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [5672]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: cassandra" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [9042]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: dhcpv4" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [67, 68]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: dns" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [53]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " include_authorities: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " include_additionals: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " send_request: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " send_response: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " transaction_timeout: 10s" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: http" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [80, 8080, 8000, 5000, 8002]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: memcache" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [11211]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: mysql" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [3306]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: pgsql" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [5432]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: redis" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [6379]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: thrift" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [9090]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " capture_reply: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " transaction_timeout: 10s" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: mongodb" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [27017]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: nfs" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [2049]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: tls" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [443]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " send_certificates: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
2) clear
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: icmp" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
3) clear
amqp=$(dialog --title "What is the AMQP port? (Default is 5672)" --backtitle "AMQP Config Section" --inputbox "AMQP Port:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: amqp" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [${amqp}]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
4) clear
cass=$(dialog --title "What is the Cassandra port? (Default is 9042)" --backtitle "Cassandra Config Section" --inputbox "Cassandra Port:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: cassandra" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [${cass}]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
5) clear
dhcpd=$(dialog --title "What is the DHCP port? (Default is 67, 68)" --backtitle "DHCP Config Section" --inputbox "DHCP Port:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: dhcpv4" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [${dhcpd}]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
6) clear
dns$(dialog --title "What is the DNS port? (Default is 53)" --backtitle "DNS Config Section" --inputbox "DNS Port:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: dns" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [${dns}]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
7) clear
http=$(dialog --title "What are the HTTP ports? (Default is 80, 8000, 5000, 8002)" --backtitle "HTTP Config Section" --inputbox "HTTP Ports:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: http" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [${http}]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
8) clear
memcache=$(dialog --title "What is the memcache port? (Default is 11211)" --backtitle "Memcache Config Section" --inputbox "Memcache Port:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: memcache" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [${memcache}]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
9) clear
mysql=$(dialog --title "What is the MySQL port? (Default is 3306)" --backtitle "MySQL Config Section" --input "MySQL Port:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: mysql" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [${mysql}]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
10) clear
pgsql=$(dialog --title "What is the pgSQL port? (Default is 5432)" --backtitle "pgSQL Config Section" --input "pgSQL Port:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: pgsql" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [${pgsql}]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
11) clear
redis=$(dialog --title "What is the Redis port? (Default is 6379)" --backtitle "Redis Config Section" --input "Redis Port:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: redis" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [${redis}]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
12) clear
thrift=$(dialog --title "What is the Thrift port? (Default is 9090)" --backtitle "Thrift Config Section" --input "Thrift Port:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: thrift" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [${thrift}]" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
13) clear
mongodb=$(dialog --title "What is the Mongodb port? (Default is 27017)" --backtitle "Mongodb Config Section" --input "Mongodb Port:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: mongodb" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [${mongodb}]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
14) clear
nfs=$(dialog --title "What is the NFS port? (Default is 2049)" --backtitle "NFS Config Section" --input "NFS Port:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: nfs" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [${nfs}]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
15) clear
tls=$(dialog --title "What is the TLS port? (Default is 443)" --backtitle "TLS Config Section" --input "TLS Port:" 8 40 3>&1 1>&2 2>&3 3>&- )
tlsCert=$(dialog --title "Send the TLS Certs? (Either true OR false ONLY)" --backtitle "TLS Cert T/F Section" --input "TLS Certificate Included:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "- type: tls" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " ports: [${tls}]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " send_certificates: ${tlsCert}" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
4) clear
dialog --title "Configure Monitored Processes?"
--backtitle "Monitored Process Section" \
--yesno "Would you like to configure Packetbeat to listen for mysqld, pgsql, nginx, or gunicorn?" 7 60
# Get exit status
# 0 means user hit [yes] button.
# 1 means user hit [no] button.
# 255 means user hit [Esc] key.
response=$?
case $response in
0) clear
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# MONITORED PROCESSES SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "packetbeat.procs:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " monitored:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " - process: mysqld" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " cmdline_grep: mysqld" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " - process: pgsql" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " cmdline_grep: postgres" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " - process: nginx" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " cmdline_grep: nginx" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " - process: app" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " cmdline_grep: gunicorn" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "packetbeat.ignore_outgoing: false" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
1) clear
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# MONITORED PROCESSES SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "packetbeat.procs:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " enabled: false" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " monitored:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " - process: mysqld" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " cmdline_grep: mysqld" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " - process: pgsql" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " cmdline_grep: postgres" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " - process: nginx" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " cmdline_grep: nginx" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " - process: app" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " cmdline_grep: gunicorn" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "packetbeat.ignore_outgoing: false" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
255) echo "[ESC] key pressed.";;
;;
5)
dialog --title "Configure General Processes?"
--backtitle "General Process Section" \
--yesno "Would you like to configure a name & tag specific to this Beat, as well as the memory queue events, minimum event count, and flugh timeout?" 7 60
# Get exit status
# 0 means user hit [yes] button.
# 1 means user hit [no] button.
# 255 means user hit [Esc] key.
response=$?
case $response in
0) clear
beatTags=$(dialog --title "What is the Beat Tagname(s)? (Default is 443)" --backtitle "Beat Config Section" --input "Beat Tagname:" 8 40 3>&1 1>&2 2>&3 3>&- )
beatEvent=$(dialog --title "How many events should the queue hold? (Default is 4096)" --backtitle "Beat Config Section" --input "Beat Event Count:" 8 40 3>&1 1>&2 2>&3 3>&- )
beatMinEvent=$(dialog --title "What is the minimum number of events that should be held until data is release from the queue? (Default is 2048)" --backtitle "Beat Config Section" --input "Beat Min. Event Count:" 8 40 3>&1 1>&2 2>&3 3>&- )
beatFlush=$(dialog --title "How long in seconds do you want the flush timeout? (Default is 1)" --backtitle "Beat Config Section" --input "Beat Flush Clock:" 8 40 3>&1 1>&2 2>&3 3>&- )
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# GENERAL SETTINGS SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#name: Auto-defined by hostname" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "tags:[\"${beatTags}\"]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "queue:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " mem:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " events: ${beatEvent}" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " flush.min_events: ${beatMinEvent}" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " flush.timeout: ${beatFlush}s" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
1) clear
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# GENERAL SETTINGS SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#name: Auto-defined by hostname" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#tags: ["Takes-Make-It", "Easy-To-Group-Servers"]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "queue:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " mem:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " events: 4096" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " flush.min_events: 2048" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo " flush.timeout: 1s" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
;;
255) echo "[ESC] key pressed.";;
;;
6)clear
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# PROCESSORS SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# PLEASE RETURN AFTER REVIEWING ONBOARDED DATA TO MANUALLY CONFIGURE" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- drop_event:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# when:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# equals:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# http.code: 200" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- rename:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# fields:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# - from: \"a\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# to: \"b\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- dissect:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# tokenizer: \"%{key1} - %{key2}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# field: \"message\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# target_prefix: \"dissect\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# The following example enriches each event with metadata from the cloud" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# provider about the host machine. It works on EC2, GCE, DigitalOcean," | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# Tencent Cloud, and Alibaba Cloud. Please come back after confirming" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# which cloud provider you will be leveraging." | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- add_cloud_metadata: ~" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# The following example enriches each event with the machine\'s local time zone" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# offset from UTC." | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- add_locale:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# format: offset" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# The following example enriches each event with docker metadata, it matches" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# container id from log path available in \`source\` field (by default it expects" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# it to be /var/lib/docker/containers/*/*.log)." | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- add_docker_metadata: ~" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# The following example enriches each event with host metadata." | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- add_host_metadata:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# netinfo.enabled: false" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# The following example enriches each event with process metadata using" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# process IDs included in the event." | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- add_process_metadata:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# match_pids: [\"system.process.ppid\"]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# target: system.process.parent" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# The following example decodes fields containing JSON strings" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# and replaces the strings with valid JSON objects." | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "#- decode_json_fields:" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# fields: [\"field1\", \"field2\", ...]" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# process_array: false" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# max_depth: 1" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# target: \"\"" | sudo tee -a /etc/packetbeat/packetbeat.yml
echo "# overwrite_keys: false" | sudo tee -a /etc/packetbeat/packetbeat.yml
esac
done
@lsaidd
Copy link

lsaidd commented Apr 12, 2019

哈哈

@iamhowardtheduck
Copy link
Author

What's so funny?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment