Last active
April 16, 2019 02:02
-
-
Save iamhowardtheduck/e331e3b5e80190216a30f4bddc22f44f to your computer and use it in GitHub Desktop.
ECE Eclipse - Rolling Build, Release Candidate, Testing, NOT FOR PRODUCTION
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sudo yum install dialog -y | |
cmd=(dialog --radiolist "ECE: Eclipse Installation" 22 95 16) | |
options=(1 "Prepare system for ECE install, then reboot." off # any option can be set to default to "on" | |
2 "Install ECE, download all available versions, & create an Elastic cluster." off | |
3 "Configure the Elasticsearch repository, download, install, and configure Beats." off | |
4 "Make like a tree, and leave." off) | |
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) | |
clear | |
for choice in $choices | |
do | |
case $choice in | |
1) clear | |
echo "Welcome to the ECE Auto-Install Script PART 1." | |
echo "" | |
echo "DO NOT RUN THIS AS ROOT, BUT AS A USER WITH ROOT RIGHTS" | |
echo "" | |
echo "IT WILL FAIL IF YOU RUN AS ROOT, SO DO NOT DO IT!" | |
echo "" | |
echo "This is designed to be run on a minimal server install of CentOS 7 AFTER 'yum update' has been run and the system was rebooted." | |
echo "" | |
echo "Once done, your system will reboot; once it does start PART 2." | |
read -n 1 -s -r -p "Press any key to continue" | |
sudo yum install wget -y | |
sudo /sbin/grubby --update-kernel=ALL --args='cgroup_enable=memory cgroup.memory=nokmem swapaccount=1' | |
echo "overlay" | sudo tee -a /etc/modules-load.d/overlay.conf | |
sudo grub2-set-default 0 | |
sudo grub2-mkconfig -o /etc/grub2.cfg | |
sudo touch /etc/yum.repos.d/docker.repo | |
echo "[dockerrepo]" | sudo tee -a /etc/yum.repos.d/docker.repo | |
echo "name=Docker Repository" | sudo tee -a /etc/yum.repos.d/docker.repo | |
echo "baseurl=https://download.docker.com/linux/centos/7/x86_64/stable" | sudo tee -a /etc/yum.repos.d/docker.repo | |
echo "enabled=1" | sudo tee -a /etc/yum.repos.d/docker.repo | |
echo "gpgcheck=1" | sudo tee -a /etc/yum.repos.d/docker.repo | |
echo "gpgkey=https://download.docker.com/linux/centos/gpg" | sudo tee -a /etc/yum.repos.d/docker.repo | |
sudo yum makecache fast -y | |
sudo yum install docker-ce-18.09.2* -y | |
sudo systemctl stop docker | |
echo "vm.max_map_count=262144" | sudo tee -a /etc/sysctl.conf | |
echo "net.ipv4.ip_forward = 1" | sudo tee -a /etc/sysctl.conf | |
sudo install -o $USER -g $USER -d -m 700 /mnt/data | |
sudo install -o $USER -g $USER -d -m 700 /mnt/data/docker | |
sudo systemctl disable firewalld | |
sudo mkdir -p /etc/systemd/system/docker.service.d | |
sudo touch /etc/systemd/system/docker.service.d/docker.conf | |
echo "[Unit]" | sudo tee -a /etc/systemd/system/docker.service.d/docker.conf | |
echo "Description=Docker Service" | sudo tee -a /etc/systemd/system/docker.service.d/docker.conf | |
echo "After=multi-user.target" | sudo tee -a /etc/systemd/system/docker.service.d/docker.conf | |
echo "" | sudo tee -a /etc/systemd/system/docker.service.d/docker.conf | |
echo "[Service]" | sudo tee -a /etc/systemd/system/docker.service.d/docker.conf | |
echo "ExecStart=" | sudo tee -a /etc/systemd/system/docker.service.d/docker.conf | |
echo "ExecStart=/usr/bin/dockerd --data-root /mnt/data/docker --storage-driver=overlay --bip=172.17.42.1/16" | sudo tee -a /etc/systemd/system/docker.service.d/docker.conf | |
sudo systemctl daemon-reload | |
sudo systemctl restart docker | |
sudo systemctl enable docker | |
sudo usermod -aG docker $USER | |
sudo touch /etc/sysctl.d/70-cloudenterprise.conf | |
echo "net.ipv4.tcp_max_syn_backlog=65536" | sudo tee -a /etc/sysctl.d/70-cloudenterprise.conf | |
echo "net.core.somaxconn=32768" | sudo tee -a /etc/sysctl.d/70-cloudenterprise.conf | |
echo "net.core.netdev_max_backlog=32768" | sudo tee -a /etc/sysctl.d/70-cloudenterprise.conf | |
echo "exclude=docker-ce" | sudo tee -a /etc/yum.conf | |
echo "" | |
echo "" | |
echo "" | |
clear | |
echo "The system now requires a reboot. Please re-run the script and selection option 2." | |
echo "" | |
echo "" | |
read -n 1 -s -r -p "Press any key to reboot now." | |
sudo reboot now | |
;; | |
2) clear | |
echo "Welcome to the ECE Auto-Install Script PART 2." | |
echo "" | |
echo "DO NOT RUN THIS AS ROOT, BUT AS A USER WITH ROOT RIGHTS" | |
echo "" | |
echo "IT WILL FAIL IF YOU RUN AS ROOT, SO DO NOT DO IT!" | |
echo "" | |
echo "This is designed to be run on a minimal server install of CentOS 7 AFTER 'yum update' & ECE Install Part 1 has been run." | |
echo "" | |
read -n 1 -s -r -p "Press any key to continue" | |
clear | |
sudo docker info | grep Root | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) install | |
adminPassword=$(grep -oP '(?<=adminconsole_root_password":")[^"]*' /mnt/data/elastic/bootstrap-state/bootstrap-secrets.json) | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.7.1 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.7.0 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.5.4 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.5.3 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.5.2 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.5.1 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.5.0 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.4.3 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.4.2 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.4.1 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.4.0 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.3.2 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.3.1 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.3.0 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.2.4 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.2.3 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.2.2 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.1.4 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 6.1.3 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.14 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.13 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.12 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.11 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.10 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.9 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.8 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.7 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.6 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.5 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.4 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.3 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.2 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.6.1 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.5.3 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.5.2 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.5.1 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.5.0 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.4.3 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.4.2 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.4.1 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 5.4.0 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 2.4.6 --user admin --pass ${adminPassword} | |
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) add-stack-version --version 2.4.5 --user admin --pass ${adminPassword} | |
clear | |
echo "" | |
echo "" | |
echo "What is the IP address of this system?" | |
read myIP | |
clear | |
echo "" | |
echo "" | |
echo "" | |
echo "Beginning ECE Eclipse cluster deployment" | |
echo "" | |
EclipseUser=$(whoami) | |
curl -k -X POST -u admin:${adminPassword} https://${myIP}:12443/api/v1/clusters/elasticsearch -H 'content-type: application/json' -d '{ | |
"cluster_name" : "ECE Eclipse", | |
"plan" : { | |
"elasticsearch" : { | |
"version" : "6.7.1" | |
}, | |
"cluster_topology" : [ | |
{ | |
"memory_per_node" : 8192, | |
"node_count_per_zone" : 1, | |
"node_type" : { | |
"data" : true, | |
"ingest" : true, | |
"master" : true, | |
"ml" : true | |
}, | |
"zone_count" : 1 | |
} | |
] | |
} | |
}' >> /home/${EclipseUser}/Deployment.txt | |
sudo touch /home/${EclipseUser}/kibanaConfig.json | |
ECID=$(grep -oP '(?<=elasticsearch_cluster_id": ")[^"]*' /home/${EclipseUser}/Deployment.txt) | |
echo "{" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json | |
echo "\"elasticsearch_cluster_id\": \"${ECID}\","| sudo tee -a /home/${EclipseUser}/kibanaConfig.json | |
echo "\"plan\": {" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json | |
echo " \"kibana\": {}," | sudo tee -a /home/${EclipseUser}/kibanaConfig.json | |
echo " \"cluster_topology\": [" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json | |
echo " {" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json | |
echo " \"instance_configuration_id\": \"kibana\"," | sudo tee -a /home/${EclipseUser}/kibanaConfig.json | |
echo " \"zone_count\": 1," | sudo tee -a /home/${EclipseUser}/kibanaConfig.json | |
echo " \"size\": {" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json | |
echo " \"resource\": \"memory\"," | sudo tee -a /home/${EclipseUser}/kibanaConfig.json | |
echo " \"value\": 2048" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json | |
echo " }" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json | |
echo " }" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json | |
echo " ]" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json | |
echo " }" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json | |
echo "}" | sudo tee -a /home/${EclipseUser}/kibanaConfig.json | |
curl -k -X POST -u admin:${adminPassword} https://${myIP}:12443/api/v1/clusters/kibana -H 'content-type: application/json' -d @/home/${EclipseUser}/kibanaConfig.json | |
clear | |
echo "" | |
echo "" | |
echo "" | |
echo "Moving bootstrap-secrets.json to ${EclipseUser}'s home folder." | |
sudo cp /mnt/data/elastic/bootstrap-state/bootstrap-secrets.json /home/${EclipseUser} | |
sudo chmod 777 /home/${EclipseUser}/bootstrap-secrets.json | |
echo "" | |
echo "Your ECE login username will be \"admin\" and the password is \"${adminPassword}\"." | |
echo "" | |
echo "" | |
pWord=$(grep -oP '(?<=password": ")[^"]*' /home/${EclipseUser}/Deployment.txt) | |
echo "Your ECE Eclipse login username will be \"elastic\" and the password is \"${pWord}\"." | |
echo "" | |
echo "You can access ECE via https://${myIP}:12443" | |
echo "" | |
echo "These credentials will be located at /home/${EclipseUser}/Summary.txt." | |
echo "" | |
echo "Please store these in a secure location." | |
sudo touch /home/${EclipseUser}/Summary.txt | |
echo "Access ECE here: https://${myIP}:12443" | sudo tee -a /home/${EclipseUser}/Summary.txt | |
echo "" | sudo tee -a /home/${EclipseUser}/Summary.txt | |
echo "" | sudo tee -a /home/${EclipseUser}/Summary.txt | |
echo "Login to ECE as \"admin\" with the password \"${pword}\"." | sudo tee -a /home/${EclipseUser}/Summary.txt | |
echo "" | sudo tee -a /home/${EclipseUser}/Summary.txt | |
echo "" | sudo tee -a /home/${EclipseUser}/Summary.txt | |
echo "Login to the ECE Eclipse cluster as \"elastic\" with the password \"${pWord}\"." | sudo tee -a /home/${EclipseUser}/Summary.txt | |
read -n 1 -s -r -p "Press any key to end" | |
clear | |
;; | |
3) clear | |
echo "" | |
echo "We will now begin the installation of the Elastic repo, install several Beats, and ask configuration questions." | |
echo "" | |
echo "Import Elastic gpg key" | |
echo "" | |
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch | |
echo "Import Elastic gpg key: $(tput setaf 2)[$(tput setaf 4)OK$(tput setaf 2)]$(tput setaf 7)" | |
# | |
# | |
# create Elastic repo | |
echo "Creating Elastic repository" | |
echo | |
sudo touch /etc/yum.repos.d/elasticsearch.repo | |
echo "[elasticsearch-6.x]" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
echo "name=Elasticsearch repository for 6.x packages" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
echo "baseurl=https://artifacts.elastic.co/packages/6.x/yum" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
echo "gpgcheck=1" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
echo "gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
echo "enabled=1" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
echo "autorefresh=1" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
echo "type=rpm-md" | sudo tee -a /etc/yum.repos.d/elasticsearch.repo | |
sudo yum install metricbeat heartbeat-elastic packetbeat filebeat -y | |
echo "" | |
echo "The Elastic repo has been installed, as has Metricbeat, Heartbeat, Packetbeat, and Filebeat." | |
echo "" | |
echo "Would you like to configure Beats to feed Elastic now?" | |
read -p "Continue (y/n)?" choice | |
case "$choice" in | |
y|Y ) echo "ECE Eclipse will now prompt for several items to configure Beats.";; | |
n|N ) echo "Please come back when you are ready to continue." ; ;; | |
* ) echo "Invalid Option";; | |
esac | |
read -n 1 -s -r -p "Press any key to continue" | |
clear | |
cmd=(dialog --radiolist "ECE: Eclipse Beats Configuration" 22 95 16) | |
options=(1 "Packetbeat" off # any option can be set to default to "on" | |
2 "Metricbeat" off | |
3 "Filebeat" off | |
4 "Heartbeat" off) | |
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) | |
clear | |
for choice in $choices | |
do | |
case $choice in | |
1) clear | |
echo "Making a copy of the original 'packetbeat.yml' file and renaming with the extension .bak in the same location." | |
sudo mv /etc/packetbeat/packetbeat.yml /etc/packetbeat/packetbeat.yml.bak | |
sudo touch /etc/packetbeat/packetbeat.yml | |
cmd=(dialog --separate-output --checklist "Which Packetbeat protocols & options would you like to configure:" 22 76 16) | |
options=(1 "ALL - Recommended Option" off # any option can be set to default to "on" | |
2 "INTERFACE ASSIGNMENTS, TYPES, & FLOWS" off | |
3 "PROTOCOL SECTION" off | |
4 "MONITORED PROCESSES" off | |
5 "GENERAL SETTINGS" off | |
6 "PROCESSORS" off | |
7 "LOGGING" off | |
8 "OUTPUTS - REQUIRED" on | |
) | |
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) | |
clear | |
for choice in $choices | |
do | |
case $choice in | |
1) | |
echo "Packetbeat Eclipse Configuration" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# INTERFACE CONFIG SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "packetbeat.interfaces.device: any" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "packetbeat.interfaces.type: af_packet" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "packetbeat.interfaces.snaplen: 65535" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "packetbeat.interfaces.buffer_size_mb: 30" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "packetbeat.interfaces.with_vlans: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# FLOW CONFIG SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "packetbeat.flows:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " timeout: 30s" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " period: 30s" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# PROTOCOL CONFIG SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "packetbeat.protocols:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: icmp" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: amqp" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [5672]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: cassandra" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [9042]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: dhcpv4" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [67, 68]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: dns" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [53]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " include_authorities: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " include_additionals: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " send_request: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " send_response: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " transaction_timeout: 10s" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: http" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [80, 8080, 8000, 5000, 8002]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: memcache" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [11211]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: mysql" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [3306]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: pgsql" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [5432]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: redis" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [6379]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: thrift" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [9090]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " capture_reply: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " transaction_timeout: 10s" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: mongodb" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [27017]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: nfs" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [2049]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: tls" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [443]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " send_certificates: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# MONITORED PROCESSES SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "packetbeat.procs:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: false" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " monitored:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " - process: mysqld" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " cmdline_grep: mysqld" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " - process: pgsql" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " cmdline_grep: postgres" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " - process: nginx" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " cmdline_grep: nginx" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " - process: app" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " cmdline_grep: gunicorn" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "packetbeat.ignore_outgoing: false" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# GENERAL SETTINGS SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#name: Auto-defined by hostname" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#tags: ["Takes-Make-It", "Easy-To-Group-Servers"]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "queue:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " mem:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " events: 4096" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " flush.min_events: 2048" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " flush.timeout: 1s" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# Sets the maximum number of CPUs that can be executing simultaneously. The default is the number of logical CPUs available in the system." | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#max_procs:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# PROCESSORS SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# PLEASE RETURN AFTER REVIEWING ONBOARDED DATA TO MANUALLY CONFIGURE" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- drop_event:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# when:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# equals:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# http.code: 200" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- rename:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# fields:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# - from: \"a\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# to: \"b\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- dissect:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# tokenizer: \"%{key1} - %{key2}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# field: \"message\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# target_prefix: \"dissect\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# The following example enriches each event with metadata from the cloud" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# provider about the host machine. It works on EC2, GCE, DigitalOcean," | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# Tencent Cloud, and Alibaba Cloud. Please come back after confirming" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# which cloud provider you will be leveraging." | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- add_cloud_metadata: ~" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# The following example enriches each event with the machine\'s local time zone" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# offset from UTC." | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- add_locale:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# format: offset" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# The following example enriches each event with docker metadata, it matches" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# container id from log path available in \`source\` field (by default it expects" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# it to be /var/lib/docker/containers/*/*.log)." | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- add_docker_metadata: ~" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# The following example enriches each event with host metadata." | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- add_host_metadata:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# netinfo.enabled: false" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# The following example enriches each event with process metadata using" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# process IDs included in the event." | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- add_process_metadata:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# match_pids: [\"system.process.ppid\"]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# target: system.process.parent" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# The following example decodes fields containing JSON strings" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# and replaces the strings with valid JSON objects." | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- decode_json_fields:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# fields: [\"field1\", \"field2\", ...]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# process_array: false" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# max_depth: 1" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# target: \"\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# overwrite_keys: false" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# LOGGING SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "logging.level: info \# Available log levels are: error, warning, info, debug" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# Send all logging output to syslog. The default is false." | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#logging.to_syslog: false" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# Send all logging output to Windows Event Logs. The default is false." | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#logging.to_eventlog: false" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# Set to true to log messages in json format." | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#logging.json: false" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# OUTPUTS SECTION - REQUIRED" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
cmd=(dialog --separate-output --radiolist "Which would you like to configure?" 22 76 16) | |
options=(1"Elastic Cloud" off # any option can be set to default to "on" | |
2 "Elastic Cloud Enterprise" off | |
3 "Elastic On-Prem" off | |
4 "Kafka" off | |
5 "Redis" off | |
6 "File" off | |
7 "Console" off | |
8 "Logstash" off | |
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) | |
clear | |
for choice in $choices | |
do | |
case $choice in | |
1) clear | |
cloudID=$(dialog --title "What is your Cloud ID?" --backtitle "Cloud ID Input Section" --inputbox "Found in the Elastic Cloud UI:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
cloudAuth=$(dialog --title "What is your Cloud Auth?" --backtitle "Cloud Auth Input Section" --inputbox "Typically elastic:somePassword:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "This is your Cloud ID: $cloudID" | |
echo "This is your Cloud Auth: $cloudAuth" | |
echo "#============================= Elastic Cloud ==================================" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "cloud.id: ${cloudID}" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "cloud.auth: ${cloudAuth}" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#============================= Elastic Cloud ==================================" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
2) clear | |
Ehosts=$(dialog --title "ECE Elastic Host (Not Kibana)" --backtitle "ECE Elastic Config Section" --inputbox "ECE Elastic Host" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
EuserName=$(dialog --title "ECE Username (typically \'elastic\')" --backtitle "ECE Elastic Config Section" --inputbox "Username:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
EpassWord=$(dialog --title "ECE Cluster Password (default for \'elastic\')" --backtitle "ECE Elastic Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
Khosts=$(dialog --title "ECE Kibana Host (Not Elastic)" --backtitle "ECE Kibana Config Section" --inputbox "ECE Kibana Host" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
KuserName=$(dialog --title "ECE Cluster Username (default for \'elastic\')" --backtitle "ECE Kibana Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
KpassWord=$(dialog --title "ECE Cluster Password (default for \'elastic\')" --backtitle "ECE Kibana Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "#=============================== ECE Output ===================================" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "output.elasticsearch:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " hosts: [\"${Ehosts}\"]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " username: \"${EuserName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " password: \"${EpassWord}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ssl.verification_mode: none" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " protocol: \"https\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# Kibana Config Sub-Section" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "setup.kibana:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " host: \"${Khosts}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " username: \"${KuserName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " password: \"${KpassWord}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ssl.verification_mode: none" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " protocol: \"https\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#=============================== ECE Output ===================================" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
3) | |
clear | |
Ehosts=$(dialog --title "Elastic Host (Not Kibana)" --backtitle "Elastic On-Prem Config Section" --inputbox "ECE Elastic Host" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
EuserName=$(dialog --title "Elastic Username (typically \'elastic\')" --backtitle "Elastic On-Prem Config Section" --inputbox "Username:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
EpassWord=$(dialog --title "Elastic Cluster Password (default for \'elastic\')" --backtitle "Elastic On-Prem Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
Khosts=$(dialog --title "Kibana Host (Not Elastic)" --backtitle "Kibana On-Prem Config Section" --inputbox "ECE Kibana Host" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
KuserName=$(dialog --title "Kibana Username (default for \'elastic\')" --backtitle "Kibana On-Prem Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
KpassWord=$(dialog --title "Kibana Password (default for \'elastic\')" --backtitle "Kibana On-Prem Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "#============================== Elastic Output ================================" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "output.elasticsearch:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " hosts: [\"${Ehosts}\"]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " username: \"${EuserName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " password: \"${EpassWord}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ssl.verification_mode: none" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " protocol: \"https\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# Kibana Config Sub-Section" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "setup.kibana:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " host: \"${Khosts}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " username: \"${KuserName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " password: \"${KpassWord}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ssl.verification_mode: none" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " protocol: \"https\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#============================== Elastic Output ================================" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
4) | |
clear | |
Kafkahosts=$(dialog --title "Kafka Host & Port (e.g. localhost:9092)" --backtitle "Elastic Kafka Output Config Section" --inputbox "Kafka Host" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
KafkaTopic=$(dialog --title "Kafka Topic (e.g. Packetbeat)" --backtitle "Elastic Kafka Topic Config Section" --inputbox "Kafka Topic" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
KafkaClient=$(dialog --title "Kafka Client (default: beats; Used for debugging)" --backtitle "Elastic Kafka Client Config Section" --inputbox "Kafka Client" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
Khosts=$(dialog --title "Kibana Host (Not Elastic)" --backtitle "Kibana Config Section" --inputbox "Kibana Host" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
KuserName=$(dialog --title "Kibana Username (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Username:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
KpassWord=$(dialog --title "Kibana Password (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "#=========================== Elastic Kafka Output ==============================" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "output.kafka:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " hosts: [\"${Kafkahosts}\"]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " topic: \"${KafkaTopic}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " client_id: \"${KafkaClient}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# Kibana Config Sub-Section" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "setup.kibana:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " host: \"${Khosts}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " username: \"${KuserName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " password: \"${KpassWord}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ssl.verification_mode: none" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " protocol: \"https\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#=========================== Elastic Kafka Output ==============================" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
5) | |
clear | |
Redishosts=$(dialog --title "Redis Host & Port (e.g. localhost:6379)" --backtitle "Elastic Redis Output Config Section" --inputbox "Redis Host" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
RedisKey=$(dialog --title "Redis Key (e.g. Packetbeat)" --backtitle "Elastic Redis Key Config Section" --inputbox "Redis Key" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
Khosts=$(dialog --title "Kibana Host (Not Elastic)" --backtitle "Kibana Config Section" --inputbox "Kibana Host" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
KuserName=$(dialog --title "Kibana Username (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Username:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
KpassWord=$(dialog --title "Kibana Password (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "#=========================== Elastic Redis Output ==============================" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "output.redis:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " hosts: [\"${Redishosts}\"]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " key: \"${RedisKey}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# Kibana Config Sub-Section" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "setup.kibana:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " host: \"${Khosts}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " username: \"${KuserName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " password: \"${KpassWord}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ssl.verification_mode: none" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " protocol: \"https\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#=========================== Elastic Redis Output ==============================" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
6) | |
clear | |
filePath=$(dialog --title "File path to write to (e.g. /tmp/packebeat)" --backtitle "File Path Output Config Section" --inputbox "File Path" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
fileName=$(dialog --title "File name to write as (e.g. Packetbeat)" --backtitle "File Name Output Config Section" --inputbox "File Name" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
Khosts=$(dialog --title "Kibana Host (Not Elastic)" --backtitle "Kibana Config Section" --inputbox "Kibana Host" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
KuserName=$(dialog --title "Kibana Username (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Username:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
KpassWord=$(dialog --title "Kibana Password (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "#=========================== Elastic File Output ===============================" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "output.file:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " path: \"${filePath}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " filename: \"${fileName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# Kibana Config Sub-Section" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "setup.kibana:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " host: \"${Khosts}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " username: \"${KuserName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " password: \"${KpassWord}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ssl.verification_mode: none" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " protocol: \"https\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#=========================== Elastic File Output ===============================" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
7) | |
clear | |
echo "#============================== Console Output ================================" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "output.console:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#============================== Console Output ================================" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
8) | |
clear | |
LogHost=$(dialog --title "Logstash Host (e.g. localhost:5044)" --backtitle "Logstash Host & Port Output Config Section" --inputbox "Logstash Host:Port:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
LogIndex=$(dialog --title "Logstash Index (e.g. packetbeat)" --backtitle "Logstash Index: packetbeat-7.0.0-YYYY.mm.dd" --input "Logstash Index Name (must be ALL lowercase):" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
Khosts=$(dialog --title "Kibana Host (Not Elastic)" --backtitle "Kibana Config Section" --inputbox "Kibana Host" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
KuserName=$(dialog --title "Kibana Username (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Username:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
KpassWord=$(dialog --title "Kibana Password (default for \'elastic\')" --backtitle "Kibana Config Section" --inputbox "Password:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "#============================== Logstash Output ===============================" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "output.logstash:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " hosts: [\"${LogHost}\"]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " index: ${LogIndex}" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# Kibana Config Sub-Section" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "setup.kibana:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " host: \"${Khosts}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " username: \"${KuserName}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " password: \"${KpassWord}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ssl.verification_mode: none" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " protocol: \"https\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#============================== Logstash Output ===============================" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
2) | |
clear | |
iFace=$(dialog --title "What interface(s) will you configure Packetbeat to listen on?" --backtitle "Packetbeat Interface Config Section" --inputbox "Listening Interface (e.g. \"any\" or \"em1, em2\" ):" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "packetbeat.interfaces.device: ${iFace}" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
3) | |
clear | |
cmd=(dialog --separate-output --checklist "Which Packetbeat protocols would you like to configure?" 22 76 16) | |
options=(1 "All Protocols with default port configs - Recommended" off | |
2 "ICMP" off | |
3 "AMQP" off | |
4 "Cassandra" off | |
5 "DHCPv4" off | |
6 "DNS" off | |
7 "HTTP" off | |
8 "Memcache" off | |
9 "MySQL" off | |
10 "PgSQL" off | |
11 "Redis" off | |
12 "Thrift" off | |
13 "Mongodb" off | |
14 "NFS" off | |
15 "TLS" off | |
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) | |
clear | |
for choice in $choices | |
do | |
case $choice in | |
1) clear | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "packetbeat.protocols:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: icmp" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: amqp" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [5672]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: cassandra" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [9042]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: dhcpv4" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [67, 68]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: dns" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [53]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " include_authorities: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " include_additionals: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " send_request: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " send_response: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " transaction_timeout: 10s" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: http" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [80, 8080, 8000, 5000, 8002]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: memcache" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [11211]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: mysql" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [3306]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: pgsql" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [5432]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: redis" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [6379]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: thrift" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [9090]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " capture_reply: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " transaction_timeout: 10s" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: mongodb" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [27017]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: nfs" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [2049]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: tls" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [443]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " send_certificates: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
2) clear | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: icmp" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
3) clear | |
amqp=$(dialog --title "What is the AMQP port? (Default is 5672)" --backtitle "AMQP Config Section" --inputbox "AMQP Port:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: amqp" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [${amqp}]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
4) clear | |
cass=$(dialog --title "What is the Cassandra port? (Default is 9042)" --backtitle "Cassandra Config Section" --inputbox "Cassandra Port:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: cassandra" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [${cass}]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
5) clear | |
dhcpd=$(dialog --title "What is the DHCP port? (Default is 67, 68)" --backtitle "DHCP Config Section" --inputbox "DHCP Port:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: dhcpv4" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [${dhcpd}]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
6) clear | |
dns$(dialog --title "What is the DNS port? (Default is 53)" --backtitle "DNS Config Section" --inputbox "DNS Port:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: dns" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [${dns}]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
7) clear | |
http=$(dialog --title "What are the HTTP ports? (Default is 80, 8000, 5000, 8002)" --backtitle "HTTP Config Section" --inputbox "HTTP Ports:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: http" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [${http}]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
8) clear | |
memcache=$(dialog --title "What is the memcache port? (Default is 11211)" --backtitle "Memcache Config Section" --inputbox "Memcache Port:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: memcache" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [${memcache}]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
9) clear | |
mysql=$(dialog --title "What is the MySQL port? (Default is 3306)" --backtitle "MySQL Config Section" --input "MySQL Port:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: mysql" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [${mysql}]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
10) clear | |
pgsql=$(dialog --title "What is the pgSQL port? (Default is 5432)" --backtitle "pgSQL Config Section" --input "pgSQL Port:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: pgsql" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [${pgsql}]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
11) clear | |
redis=$(dialog --title "What is the Redis port? (Default is 6379)" --backtitle "Redis Config Section" --input "Redis Port:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: redis" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [${redis}]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
12) clear | |
thrift=$(dialog --title "What is the Thrift port? (Default is 9090)" --backtitle "Thrift Config Section" --input "Thrift Port:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: thrift" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [${thrift}]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
13) clear | |
mongodb=$(dialog --title "What is the Mongodb port? (Default is 27017)" --backtitle "Mongodb Config Section" --input "Mongodb Port:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: mongodb" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [${mongodb}]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
14) clear | |
nfs=$(dialog --title "What is the NFS port? (Default is 2049)" --backtitle "NFS Config Section" --input "NFS Port:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: nfs" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [${nfs}]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
15) clear | |
tls=$(dialog --title "What is the TLS port? (Default is 443)" --backtitle "TLS Config Section" --input "TLS Port:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
tlsCert=$(dialog --title "Send the TLS Certs? (Either true OR false ONLY)" --backtitle "TLS Cert T/F Section" --input "TLS Certificate Included:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "- type: tls" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " ports: [${tls}]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " send_certificates: ${tlsCert}" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
4) clear | |
dialog --title "Configure Monitored Processes?" | |
--backtitle "Monitored Process Section" \ | |
--yesno "Would you like to configure Packetbeat to listen for mysqld, pgsql, nginx, or gunicorn?" 7 60 | |
# Get exit status | |
# 0 means user hit [yes] button. | |
# 1 means user hit [no] button. | |
# 255 means user hit [Esc] key. | |
response=$? | |
case $response in | |
0) clear | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# MONITORED PROCESSES SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "packetbeat.procs:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: true" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " monitored:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " - process: mysqld" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " cmdline_grep: mysqld" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " - process: pgsql" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " cmdline_grep: postgres" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " - process: nginx" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " cmdline_grep: nginx" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " - process: app" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " cmdline_grep: gunicorn" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "packetbeat.ignore_outgoing: false" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
1) clear | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# MONITORED PROCESSES SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "packetbeat.procs:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " enabled: false" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " monitored:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " - process: mysqld" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " cmdline_grep: mysqld" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " - process: pgsql" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " cmdline_grep: postgres" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " - process: nginx" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " cmdline_grep: nginx" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " - process: app" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " cmdline_grep: gunicorn" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "packetbeat.ignore_outgoing: false" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
255) echo "[ESC] key pressed.";; | |
;; | |
5) | |
dialog --title "Configure General Processes?" | |
--backtitle "General Process Section" \ | |
--yesno "Would you like to configure a name & tag specific to this Beat, as well as the memory queue events, minimum event count, and flugh timeout?" 7 60 | |
# Get exit status | |
# 0 means user hit [yes] button. | |
# 1 means user hit [no] button. | |
# 255 means user hit [Esc] key. | |
response=$? | |
case $response in | |
0) clear | |
beatTags=$(dialog --title "What is the Beat Tagname(s)? (Default is 443)" --backtitle "Beat Config Section" --input "Beat Tagname:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
beatEvent=$(dialog --title "How many events should the queue hold? (Default is 4096)" --backtitle "Beat Config Section" --input "Beat Event Count:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
beatMinEvent=$(dialog --title "What is the minimum number of events that should be held until data is release from the queue? (Default is 2048)" --backtitle "Beat Config Section" --input "Beat Min. Event Count:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
beatFlush=$(dialog --title "How long in seconds do you want the flush timeout? (Default is 1)" --backtitle "Beat Config Section" --input "Beat Flush Clock:" 8 40 3>&1 1>&2 2>&3 3>&- ) | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# GENERAL SETTINGS SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#name: Auto-defined by hostname" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "tags:[\"${beatTags}\"]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "queue:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " mem:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " events: ${beatEvent}" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " flush.min_events: ${beatMinEvent}" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " flush.timeout: ${beatFlush}s" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
1) clear | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# GENERAL SETTINGS SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#name: Auto-defined by hostname" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#tags: ["Takes-Make-It", "Easy-To-Group-Servers"]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "queue:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " mem:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " events: 4096" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " flush.min_events: 2048" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo " flush.timeout: 1s" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
;; | |
255) echo "[ESC] key pressed.";; | |
;; | |
6)clear | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# PROCESSORS SECTION" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "###" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# PLEASE RETURN AFTER REVIEWING ONBOARDED DATA TO MANUALLY CONFIGURE" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- drop_event:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# when:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# equals:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# http.code: 200" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- rename:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# fields:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# - from: \"a\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# to: \"b\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- dissect:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# tokenizer: \"%{key1} - %{key2}\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# field: \"message\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# target_prefix: \"dissect\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# The following example enriches each event with metadata from the cloud" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# provider about the host machine. It works on EC2, GCE, DigitalOcean," | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# Tencent Cloud, and Alibaba Cloud. Please come back after confirming" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# which cloud provider you will be leveraging." | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- add_cloud_metadata: ~" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# The following example enriches each event with the machine\'s local time zone" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# offset from UTC." | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- add_locale:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# format: offset" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# The following example enriches each event with docker metadata, it matches" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# container id from log path available in \`source\` field (by default it expects" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# it to be /var/lib/docker/containers/*/*.log)." | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- add_docker_metadata: ~" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# The following example enriches each event with host metadata." | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- add_host_metadata:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# netinfo.enabled: false" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# The following example enriches each event with process metadata using" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# process IDs included in the event." | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- add_process_metadata:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# match_pids: [\"system.process.ppid\"]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# target: system.process.parent" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# The following example decodes fields containing JSON strings" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# and replaces the strings with valid JSON objects." | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#processors:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "#- decode_json_fields:" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# fields: [\"field1\", \"field2\", ...]" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# process_array: false" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# max_depth: 1" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# target: \"\"" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
echo "# overwrite_keys: false" | sudo tee -a /etc/packetbeat/packetbeat.yml | |
esac | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
哈哈