kimsyversen/elk6-client.sh

## elk6-client.sh
# Filebeat on CLIENT
# Work in progress

# Install
# Src: https://www.elastic.co/guide/en/beats/filebeat/current/setup-repositories.html

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
sudo apt-get update && sudo apt-get install filebeat
sudo update-rc.d filebeat defaults 95 10


#=========================== Filebeat prospectors =============================

filebeat.prospectors:
- type: log
  enabled: true
  paths:
    - /var/log/auth.log*
  exclude_files: [".gz$"]

#============================= Filebeat modules ===============================

filebeat.config.modules:
  # Glob pattern for configuration loading
  path: ${path.config}/modules.d/*.yml

  # Set to true to enable config reloading
  reload.enabled: false

  # Period on which files under path should be checked for changes
  #reload.period: 10s

#==================== Elasticsearch template setting ==========================

setup.template.settings:
  index.number_of_shards: 3

#----------------------------- Logstash output --------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["192.168.1.62:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  ssl.certificate_authorities: ["/etc/ssl/logstash-forwarder.crt"]
	# Filebeat on CLIENT
	# Work in progress

	# Install
	# Src: https://www.elastic.co/guide/en/beats/filebeat/current/setup-repositories.html

	wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch \| sudo apt-key add -
	sudo apt-get install apt-transport-https
	echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" \| sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
	sudo apt-get update && sudo apt-get install filebeat
	sudo update-rc.d filebeat defaults 95 10





	#=========================== Filebeat prospectors =============================

	filebeat.prospectors:
	- type: log
	enabled: true
	paths:
	- /var/log/auth.log*
	exclude_files: [".gz$"]

	#============================= Filebeat modules ===============================

	filebeat.config.modules:
	# Glob pattern for configuration loading
	path: ${path.config}/modules.d/*.yml

	# Set to true to enable config reloading
	reload.enabled: false

	# Period on which files under path should be checked for changes
	#reload.period: 10s

	#==================== Elasticsearch template setting ==========================

	setup.template.settings:
	index.number_of_shards: 3

	#----------------------------- Logstash output --------------------------------
	output.logstash:
	# The Logstash hosts
	hosts: ["192.168.1.62:5044"]

	# Optional SSL. By default is off.
	# List of root certificates for HTTPS server verifications
	ssl.certificate_authorities: ["/etc/ssl/logstash-forwarder.crt"]