z3ndrag0n/filebeat.yml

## filebeat.yml
---
- name: Config Web VM filebeat
  hosts: webservers
  become: true
  tasks:
    - name: Download and install filebeat to the VM
      apt:
        deb: "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.1-amd64.deb"
        state: present

    - name: Download filebeat to the web VM
      copy:
        src: /etc/ansible/files/filebeat-7.6.1-amd64.deb
        dest: /tmp

    - name: Copy filebeat package into the DVWA docker container
      command: docker cp /tmp/filebeat-7.6.1-amd64.deb dvwa:/tmp

    - name: install fileeat inside the container
      command: docker exec -it dvwa apt install /tmp/filebeat-7.6.1-amd64.deb

    - name: Copy filebeat config into docker container
      command: docker cp /etc/filebeat/filebeat.yml dvwa:/etc/filebeat/filebeat.yml

    - name: Enable the filebeat nginx module in the docker container
      command: docker exec -it dvwa filebeat modules enable apache

    - name: Setup the filebeat kibana dashboards
      command: docker exec -it dvwa filebeat setup

    - name: Start filebeat
      command: docker exec -it dvwa service filebeat start

    - name: Update setup.kibana in /etc/filebeat/filebeat.yml
      replace:
        path: /etc/filebeat/filebeat.yml
        regexp: '(\s+)#host: "localhost:5601"(\s+.*)?$'
        replace: '\1host: "10.2.0.4:5601"\2'
        backup: yes

    - name: Update output.elasticsearch in /etc/filebeat/filebeat.yml
      replace:
        path: /etc/filebeat/filebeat.yml
        regexp: '(\s+)hosts: \["localhost:9200"\](\s+.*)?$'
        replace: '\1hosts: ["10.2.0.4:9200"]\2'
        backup: yes

    - name: Enable the filebeat system module
      command: filebeat modules enable system
      args:
        creates: /etc/filebeat/modules.d/system.yml

    - name: Setup the filebeat kibana dashboards
      command: filebeat setup

    - name: Enable filebeat on boot and start it (using systemd)
      systemd:
          name: filebeat
          state: started
          enabled: yes
	---
	- name: Config Web VM filebeat
	hosts: webservers
	become: true
	tasks:
	- name: Download and install filebeat to the VM
	apt:
	deb: "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.1-amd64.deb"
	state: present

	- name: Download filebeat to the web VM
	copy:
	src: /etc/ansible/files/filebeat-7.6.1-amd64.deb
	dest: /tmp

	- name: Copy filebeat package into the DVWA docker container
	command: docker cp /tmp/filebeat-7.6.1-amd64.deb dvwa:/tmp

	- name: install fileeat inside the container
	command: docker exec -it dvwa apt install /tmp/filebeat-7.6.1-amd64.deb

	- name: Copy filebeat config into docker container
	command: docker cp /etc/filebeat/filebeat.yml dvwa:/etc/filebeat/filebeat.yml

	- name: Enable the filebeat nginx module in the docker container
	command: docker exec -it dvwa filebeat modules enable apache

	- name: Setup the filebeat kibana dashboards
	command: docker exec -it dvwa filebeat setup

	- name: Start filebeat
	command: docker exec -it dvwa service filebeat start

	- name: Update setup.kibana in /etc/filebeat/filebeat.yml
	replace:
	path: /etc/filebeat/filebeat.yml
	regexp: '(\s+)#host: "localhost:5601"(\s+.*)?$'
	replace: '\1host: "10.2.0.4:5601"\2'
	backup: yes

	- name: Update output.elasticsearch in /etc/filebeat/filebeat.yml
	replace:
	path: /etc/filebeat/filebeat.yml
	regexp: '(\s+)hosts: \["localhost:9200"\](\s+.*)?$'
	replace: '\1hosts: ["10.2.0.4:9200"]\2'
	backup: yes

	- name: Enable the filebeat system module
	command: filebeat modules enable system
	args:
	creates: /etc/filebeat/modules.d/system.yml

	- name: Setup the filebeat kibana dashboards
	command: filebeat setup

	- name: Enable filebeat on boot and start it (using systemd)
	systemd:
	name: filebeat
	state: started
	enabled: yes