diyIT/FreeBSD
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated for FreeBSD 12.2

Browse Source
This commit is contained in:
Sharad Ahlawat
2021-02-13 11:38:38 -08:00
parent bd3cffc61a
commit 5cee123a3c
121 changed files with 7315 additions and 624 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
jails/config/elk/elasticsearch.yml Executable file
View File

@ -0,0 +1,105 @@
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: diyit
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
xpack.security.audit.enabled: true
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.key: certs/diyprivkeyr.pem
xpack.security.http.ssl.certificate: certs/diyfullchain.pem
xpack.security.http.ssl.certificate_authorities: certs/cacert.pem
xpack.security.transport.ssl.key: certs/diyprivkeyr.pem
xpack.security.transport.ssl.certificate: certs/diyfullchain.pem
xpack.security.transport.ssl.certificate_authorities: certs/cacert.pem
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data
path.data: /data/elasticsearch
#
# Path to log files:
#
#path.logs: /path/to/logs
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: _epair0b_
#
# Set a custom port for HTTP:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1"]
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
# ml is not supported on FreeBSD
xpack.ml.enabled: false

2
jails/config/elk/fstab Normal file
View File

@ -0,0 +1,2 @@
fdesc /dev/fd fdescfs rw,auto 0 0
proc /proc procfs rw,auto 0 0

168
jails/config/elk/heartbeat.yml Normal file
View File

@ -0,0 +1,168 @@
################### Heartbeat Configuration Example #########################
# This file is an example configuration file highlighting only some common options.
# The heartbeat.reference.yml file in the same directory contains all the supported options
# with detailed comments. You can use it for reference.
#
# You can find the full configuration reference here:
# https://www.elastic.co/guide/en/beats/heartbeat/index.html
############################# Heartbeat ######################################
# Define a directory to load monitor definitions from. Definitions take the form
# of individual yaml files.
heartbeat.config.monitors:
# Directory + glob pattern to search for configuration files
path: ${path.config}/monitors.d/*.yml
# If enabled, heartbeat will periodically check the config.monitors path for changes
reload.enabled: false
# How often to check for changes
reload.period: 5s
# Configure monitors inline
heartbeat.monitors:
- type: http
# List or urls to query
urls: ["https://cloud.google.com","https://azure.microsoft.com","https://aws.amazon.com"]
# Configure task schedule
schedule: '@every 10s'
# Total test connection and data exchange timeout
#timeout: 16s
#==================== Elasticsearch template setting ==========================
setup.template.settings:
index.number_of_shards: 1
index.codec: best_compression
#_source.enabled: false
#================================ General =====================================
# The name of the shipper that publishes the network data. It can be used to group
# all the transactions sent by a single shipper in the web interface.
#name:
# The tags of the shipper are included in their own field with each
# transaction published.
#tags: ["service-X", "web-tier"]
# Optional fields that you can specify to add additional information to the
# output.
#fields:
# env: staging
#============================== Kibana =====================================
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
setup.kibana:
# Kibana Host
# Scheme and port can be left out and will be set to the default (http and 5601)
# In case you specify and additional path, the scheme is required: http://localhost:5601/path
# IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
host: "http://elk.diyit.org:5601"
# Kibana Space ID
# ID of the Kibana Space into which the dashboards should be loaded. By default,
# the Default Space will be used.
#space.id:
#============================= Elastic Cloud ==================================
# These settings simplify using Heartbeat with the Elastic Cloud (https://cloud.elastic.co/).
# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
# `setup.kibana.host` options.
# You can find the `cloud.id` in the Elastic Cloud web UI.
#cloud.id:
# The cloud.auth setting overwrites the `output.elasticsearch.username` and
# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
#cloud.auth:
#================================ Outputs =====================================
# Configure what output to use when sending the data collected by the beat.
#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
# Array of hosts to connect to.
#hosts: ["localhost:9200"]
# Protocol - either `http` (default) or `https`.
#protocol: "https"
# Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
#username: "elastic"
#password: "changeme"
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["elk.diyit.org:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/mnt/certs/cacert.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/mnt/certs/diyfullchain.pem"
# Client Certificate Key
#ssl.key: "/mnt/certs/diyprivkeyr.pem"
#================================ Processors =====================================
processors:
- add_observer_metadata:
# Optional, but recommended geo settings for the location Heartbeat is running in
#geo:
# Token describing this location
#name: us-east-1a
# Lat, Lon "
#location: "37.926868, -78.024902"
#================================ Logging =====================================
# Sets log level. The default log level is info.
# Available log levels are: error, warning, info, debug
#logging.level: debug
# At debug level, you can selectively enable logging only for some components.
# To enable all selectors use ["*"]. Examples of other selectors are "beat",
# "publish", "service".
#logging.selectors: ["*"]
#============================== X-Pack Monitoring ===============================
# heartbeat can export internal metrics to a central Elasticsearch monitoring
# cluster. This requires xpack monitoring to be enabled in Elasticsearch. The
# reporting is disabled by default.
# Set to true to enable the monitoring reporter.
#monitoring.enabled: false
# Sets the UUID of the Elasticsearch cluster under which monitoring data for this
# Heartbeat instance will appear in the Stack Monitoring UI. If output.elasticsearch
# is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch.
#monitoring.cluster_uuid:
# Uncomment to send the metrics to Elasticsearch. Most settings from the
# Elasticsearch output are accepted here as well.
# Note that the settings should point to your Elasticsearch *monitoring* cluster.
# Any setting that is not set is automatically inherited from the Elasticsearch
# output configuration, so if you have the Elasticsearch output configured such
# that it is pointing to your Elasticsearch monitoring cluster, you can simply
# uncomment the following line.
#monitoring.elasticsearch:
#================================= Migration ==================================
# This allows to enable 6.7 migration aliases
#migration.6_to_7.enabled: true

77
jails/config/elk/jvm.options Executable file
View File

@ -0,0 +1,77 @@
## JVM configuration
################################################################
## IMPORTANT: JVM heap size
################################################################
##
## You should always set the min and max JVM heap
## size to the same value. For example, to set
## the heap to 4 GB, set:
##
## -Xms4g
## -Xmx4g
##
## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
## for more information
##
################################################################
# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space
-Xms4g
-Xmx4g
################################################################
## Expert settings
################################################################
##
## All settings below this section are considered
## expert settings. Don't tamper with them unless
## you understand what you are doing
##
################################################################
## GC configuration
8-13:-XX:+UseConcMarkSweepGC
8-13:-XX:CMSInitiatingOccupancyFraction=75
8-13:-XX:+UseCMSInitiatingOccupancyOnly
## G1GC Configuration
# NOTE: G1 GC is only supported on JDK version 10 or later
# to use G1GC, uncomment the next two lines and update the version on the
# following three lines to your version of the JDK
# 10-13:-XX:-UseConcMarkSweepGC
# 10-13:-XX:-UseCMSInitiatingOccupancyOnly
14-:-XX:+UseG1GC
14-:-XX:G1ReservePercent=25
14-:-XX:InitiatingHeapOccupancyPercent=30
## JVM temporary directory
-Djava.io.tmpdir=${ES_TMPDIR}
## heap dumps
# generate a heap dump when an allocation from the Java heap fails
# heap dumps are created in the working directory of the JVM
-XX:+HeapDumpOnOutOfMemoryError
# specify an alternative path for heap dumps; ensure the directory exists and
# has sufficient space
-XX:HeapDumpPath=data
# specify an alternative path for JVM fatal error logs
-XX:ErrorFile=logs/hs_err_pid%p.log
## JDK 8 GC logging
8:-XX:+PrintGCDetails
8:-XX:+PrintGCDateStamps
8:-XX:+PrintTenuringDistribution
8:-XX:+PrintGCApplicationStoppedTime
8:-Xloggc:${ES_TMPDIR}/gc.log
8:-XX:+UseGCLogFileRotation
8:-XX:NumberOfGCLogFiles=32
8:-XX:GCLogFileSize=64m
# JDK 9+ GC logging
9-:-Xlog:gc*,gc+age=trace,safepoint:file=${ES_TMPDIR}/gc.log:utctime,pid,tags:filecount=32,filesize=64m

115
jails/config/elk/kibana.yml Normal file
View File

@ -0,0 +1,115 @@
# Kibana is served by a back end server. This setting specifies the port to use.
#server.port: 5601
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "::"
# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""
# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false
# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576
# The Kibana server's name. This is used for display purposes.
server.name: "kibana.diyit.org"
# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["https://elk.diyit.org:9200"]
# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true
# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"
# The default application to load.
#kibana.defaultAppId: "home"
# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana"
elasticsearch.password: "0AKzGiy2Cu4Klaz23asT"
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
server.ssl.enabled: true
server.ssl.certificate: /mnt/certs/diyfullchain.pem
server.ssl.key: /mnt/certs/diyprivkeyr.pem
# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key
# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
elasticsearch.ssl.certificateAuthorities: [ "/mnt/certs/cacert.pem" ]
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
elasticsearch.ssl.verificationMode: full
# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500
# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000
# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]
# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}
# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000
# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000
# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
#elasticsearch.logQueries: false
# Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid
# Enables you specify a file where Kibana stores log output.
#logging.dest: stdout
# Set the value of this setting to true to suppress all logging output.
#logging.silent: false
# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false
# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false
# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000
# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
#i18n.locale: "en"

31
jails/config/elk/logstash.conf Normal file
View File

@ -0,0 +1,31 @@
# Copyright (c) 2018-2021, diyIT.org
# All rights reserved.
#
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
# https://diyit.org/license/
#
#
input {
beats {
port => 5044
ssl => false
#https://discuss.elastic.co/t/problem-with-cipher-in-beat-input/67841
ssl_key => '/mnt/certs/diyprivkeyr.pem'
ssl_certificate => '/mnt/certs/diyfullchain.pem'
ssl_certificate_authorities => ["/mnt/certs/cacert.pem"]
ssl_verify_mode => "force_peer"
}
}
output {
elasticsearch {
ssl => true
ssl_certificate_verification => true
cacert => '/mnt/certs/cacert.pem'
hosts => ["https://elk.diyit.org:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => "elastic"
password => "${es_pwd}"
}
}

BIN
jails/config/elk/logstash.keystore Normal file
View File

Binary file not shown.

258
jails/config/elk/logstash.yml Normal file
View File

@ -0,0 +1,258 @@
# Settings file in YAML
#
# Settings can be specified either in hierarchical form, e.g.:
#
# pipeline:
# batch:
# size: 125
# delay: 5
#
# Or as flat keys:
#
# pipeline.batch.size: 125
# pipeline.batch.delay: 5
#
# ------------ Node identity ------------
#
# Use a descriptive name for the node:
#
node.name: logstash
#
# If omitted the node name will default to the machine's host name
#
# ------------ Data path ------------------
#
# Which directory should be used by logstash and its plugins
# for any persistent needs. Defaults to LOGSTASH_HOME/data
#
path.data: /var/db/logstash
#
# ------------ Pipeline Settings --------------
#
# The ID of the pipeline.
#
# pipeline.id: main
#
# Set the number of workers that will, in parallel, execute the filters+outputs
# stage of the pipeline.
#
# This defaults to the number of the host's CPU cores.
#
pipeline.workers: 4
#
# How many events to retrieve from inputs before sending to filters+workers
#
# pipeline.batch.size: 125
#
# How long to wait in milliseconds while polling for the next event
# before dispatching an undersized batch to filters+outputs
#
# pipeline.batch.delay: 50
#
# Force Logstash to exit during shutdown even if there are still inflight
# events in memory. By default, logstash will refuse to quit until all
# received events have been pushed to the outputs.
#
# WARNING: enabling this can lead to data loss during shutdown
#
# pipeline.unsafe_shutdown: false
#
# ------------ Pipeline Configuration Settings --------------
#
# Where to fetch the pipeline configuration for the main pipeline
#
path.config: /usr/local/etc/logstash/logstash.conf
#
# Pipeline configuration string for the main pipeline
#
# config.string:
#
# At startup, test if the configuration is valid and exit (dry run)
#
# config.test_and_exit: false
#
# Periodically check if the configuration has changed and reload the pipeline
# This can also be triggered manually through the SIGHUP signal
#
# config.reload.automatic: false
#
# How often to check if the pipeline configuration has changed (in seconds)
#
# config.reload.interval: 3s
#
# Show fully compiled configuration as debug log message
# NOTE: --log.level must be 'debug'
#
# config.debug: false
#
# When enabled, process escaped characters such as \n and \" in strings in the
# pipeline configuration files.
#
# config.support_escapes: false
#
# ------------ Module Settings ---------------
# Define modules here. Modules definitions must be defined as an array.
# The simple way to see this is to prepend each `name` with a `-`, and keep
# all associated variables under the `name` they are associated with, and
# above the next, like this:
#
# modules:
# - name: MODULE_NAME
# var.PLUGINTYPE1.PLUGINNAME1.KEY1: VALUE
# var.PLUGINTYPE1.PLUGINNAME1.KEY2: VALUE
# var.PLUGINTYPE2.PLUGINNAME1.KEY1: VALUE
# var.PLUGINTYPE3.PLUGINNAME3.KEY1: VALUE
#
# Module variable names must be in the format of
#
# var.PLUGIN_TYPE.PLUGIN_NAME.KEY
#
# modules:
#
# ------------ Cloud Settings ---------------
# Define Elastic Cloud settings here.
# Format of cloud.id is a base64 value e.g. dXMtZWFzdC0xLmF3cy5mb3VuZC5pbyRub3RhcmVhbCRpZGVudGlmaWVy
# and it may have an label prefix e.g. staging:dXMtZ...
# This will overwrite 'var.elasticsearch.hosts' and 'var.kibana.host'
# cloud.id: <identifier>
#
# Format of cloud.auth is: <user>:<pass>
# This is optional
# If supplied this will overwrite 'var.elasticsearch.username' and 'var.elasticsearch.password'
# If supplied this will overwrite 'var.kibana.username' and 'var.kibana.password'
# cloud.auth: elastic:<password>
#
# ------------ Queuing Settings --------------
#
# Internal queuing model, "memory" for legacy in-memory based queuing and
# "persisted" for disk-based acked queueing. Defaults is memory
#
# queue.type: memory
#
# If using queue.type: persisted, the directory path where the data files will be stored.
# Default is path.data/queue
#
# path.queue:
#
# If using queue.type: persisted, the page data files size. The queue data consists of
# append-only data files separated into pages. Default is 64mb
#
# queue.page_capacity: 64mb
#
# If using queue.type: persisted, the maximum number of unread events in the queue.
# Default is 0 (unlimited)
#
# queue.max_events: 0
#
# If using queue.type: persisted, the total capacity of the queue in number of bytes.
# If you would like more unacked events to be buffered in Logstash, you can increase the
# capacity using this setting. Please make sure your disk drive has capacity greater than
# the size specified here. If both max_bytes and max_events are specified, Logstash will pick
# whichever criteria is reached first
# Default is 1024mb or 1gb
#
# queue.max_bytes: 1024mb
#
# If using queue.type: persisted, the maximum number of acked events before forcing a checkpoint
# Default is 1024, 0 for unlimited
#
# queue.checkpoint.acks: 1024
#
# If using queue.type: persisted, the maximum number of written events before forcing a checkpoint
# Default is 1024, 0 for unlimited
#
# queue.checkpoint.writes: 1024
#
# If using queue.type: persisted, the interval in milliseconds when a checkpoint is forced on the head page
# Default is 1000, 0 for no periodic checkpoint.
#
# queue.checkpoint.interval: 1000
#
# ------------ Dead-Letter Queue Settings --------------
# Flag to turn on dead-letter queue.
#
# dead_letter_queue.enable: false
# If using dead_letter_queue.enable: true, the maximum size of each dead letter queue. Entries
# will be dropped if they would increase the size of the dead letter queue beyond this setting.
# Default is 1024mb
# dead_letter_queue.max_bytes: 1024mb
# If using dead_letter_queue.enable: true, the directory path where the data files will be stored.
# Default is path.data/dead_letter_queue
#
# path.dead_letter_queue:
#
# ------------ Metrics Settings --------------
#
# Bind address for the metrics REST endpoint
#
# http.host: "127.0.0.1"
#
# Bind port for the metrics REST endpoint, this option also accept a range
# (9600-9700) and logstash will pick up the first available ports.
#
# http.port: 9600-9700
#
# ------------ Debugging Settings --------------
#
# Options for log.level:
# * fatal
# * error
# * warn
# * info (default)
# * debug
# * trace
#
# log.level: info
# path.logs:
#
# ------------ Other Settings --------------
#
# Where to find custom plugins
# path.plugins: []
#
# Flag to output log lines of each pipeline in its separate log file. Each log filename contains the pipeline.name
# Default is false
# pipeline.separate_logs: false
#
# ------------ X-Pack Settings (not applicable for OSS build)--------------
#
# X-Pack Monitoring
# https://www.elastic.co/guide/en/logstash/current/monitoring-logstash.html
xpack.monitoring.enabled: false
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: a746MPWa1AVieOJlDtM2
xpack.monitoring.elasticsearch.hosts: ["https://elk.diyit.org:9200"]
#xpack.monitoring.elasticsearch.hosts: ["https://es1:9200", "https://es2:9200"]
# an alternative to hosts + username/password settings is to use cloud_id/cloud_auth
#xpack.monitoring.elasticsearch.cloud_id: monitoring_cluster_id:xxxxxxxxxx
#xpack.monitoring.elasticsearch.cloud_auth: logstash_system:password
xpack.monitoring.elasticsearch.ssl.certificate_authority: "/mnt/certs/cacert.crt"
#xpack.monitoring.elasticsearch.ssl.truststore.path: path/to/file
#xpack.monitoring.elasticsearch.ssl.truststore.password: password
#xpack.monitoring.elasticsearch.ssl.keystore.path: /path/to/file
#xpack.monitoring.elasticsearch.ssl.keystore.password: password
xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
#xpack.monitoring.elasticsearch.sniffing: false
#xpack.monitoring.collection.interval: 10s
#xpack.monitoring.collection.pipeline.details.enabled: true
#
# X-Pack Management
# https://www.elastic.co/guide/en/logstash/current/logstash-centralized-pipeline-management.html
#xpack.management.enabled: false
#xpack.management.pipeline.id: ["main", "apache_logs"]
#xpack.management.elasticsearch.username: logstash_admin_user
#xpack.management.elasticsearch.password: password
#xpack.management.elasticsearch.hosts: ["https://es1:9200", "https://es2:9200"]
# an alternative to hosts + username/password settings is to use cloud_id/cloud_auth
#xpack.management.elasticsearch.cloud_id: management_cluster_id:xxxxxxxxxx
#xpack.management.elasticsearch.cloud_auth: logstash_admin_user:password
#xpack.management.elasticsearch.ssl.certificate_authority: [ "/path/to/ca.crt" ]
#xpack.management.elasticsearch.ssl.truststore.path: /path/to/file
#xpack.management.elasticsearch.ssl.truststore.password: password
#xpack.management.elasticsearch.ssl.keystore.path: /path/to/file
#xpack.management.elasticsearch.ssl.keystore.password: password
#xpack.management.elasticsearch.ssl.verification_mode: certificate
#xpack.management.elasticsearch.sniffing: false
#xpack.management.logstash.poll_interval: 5s

130
jails/config/elk/rc.d/elasticsearch Executable file
View File

@ -0,0 +1,130 @@
#!/bin/sh
#
# $FreeBSD: head/textproc/elasticsearch7/files/elasticsearch.in 538703 2020-06-13 22:41:04Z glewis $
#
# PROVIDE: elasticsearch
# REQUIRE: NETWORKING SERVERS
# BEFORE: DAEMON
# KEYWORD: shutdown
#
# Add the following line to /etc/rc.conf to enable elasticsearch:
#
# elasticsearch_enable="YES"
#
# elasticsearch_user (username): Set to elasticsearch by default.
# Set it to required username.
# elasticsearch_group (group): Set to elasticsearch by default.
# Set it to required group.
# elasticsearch_config (path): Set to /usr/local/etc/elasticsearch/elasticsearch.yml by default.
# Set it to the config file location.
# elasticsearch_java_home (path): Set to /usr/local/openjdk8 by default.
# Set it to the root of the JDK to use.
#
. /etc/rc.subr
name=elasticsearch
rcvar=elasticsearch_enable
load_rc_config ${name}
: ${elasticsearch_enable:=NO}
: ${elasticsearch_user=elasticsearch}
: ${elasticsearch_group=elasticsearch}
: ${elasticsearch_config=/usr/local/etc/elasticsearch}
: ${elasticsearch_login_class=root}
: ${elasticsearch_java_home="/usr/local/openjdk11"}
required_files="${elasticsearch_config}/elasticsearch.yml"
_pidprefix=/var/run/elasticsearch/elasticsearch
pidfile=${_pidprefix}.pid
procname=${elasticsearch_java_home}/bin/java
extra_commands="console status"
console_cmd=elasticsearch_console
start_precmd=elasticsearch_precmd
command=/usr/local/lib/elasticsearch/bin/elasticsearch
command_args="-d --pidfile=${pidfile}"
export ES_PATH_CONF=${elasticsearch_config}
export JAVA_HOME=${elasticsearch_java_home}
elasticsearch_precmd()
{
/usr/bin/install -d -o ${elasticsearch_user} -g ${elasticsearch_group} -m 755 ${pidfile%/*}
/usr/bin/install -d -o ${elasticsearch_user} -g ${elasticsearch_group} -m 755 /var/db/elasticsearch
/usr/bin/install -d -o ${elasticsearch_user} -g ${elasticsearch_group} -m 755 /var/log/elasticsearch
}
elasticsearch_console()
{
command_args=""
run_rc_command "start"
}
if [ -n "$2" ]; then
profile="$2"
if [ "x${elasticsearch_profiles}" != "x" ]; then
eval elasticsearch_config="\${elasticsearch_${profile}_config:-}"
if [ "x${elasticsearch_config}" = "x" ]; then
echo "You must define a configuration (elasticsearch_${profile}_config)"
exit 1
fi
export ES_PATH_CONF=${elasticsearch_config}
required_files="${elasticsearch_config}/elasticsearch.yml"
required_files="${elasticsearch_config}/jvm.options"
eval elasticsearch_enable="\${elasticsearch_${profile}_enable:-${elasticsearch_enable}}"
pidfile="${_pidprefix}.${profile}.pid"
command_args="-d --pidfile=${pidfile}"
echo "===> elasticsearch profile: ${profile}"
else
echo "$0: extra argument ignored"
fi
else
if [ "x${elasticsearch_profiles}" != "x" -a "x$1" != "x" ]; then
for profile in ${elasticsearch_profiles}; do
eval _enable="\${elasticsearch_${profile}_enable}"
case "x${_enable:-${elasticsearch_enable}}" in
x|x[Nn][Oo]|x[Nn][Oo][Nn][Ee])
continue
;;
x[Yy][Ee][Ss])
;;
*)
if test -z "$_enable"; then
_var=elasticsearch_enable
else
_var=elasticsearch_"${profile}"_enable
fi
echo "Bad value" \
"'${_enable:-${elasticsearch_enable}}'" \
"for ${_var}. " \
"Profile ${profile} skipped."
continue
;;
esac
/usr/local/etc/rc.d/elasticsearch $1 ${profile}
retcode="$?"
if [ "0${retcode}" -ne 0 ]; then
failed="${profile} (${retcode}) ${failed:-}"
else
success="${profile} ${success:-}"
fi
done
exit 0
fi
fi
if [ "x${elasticsearch_mem_min}" != "x" ]; then
echo "The elasticsearch_mem_min variable is no longer supported please set this in ${elasticsearch_config}/jvm.options"
exit 1;
fi
if [ "x${elasticsearch_mem_max}" != "x" ]; then
echo "The elasticsearch_mem_max variable is no longer supported please set this in ${elasticsearch_config}/jvm.options"
exit 1;
fi
if [ "x${elasticsearch_props}" != "x" ]; then
echo "The elasticsearch_props variable is no longer supported please set this in ${elasticsearch_config}/jvm.options"
exit 1;
fi
run_rc_command "$1"

121
jails/config/elk/rc.d/logstash Executable file
View File

@ -0,0 +1,121 @@
#!/bin/sh
# Configuration settings for logstash in /etc/rc.conf:
#
# PROVIDE: logstash
# REQUIRE: DAEMON
# BEFORE: LOGIN
# KEYWORD: shutdown
#
# logstash_enable (bool):
# Default value: "NO"
# Flag that determines whether Logstash is enabled.
#
# logstash_home (string):
# Default value: "/usr/local/logstash"
# Logstash installation directory.
#
# logstash_config (string):
# Default value: /usr/local/etc/${name}
# Logstash configuration path.
#
# logstash_log (bool):
# Set to "NO" by default.
# Set it to "YES" to enable logstash logging to file
# Default output to /var/log/logstash.log
#
# logstash_log_file (string):
# Default value: "${logdir}/${name}.log"
# Log file path.
#
# logstash_java_home (string):
# Default value: "/usr/local/openjdk8"
# Root directory of the desired Java SDK.
# The JAVA_HOME environment variable is set with the contents of this
# variable.
#
# logstash_java_opts (string):
# Default value: ""
# Options to pass to the Java Virtual Machine.
# The JAVA_OPTS environment variable is set with the contents of this
# variable.
#
# logstash_opts (string):
# Default value: ""
# Additional command line flags for logstash, eg. "-r"
#
. /etc/rc.subr
name=logstash
rcvar=logstash_enable
load_rc_config ${name}
logdir="/var/log"
: ${logstash_enable="NO"}
: ${logstash_user="logstash"}
: ${logstash_group="logstash"}
: ${logstash_home="/usr/local/logstash"}
: ${logstash_config="/usr/local/etc/logstash"}
: ${logstash_log="YES"}
: ${logstash_log_dir="${logdir}/${name}"}
: ${logstash_java_home="/usr/local/openjdk11"}
: ${logstash_java_opts=""}
: ${logstash_opts=""}
pidfile=/var/run/${name}/${name}.pid
extra_commands="configtest reload"
start_precmd="logstash_precmd"
configtest_cmd=configtest
logstash_cmd="${logstash_home}/bin/logstash"
procname="${logstash_java_home}/bin/java"
logstash_chdir=${logstash_home}
logstash_log_options=""
if checkyesno logstash_log; then
logstash_log_options=" -l ${logstash_log_dir}"
fi
logstash_args="--path.settings ${logstash_config} ${logstash_log_options} ${logstash_opts}"
JAVA_OPTS="${logstash_java_opts}"
JAVA_HOME="${logstash_java_home}"
export JAVA_OPTS
export JAVA_HOME
command="/usr/sbin/daemon"
command_args="-f -p ${pidfile} ${logstash_cmd} ${logstash_args}"
required_files="${logstash_home} ${logstash_java_home} ${logstash_cmd} ${logstash_config}"
# Include /usr/local/bin in path because Logstash startup scripts
# assume bash is in path.
PATH=/usr/local/bin:$PATH
logstash_precmd()
{
/usr/bin/install -d -o ${logstash_user} -g ${logstash_group} -m 755 ${pidfile%/*}
/usr/bin/install -d -o ${logstash_user} -g ${logstash_group} -m 755 ${logstash_log_dir}
/usr/bin/install -d -o ${logstash_user} -g ${logstash_group} -m 755 /var/db/logstash
/usr/bin/install -d -o ${logstash_user} -g ${logstash_group} -m 755 /var/run/logstash
if [ -d ${logstash_home}/data/queue ]; then
chown ${logstash_user}:${logstash_group} ${logstash_home}/data/queue
fi
}
configtest()
{
echo "${name} configtest:"
echo "WARNING: this does not check validity of Grok patterns!"
echo "WARNING: this does not check validity of Grok patterns!"
echo "WARNING: this does not check validity of Grok patterns!"
${logstash_cmd} --path.settings ${logstash_config} --config.test_and_exit
}
run_rc_command "$1"

7
jails/config/elk/start_logstash.sh Executable file
View File

@ -0,0 +1,7 @@
ps axww | grep logstash
echo press any key to continue - ctrl-c to abort
read X
mount proc
service logstash start
#/usr/sbin/daemon -f /usr/local/logstash/bin/logstash --path.settings /usr/local/etc/logstash -l /var/log/logstash
ps axww | grep logstash

3
jails/config/elk/updateCerts.sh Executable file
View File

@ -0,0 +1,3 @@
cp /mnt/certs/diy*.pem /usr/local/etc/elasticsearch/certs
cp /mnt/certs/cacert.pem /usr/local/etc/elasticsearch/certs
service elasticsearch restart