fa4ef61a0a
All checks were successful
Test and Publish Templates / test-and-publish (push) Successful in 40s
119 lines
3.2 KiB
Bash
Executable File
119 lines
3.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Generate Filebeat configuration from template
|
|
# This script creates a filebeat.yml configuration file with proper authentication
|
|
|
|
# Determine config directory - use CONFIG_PATH from dropshell or fallback
|
|
if [ -n "$CONFIG_PATH" ]; then
|
|
CONFIG_DIR="$CONFIG_PATH"
|
|
elif [ -d "./config" ]; then
|
|
CONFIG_DIR="./config"
|
|
else
|
|
CONFIG_DIR="."
|
|
fi
|
|
|
|
# Ensure config directory exists
|
|
mkdir -p "$CONFIG_DIR"
|
|
|
|
# Generate filebeat.yml configuration
|
|
cat > "$CONFIG_DIR/filebeat.yml" << 'EOF'
|
|
# Filebeat Configuration for LogClient
|
|
# Generated by generate-config.sh
|
|
|
|
# ======================== Docker Input Configuration =========================
|
|
# Use Docker input to collect logs via Docker API
|
|
filebeat.inputs:
|
|
- type: docker
|
|
enabled: true
|
|
# Collect from all containers
|
|
containers.ids:
|
|
- '*'
|
|
# Collect both stdout and stderr
|
|
containers.stream: all
|
|
# Combine partial log lines
|
|
combine_partial: true
|
|
# Add Docker metadata
|
|
processors:
|
|
- add_docker_metadata:
|
|
host: "unix:///var/run/docker.sock"
|
|
|
|
# ======================== System Logs Configuration ==========================
|
|
- type: log
|
|
enabled: true
|
|
paths:
|
|
- /var/log/syslog
|
|
- /var/log/messages
|
|
exclude_lines: ['^#']
|
|
fields:
|
|
log_type: syslog
|
|
|
|
- type: log
|
|
enabled: true
|
|
paths:
|
|
- /var/log/auth.log
|
|
- /var/log/secure
|
|
exclude_lines: ['^#']
|
|
fields:
|
|
log_type: auth
|
|
|
|
# ======================== Processors Configuration ===========================
|
|
processors:
|
|
- add_host_metadata:
|
|
when.not.contains:
|
|
tags: forwarded
|
|
|
|
# ======================== Output Configuration ===============================
|
|
output.logstash:
|
|
hosts: ["${LOGSERVER_HOST}:${LOGSERVER_PORT}"]
|
|
# SSL/TLS configuration
|
|
ssl.enabled: true
|
|
ssl.verification_mode: none # Set to full in production with proper certs
|
|
|
|
# API Key authentication
|
|
api_key: "${API_KEY}"
|
|
|
|
# Performance settings
|
|
bulk_max_size: ${BULK_MAX_SIZE:-2048}
|
|
worker: ${WORKER_THREADS:-1}
|
|
compression_level: 3
|
|
|
|
# Retry configuration
|
|
max_retries: 3
|
|
backoff.init: 1s
|
|
backoff.max: ${MAX_BACKOFF:-60s}
|
|
|
|
# ======================== Queue Configuration ================================
|
|
queue.mem:
|
|
events: ${QUEUE_SIZE:-4096}
|
|
flush.min_events: 512
|
|
flush.timeout: 5s
|
|
|
|
# ======================== Logging Configuration ==============================
|
|
logging.level: info
|
|
logging.to_files: true
|
|
logging.files:
|
|
path: /usr/share/filebeat/data/logs
|
|
name: filebeat
|
|
keepfiles: 3
|
|
permissions: 0600
|
|
|
|
# ======================== Monitoring ==========================================
|
|
monitoring.enabled: false
|
|
http.enabled: true
|
|
http.host: 0.0.0.0
|
|
http.port: 5066
|
|
|
|
# ======================== File Permissions ====================================
|
|
# Set strict permissions (disabled for Docker)
|
|
# filebeat.config.modules.path: ${path.config}/modules.d/*.yml
|
|
EOF
|
|
|
|
echo "Filebeat configuration generated at: $CONFIG_DIR/filebeat.yml"
|
|
|
|
# Validate that required environment variables are set
|
|
if [ -z "$LOGSERVER_HOST" ] || [ -z "$LOGSERVER_PORT" ] || [ -z "$API_KEY" ]; then
|
|
echo "WARNING: Required environment variables not set"
|
|
echo " LOGSERVER_HOST: ${LOGSERVER_HOST:-NOT SET}"
|
|
echo " LOGSERVER_PORT: ${LOGSERVER_PORT:-NOT SET}"
|
|
echo " API_KEY: ${API_KEY:+SET}"
|
|
fi |