chef-winlogbeat's Introduction

winlogbeat

Description

Elastic Winlogbeat is used to forward Windows event logs to ELK ecosystem supported receivers. Those outputs are:

Elasticsearch
Logstash
Kafka
Redis
File

Whole configuration file may be overrided by using your attributes in a wrapper cookbook. See documentation for available configuration options.

Requirements

This cookbook may work with Winlogbeat 6.x.x, but I didn't test it out. PRs are welcome.

Platforms

Tested only on Windows Server 2012 R2. But should work on any modern Windows.

Attributes

Attribute	Description	Type	Default
`['winlogbeat']['version']`	Version of Elastic Winlogbeat.	String	`5.6.8`
`['winlogbeat']['package_url']`	Url to download Elastic Winlogbeat from.	String	`auto`
`['winlogbeat']['notify_restart']`	Automatically restart Winlogbeat if config changes during converge.	Boolean	`true`
`['winlogbeat']['install_only']`	If `true` do not create service and generate config file.	Boolean	`false`
`['winlogbeat']['install_dir']`	Installation directory for Elastic Winlogbeat.	String	`C:\Program Files\Winlogbeat`
`['winlogbeat']['override_config']`	Configuration values to override in default config.	Hash	{}

Recipes

default.rb - Install and configure Elastic Winlogbeat.
install.rb - Download Winlogbeat.
configure.rb - Create a service and generate config file.

Kitchen

# Full testing: check style, converge and verify instance
chef exec rake

Examples

For examples see test/fixtures/cookbooks/test cookbook.

Authors

Author:: Azat Khadiev ([email protected])

chef-winlogbeat's People

Contributors

Stargazers

Watchers

chef-winlogbeat's Issues

Updating to new version fails

Changing the config from:
default['winlogbeat']['version'] = '1.2.2'
default['winlogbeat']['package_url'] = 'auto'

to:
default['winlogbeat']['version'] = '5.4.2'
default['winlogbeat']['package_url'] = 'https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-5.4.2-windows-x86_64.zip'

fails when the service tries to start.

Ive changed a couple sections of code to enable logging to logstash, it works with older version:
default['winlogbeat']['config']['winlogbeat']['registry_file'] = 'C:/ProgramData/winlogbeat/.winlogbeat.yml'
default['winlogbeat']['config']['winlogbeat']['event_logs'] = [
{ 'name' => 'Security', 'ignore_older' => '24h' },
{ 'name' => 'System', 'ignore_older' => '24h' }
]

Logstash Output config info

default['winlogbeat']['config']['output']['logstash']['enabled'] = true
default['winlogbeat']['config']['output']['logstash']['hosts'] = ['cbs-elk.hl.aws:5044']
default['winlogbeat']['config']['output']['logstash']['loadbalance'] = true
default['winlogbeat']['config']['output']['logstash']['save_topology'] = false
default['winlogbeat']['config']['output']['logstash']['index'] = 'winlogbeat'

The error is:
Error executing action `start` on resource 'windows_service[winlogbeat]'
SystemCallError

The parameter is incorrect. - StartService: The parameter is incorrect.

Im wondering if maybe the the new version doesnt like the config. I will continue to update this if I find out more info.

anuriq / chef-winlogbeat Goto Github PK