source "beats.crt"
user "root"
group "logstash"
- mode 0o644
+ mode "644"
notifies :restart, "service[logstash]"
end
content keys["beats"].join("\n")
user "root"
group "logstash"
- mode 0o640
+ mode "640"
notifies :restart, "service[logstash]"
end
source "logstash.conf.erb"
user "root"
group "root"
- mode 0o644
+ mode "644"
notifies :start, "service[logstash]"
end
file "/etc/logrotate.d/logstash" do
- mode 0o644
+ mode "644"
end
template "/etc/default/logstash" do
source "logstash.default.erb"
user "root"
group "root"
- mode 0o644
+ mode "644"
notifies :restart, "service[logstash]"
end
source "expire.erb"
owner "root"
group "root"
- mode 0o755
+ mode "755"
end
-forwarders = search(:node, "recipes:logstash\\:\\:forwarder")
+forwarders = []
-forwarders.sort_by { |n| n[:fqdn] }.each do |forwarder|
- forwarder.interfaces(:role => :external) do |interface|
- firewall_rule "accept-lumberjack-#{forwarder}" do
- action :accept
- family interface[:family]
- source "#{interface[:zone]}:#{interface[:address]}"
- dest "fw"
- proto "tcp:syn"
- dest_ports "5043"
- source_ports "1024:"
- end
-
- firewall_rule "accept-beats-#{forwarder}" do
- action :accept
- family interface[:family]
- source "#{interface[:zone]}:#{interface[:address]}"
- dest "fw"
- proto "tcp:syn"
- dest_ports "5044"
- source_ports "1024:"
- end
- end
+search(:node, "recipes:logstash\\:\\:forwarder").each do |forwarder|
+ forwarders.append(forwarder.ipaddresses(:role => :external))
end
-gateways = search(:node, "roles:gateway")
-
-gateways.sort_by { |n| n[:fqdn] }.each do |gateway|
- gateway.interfaces(:role => :external) do |interface|
- firewall_rule "accept-lumberjack-#{gateway}" do
- action :accept
- family interface[:family]
- source "#{interface[:zone]}:#{interface[:address]}"
- dest "fw"
- proto "tcp:syn"
- dest_ports "5043"
- source_ports "1024:"
- end
+search(:node, "roles:gateway").each do |forwarder|
+ forwarders.append(forwarder.ipaddresses(:role => :external))
+end
- firewall_rule "accept-beats-#{gateway}" do
- action :accept
- family interface[:family]
- source "#{interface[:zone]}:#{interface[:address]}"
- dest "fw"
- proto "tcp:syn"
- dest_ports "5044"
- source_ports "1024:"
- end
- end
+firewall_rule "accept-logstash" do
+ action :accept
+ context :incoming
+ protocol :tcp
+ source forwarders
+ dest_ports %w[5043 5044]
+ source_ports "1024-65535"
+ not_if { forwarders.empty? }
end