The winlogbeat
module installs and configures the winlogbeat log shipper maintained by elastic.
By default winlogbeat
downloads the software to your system, and installs winlogbeat along
with required configurations.
The winlogbeat
module depends on:
winlogbeat
can be installed with puppet module install puppet-winlogbeat
(or with r10k, librarian-puppet, etc.)
The only required parameter, other than which event logs to ship, is the outputs
parameter.
All of the default values in winlogbeat follow the upstream defaults (at the time of writing).
To ship files to elasticsearch:
class { 'winlogbeat':
outputs => {
'elasticsearch' => {
'hosts' => [
'http://localhost:9200',
'http://anotherserver:9200'
],
'index' => 'winlogbeat',
'cas' => [
'/etc/pki/root/ca.pem',
],
},
},
}
To ship log files through logstash:
class { 'winlogbeat':
outputs => {
'logstash' => {
'hosts' => [
'localhost:5044',
'anotherserver:5044'
],
'index' => 'winlogbeat',
'loadbalance' => true,
},
},
}
Shipper and logging options can be configured the same way, and are documented on the elastic website.
This module doesn't load the elasticsearch index template into elasticsearch (required when shipping directly to elasticsearch).
Pull requests and bug reports are welcome. If you're sending a pull request, please consider writing tests if applicable.
Used the pcfens/filebeat module as a starting point.