Installs Elastic's Filebeat for forwarding logs.
filebeat_version- The version of filebeat to install. Defaults to6.4.2.filebeat_state- Defaults topresent. Set it toabsentto uninstall filebeat.filebeat_config- YAML representation of your filebeat config. This is templated directly into the configuration file as YAML. See the example configuration for an exhaustive list of configuration options. Defaults to:
filebeat_config:
filebeat:
prospectors:
- paths:
- /var/log/messages
- /var/log/*.log
input_type: log
output:
file:
path: /tmp/filebeat
filename: filebeat
logging:
to_syslog: true
level: errorfilebeat_ca_cert- If provided, the contents of this variable will be placed into the file identified byfilebeat_ca_pathon the target host. You can then include thefilebeat_ca_pathwithin your configuration to properly authenticate your TLS connections to Logstash/Elasticsearch/etc.
If you wish to load your CA certificate from a file, use the file lookup plugin, e.g.:
filebeat_ca_cert: "{{ lookup('file', '/path/to/ca.crt') }}"filebeat_ca_path- If a CA certificate is provided infilebeat_ca_cert, it will be created at this path.
Similar to the CA variables, you can upload SSL certificates and keys for filebeat using these variables:
filebeat_ssl_cert- Contents of the SSL certificatefilebeat_ssl_cert_path- Destination of the certificate on the Ansible controlled hostfilebeat_ssl_key- Contents of the SSL keyfilebeat_ssl_key_path- Destination of the SSL key on the Ansible controlled host
You can also store the config in separate filebeat.yml file and include it using lookup:
filebeat_config: "{{ lookup('file', './filebeat.yml')|from_yaml }}"Connecting to Elasticsearch:
filebeat_config:
filebeat:
prospectors:
- paths:
- /var/log/messages
- /var/log/*.log
input_type: log
output:
elasticsearch:
hosts:
- "http://localhost:9200"
username: "bob"
password: "12345"
logging:
to_syslog: true
level: errorBSD
David Wittman