diff --git a/filebeat/defaults/main.yml b/filebeat/defaults/main.yml index 008daa27..cb5e86d1 100644 --- a/filebeat/defaults/main.yml +++ b/filebeat/defaults/main.yml @@ -1,5 +1,9 @@ --- -elastic_stack_version: "6.x" +general_alert_email: "root@localhost" +log2mail_alert_email: Null +filebeat_log2mail_alert_email: Null + +elastic_stack_version: "7.x" filebeat_logstash_plugin: False diff --git a/filebeat/handlers/main.yml b/filebeat/handlers/main.yml index 0a6d83f9..87a6571f 100644 --- a/filebeat/handlers/main.yml +++ b/filebeat/handlers/main.yml @@ -4,3 +4,8 @@ systemd: name: filebeat state: restarted + +- name: restart log2mail + systemd: + name: log2mail + state: restarted diff --git a/filebeat/tasks/log2mail.yml b/filebeat/tasks/log2mail.yml new file mode 100644 index 00000000..9ca0b47d --- /dev/null +++ b/filebeat/tasks/log2mail.yml @@ -0,0 +1,21 @@ +--- + +- name: Check if log2mail is installed + stat: + path: /etc/log2mail/config + register: _log2mail_config_dir + +- name: "Add user 'log2mail' to 'filebeat' group" + user: + name: 'log2mail' + groups: 'filebeat' + append: yes + notify: restart log2mail + when: _log2mail_config_dir.stat.isdir + +- name: Install filebeat log2mail configuration + template: + src: log2mail.j2 + dest: /etc/log2mail/config/filebeat + notify: restart log2mail + when: _log2mail_config_dir.stat.isdir diff --git a/filebeat/tasks/main.yml b/filebeat/tasks/main.yml index 0aca06d6..deb38b90 100644 --- a/filebeat/tasks/main.yml +++ b/filebeat/tasks/main.yml @@ -81,3 +81,5 @@ insert_after: '^processors:' notify: restart filebeat when: filebeat_processors_cloud_metadata + +- include: log2mail.yml diff --git a/filebeat/templates/log2mail.j2 b/filebeat/templates/log2mail.j2 new file mode 100644 index 00000000..55f07a18 --- /dev/null +++ b/filebeat/templates/log2mail.j2 @@ -0,0 +1,4 @@ +file = /var/log/filebeat/filebeat +pattern = "\bERROR\b" +mailto = {{ filebeat_log2mail_alert_email or log2mail_alert_email or general_alert_email | mandatory }} +template = /etc/log2mail/mail diff --git a/metricbeat/defaults/main.yml b/metricbeat/defaults/main.yml index df2d9649..955d516c 100644 --- a/metricbeat/defaults/main.yml +++ b/metricbeat/defaults/main.yml @@ -1,5 +1,9 @@ --- -elastic_stack_version: "6.x" +general_alert_email: "root@localhost" +log2mail_alert_email: Null +metricbeat_log2mail_alert_email: Null + +elastic_stack_version: "7.x" metricbeat_elasticsearch_protocol: "" metricbeat_elasticsearch_hosts: diff --git a/metricbeat/handlers/main.yml b/metricbeat/handlers/main.yml index cd83ab5d..4602c2f5 100644 --- a/metricbeat/handlers/main.yml +++ b/metricbeat/handlers/main.yml @@ -4,3 +4,8 @@ systemd: name: metricbeat state: restarted + +- name: restart log2mail + systemd: + name: log2mail + state: restarted diff --git a/metricbeat/tasks/log2mail.yml b/metricbeat/tasks/log2mail.yml new file mode 100644 index 00000000..0b8f6d29 --- /dev/null +++ b/metricbeat/tasks/log2mail.yml @@ -0,0 +1,21 @@ +--- + +- name: Check if log2mail is installed + stat: + path: /etc/log2mail/config + register: _log2mail_config_dir + +- name: "Add user 'log2mail' to 'metricbeat' group" + user: + name: 'log2mail' + groups: 'metricbeat' + append: yes + notify: restart log2mail + when: _log2mail_config_dir.stat.isdir + +- name: Install metricbeat log2mail configuration + template: + src: log2mail.j2 + dest: /etc/log2mail/config/metricbeat + notify: restart log2mail + when: _log2mail_config_dir.stat.isdir diff --git a/metricbeat/tasks/main.yml b/metricbeat/tasks/main.yml index 535037ec..eaf2dd6b 100644 --- a/metricbeat/tasks/main.yml +++ b/metricbeat/tasks/main.yml @@ -88,3 +88,5 @@ insert_after: '^processors:' notify: restart metricbeat when: metricbeat_processors_cloud_metadata + +- include: log2mail.yml diff --git a/metricbeat/templates/log2mail.j2 b/metricbeat/templates/log2mail.j2 new file mode 100644 index 00000000..65b059f1 --- /dev/null +++ b/metricbeat/templates/log2mail.j2 @@ -0,0 +1,4 @@ +file = /var/log/metricbeat/metricbeat +pattern = "\bERROR\b" +mailto = {{ metricbeat_log2mail_alert_email or log2mail_alert_email or general_alert_email | mandatory }} +template = /etc/log2mail/mail