kibana logging

b1e4f18d · Temur Maisuradze · a84a12d4 · b1e4f18d · b1e4f18d · b1e4f18d
Commit b1e4f18d authored 4 years ago by Temur Maisuradze
--- a/roles/build/files/kibanalogrotate.conf
+++ b/roles/build/files/kibanalogrotate.conf
+/usr/share/kibana/kblog
+{
+        rotate 0
+        daily
+        missingok
+        notifempty
+	copytruncate
+}
--- a/roles/build/files/kibanasupervisord.conf
+++ b/roles/build/files/kibanasupervisord.conf
+[unix_http_server]
+file=/tmp/supervisor.sock
+
+[supervisord]
+pidfile=/tmp/supervisord.pid
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+logfile_maxbytes=10MB
+logfile_backups=10
+loglevel=info
+childlogdir=/var/log/supervisor/
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:kibana]
+user=kibana
+directory=/usr/share/kibana
+command=sh -c "/usr/share/kibana/bin/kibana -c /usr/share/kibana/config/kibana.yml > kblog 2>&1"
+
+[program:cron]
+autostart=true
+autorestart=true
+command=crond -n
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/cron_stderr.log
+stdout_logfile = /var/log/supervisor/cron_stdout.log
+
--- a/roles/build/templates/odfekibana/Dockerfile-kibana.j2
+++ b/roles/build/templates/odfekibana/Dockerfile-kibana.j2
 FROM {{repo}}/centos:{{version}}{{suffix}}

+RUN yum install -y supervisor
+RUN yum clean all
+
 ENV PATH="/usr/share/kibana/bin:${PATH}"

 RUN groupadd -g 1000 kibana && \
@@ -13,6 +16,8 @@ RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
    chown -R kibana /usr/share/kibana/config/

 RUN echo 'kibana ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
+COPY kibanasupervisord.conf /etc/supervisord.conf
+COPY kibanalogrotate.conf /etc/logrotate.d/kibana.conf

 EXPOSE 5601
 USER kibana

--- a/roles/build/templates/odfekibana/Dockerfile-odfekibana.j2
+++ b/roles/build/templates/odfekibana/Dockerfile-odfekibana.j2
@@ -16,5 +16,3 @@ RUN chown -R kibana:kibana /usr/share/kibana/plugins/thehive_button

 RUN echo 'kibana ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers

-USER kibana
-
--- a/roles/odfekibana/tasks/main.yml
+++ b/roles/odfekibana/tasks/main.yml
@@ -23,6 +23,7 @@
    - start

 - name: Copy certificates in odfe kibana conf dir
+  remote_user: kibana
  copy:
    src:  "{{ item }}"
    dest: "config/{{ item }}"
@@ -38,6 +39,7 @@
    - start

 - name: Get openid authkey
+  remote_user: kibana
  set_fact:
    kibanasecret: "{{lookup('file', 'files/kibanasecret',convert_data=False) | from_json }}"
  tags:
@@ -62,6 +64,7 @@
 #  tags:
 #    - start
 - name: Configure odfe kibana properties
+  remote_user: kibana
  template:
    src: "{{item}}.j2"
    dest: "config/{{item}}"
@@ -71,6 +74,7 @@
    - start

 - name: Configure odfe kibana start script
+  remote_user: kibana
  template:
    src: "{{item}}.j2"
    dest: "{{item}}"
@@ -87,6 +91,7 @@


 - name: Generate configuration for thehive_button plugin
+  remote_user: kibana
  template:
    src: files/env.js.j2
    dest: "/usr/share/kibana/plugins/thehive_button/public/env.js"
@@ -96,14 +101,14 @@
    - start


- name: Start OpenDistro Kibana for Elasticsearch
-  command: /usr/share/kibana/startkibana.sh
-  #shell: exec /usr/share/kibana/bin/kibana -c config/kibana.yml &
-  #shell: "nohup /usr/share/kibana/bin/kibana -c config/kibana.yml &"
+- name: Start Supervisord (kibana and cron)
+  remote_user: root
+  shell: "/usr/bin/supervisord -c /etc/supervisord.conf &"
  tags:
    - start

 - name: Wait for Kibana
+  remote_user: kibana
  wait_for:
    host: "{{groups['odfekibanacontainers'][0]}}"
    port: 5601
@@ -113,6 +118,7 @@
    - start

 - name: Check Kibana health
+  remote_user: kibana
  shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{dslproxy}}:5601/api/status" \
              | egrep status....overall....state...green'
  register: result
@@ -149,6 +155,7 @@
    - start

 - name: Import graphs to kibana
+  remote_user: kibana
  shell: 'curl -X "POST" "https://{{dslproxy}}:5601/api/saved_objects/_import?overwrite=true" \
          -b /tmp/cookie.txt -c /tmp/cookie.txt \
          -k --user admin:{{ odfees_adminpass }} \
@@ -166,6 +173,7 @@
    - start

 - name: Grant admin permissions to users
+  remote_user: kibana
  shell: 'curl -X "POST" "https://{{dslproxy}}:5601/api/v1/configuration/rolesmapping/all_access" \
          -b /tmp/cookie.txt -c /tmp/cookie.txt \
          -k --user admin:{{ odfees_adminpass }} \
@@ -196,6 +204,7 @@
 #    - stop

 - name: Stop OpenDistro Kibana for Elasticsearch
-  command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"
+  remote_user: root
+  command: "pkill -SIGTERM -F /tmp/supervisord.pid"
  tags:
    - stop
--- a/soctools-inventory
+++ b/soctools-inventory
@@ -40,7 +40,7 @@ dsoclab-nifi-2 ansible_connection=docker FILEBEAT_FILES='["/opt/nifi/nifi-curren
 dsoclab-nifi-3 ansible_connection=docker FILEBEAT_FILES='["/opt/nifi/nifi-current/logs/nifi-app.log","/opt/nifi/nifi-current/logs/nifi-bootstrap.log","/opt/nifi/nifi-current/logs/nifi-user.log"]' FILEBEAT_LOG_TYPE="nifi"
 #dsoclab-odfe-1 ansible_connection=docker FILEBEAT_FILES='[""]'
 #dsoclab-odfe-2 ansible_connection=docker FILEBEAT_FILES='[""]'
-#dsoclab-kibana ansible_connection=docker FILEBEAT_FILES='[""]'
+dsoclab-kibana ansible_connection=docker FILEBEAT_FILES='["/usr/share/kibana/kblog"]' FILEBEAT_LOG_TYPE="kibana"
 #dsoclab-keycloak ansible_connection=docker FILEBEAT_FILES='[""]'
 dsoclab-mysql ansible_connection=docker FILEBEAT_FILES='["/var/opt/rh/rh-mariadb103/log/mariadb/mariadb.log"]' FILEBEAT_LOG_TYPE="mysql"
 #dsoclab-misp ansible_connection=docker FILEBEAT_FILES='[""]'