From cc0c902d50cd0f87b40bdd29650c02cf60b82074 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Geraldo=20Vieira?= Date: Sun, 16 Jul 2023 09:53:39 +0700 Subject: [PATCH] system/filebeat-oss: Added (Lightweight log shipper). Signed-off-by: Willy Sudiarto Raharjo --- system/filebeat-oss/README | 28 ++++++ system/filebeat-oss/doinst.sh | 26 +++++ system/filebeat-oss/filebeat-oss.SlackBuild | 105 ++++++++++++++++++++ system/filebeat-oss/filebeat-oss.info | 10 ++ system/filebeat-oss/rc.filebeat | 52 ++++++++++ system/filebeat-oss/slack-desc | 19 ++++ 6 files changed, 240 insertions(+) create mode 100644 system/filebeat-oss/README create mode 100644 system/filebeat-oss/doinst.sh create mode 100644 system/filebeat-oss/filebeat-oss.SlackBuild create mode 100644 system/filebeat-oss/filebeat-oss.info create mode 100644 system/filebeat-oss/rc.filebeat create mode 100644 system/filebeat-oss/slack-desc diff --git a/system/filebeat-oss/README b/system/filebeat-oss/README new file mode 100644 index 0000000000..e4f187df9c --- /dev/null +++ b/system/filebeat-oss/README @@ -0,0 +1,28 @@ +filebeat-oss (Lightweight shipper for logs) + +Whether you’re collecting from security devices, cloud, containers, +hosts, or OT, Filebeat helps you keep the simple things simple by +offering a lightweight way to forward and centralize logs and files. + +Filebeat is a lightweight shipper for forwarding and centralizing +log data. Installed as an agent on your servers, Filebeat monitors +the log files or locations that you specify, collects log events, +and forwards them either to Elasticsearch or Logstash for indexing. + +https://www.elastic.co/beats/filebeat +https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html + +If you intend to use filebeat with elasticsearch: +Add this to /etc/rc.d/rc.local: +if [ -x /etc/rc.d/rc.filebeat ]; then + /etc/rc.d/rc.filebeat start +fi + +Add this to /etc/rc.d/rc.local_shutdown +if [ -x /etc/rc.d/rc.filebeat ]; then + /etc/rc.d/rc.filebeat stop +fi + +The previous instruction is not necessary if you are going to +use the filebeat with graylog , the graylog is what starts the +filebeat. diff --git a/system/filebeat-oss/doinst.sh b/system/filebeat-oss/doinst.sh new file mode 100644 index 0000000000..8f533d9d99 --- /dev/null +++ b/system/filebeat-oss/doinst.sh @@ -0,0 +1,26 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + rm $NEW + fi +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +preserve_perms etc/rc.d/rc.filebeat.new +preserve_perms etc/filebeat/filebeat.reference.yml.new +preserve_perms etc/filebeat/filebeat.yml.new +preserve_perms etc/filebeat/fields.yml.new + diff --git a/system/filebeat-oss/filebeat-oss.SlackBuild b/system/filebeat-oss/filebeat-oss.SlackBuild new file mode 100644 index 0000000000..81203fef10 --- /dev/null +++ b/system/filebeat-oss/filebeat-oss.SlackBuild @@ -0,0 +1,105 @@ +#!/bin/bash + +# Slackware build script for filebeat-oss + +# Copyright 2023 André Geraldo Vieira +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PRGNAM=filebeat-oss +VERSION=${VERSION:-8.8.2} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} +PKGTYPE=${PKGTYPE:-tgz} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i586 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE" + exit 0 +fi + +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i586" ]; then + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + LIBDIRSUFFIX="64" +elif [ "$ARCH" = "aarch64" ]; then + LIBDIRSUFFIX="64" +else + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION-linux-$ARCH.tar.gz +cd ${PRGNAM//-oss/}-$VERSION-linux-$ARCH +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + +mkdir -p $PKG/etc/{filebeat,rc.d} +mkdir -p $PKG/usr/share/filebeat/bin +mkdir -p $PKG/var/{lib,log}/filebeat + +cp filebeat.reference.yml $PKG/etc/filebeat/filebeat.reference.yml.new +cp filebeat.yml $PKG/etc/filebeat/filebeat.yml.new +cp fields.yml $PKG/etc/filebeat/fields.yml.new +cp -r modules.d $PKG/etc/filebeat +cp $CWD/rc.filebeat $PKG/etc/rc.d/rc.filebeat.new +cp filebeat $PKG/usr/share/filebeat/bin +cp -r kibana module $PKG/usr/share/filebeat + +rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a \ + LICENSE.txt NOTICE.txt README.md \ + $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE diff --git a/system/filebeat-oss/filebeat-oss.info b/system/filebeat-oss/filebeat-oss.info new file mode 100644 index 0000000000..9b24e063d8 --- /dev/null +++ b/system/filebeat-oss/filebeat-oss.info @@ -0,0 +1,10 @@ +PRGNAM="filebeat-oss" +VERSION="8.8.2" +HOMEPAGE="https://www.elastic.co/beats/filebeat" +DOWNLOAD="UNSUPPORTED" +MD5SUM="" +DOWNLOAD_x86_64="https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-8.8.2-linux-x86_64.tar.gz" +MD5SUM_x86_64="7ff016091590f081bb9dd9a81e7a6ac3" +REQUIRES="" +MAINTAINER="André Geraldo Vieira" +EMAIL="andre.geraldo@gmail.com" diff --git a/system/filebeat-oss/rc.filebeat b/system/filebeat-oss/rc.filebeat new file mode 100644 index 0000000000..f647ed51cb --- /dev/null +++ b/system/filebeat-oss/rc.filebeat @@ -0,0 +1,52 @@ +#!/bin/bash + +PIDOF_CMD=/sbin/pidof +ECHO_CMD=/usr/bin/echo +SLEEP_CMD=/usr/bin/sleep +KILL_CMD=/bin/kill + +NAME=filebeat +FILEBEAT_AGENT=${FILEBEAT_AGENT-/usr/share/filebeat/bin/${NAME}} +FILEBEAT_AGENT_ARGS="-c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs /var/log/filebeat" + +filebeat_start() { + if [ -n "$($PIDOF_CMD filebeat)" ]; then + $ECHO_CMD "FileBeat seems to be already running." + return + fi + + $ECHO_CMD "Starting FileBeat." + $FILEBEAT_AGENT $FILEBEAT_AGENT_ARGS & +} + +filebeat_stop() { + if [ -z "$($PIDOF_CMD filebeat)" ]; then + $ECHO_CMD "FileBeat does not seem to be running." + return + fi + + $ECHO_CMD "Stopping FileBeat." + $KILL_CMD $($PIDOF_CMD filebeat) +} + +filebeat_restart() { + $ECHO_CMD "Restarting FileBeat." + filebeat_stop + $SLEEP_CMD 5 + filebeat_start +} + +case "$1" in +'start') + filebeat_start + ;; +'stop') + filebeat_stop + ;; +'restart') + filebeat_restart + ;; +*) + echo "usage: $0 start|stop|restart" +esac + diff --git a/system/filebeat-oss/slack-desc b/system/filebeat-oss/slack-desc new file mode 100644 index 0000000000..ba06adce9b --- /dev/null +++ b/system/filebeat-oss/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +filebeat-oss: filebeat-oss (Lightweight shipper for logs) +filebeat-oss: +filebeat-oss: Whether you're collecting from security devices, cloud, containers, +filebeat-oss: hosts, or OT, Filebeat helps you keep the simple things simple by +filebeat-oss: offering a lightweight way to forward and centralize logs and files. +filebeat-oss: +filebeat-oss: Filebeat is a lightweight shipper for forwarding and centralizing +filebeat-oss: log data. Installed as an agent on your servers, Filebeat monitors +filebeat-oss: the log files or locations that you specify, collects log events, +filebeat-oss: and forwards them either to Elasticsearch or Logstash for indexing. +filebeat-oss: