Advertisement
D0cEvil

Ansible - Azure logs to Elasticsearch filebeat conf

Dec 27th, 2022
112
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
YAML 1.78 KB | Cybersecurity | 0 0
  1. # Module: azure
  2. # Docs: https://www.elastic.co/guide/en/beats/filebeat/7.10/filebeat-module-azure.html
  3.  
  4. - module: azure
  5.   # All logs
  6.   activitylogs:
  7.     enabled: false
  8.     var:
  9.      # eventhub name containing the activity logs, overwrite he default value if the logs are exported in a different eventhub
  10.       eventhub: "EVENT_HUB_NAME"
  11.       # consumer group name that has access to the event hub, we advise creating a dedicated consumer group for the azure module
  12.       consumer_group: "$Default"
  13.       # the connection string required to communicate with Event Hubs, steps to generate one here https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-get-connection-string
  14.       connection_string: ""
  15.       # the name of the storage account the state/offsets will be stored and updated
  16.       storage_account: ""
  17.       # the storage account key, this key will be used to authorize access to data in your storage account
  18.       storage_account_key: ""
  19.  
  20.   auditlogs:
  21.     enabled: true
  22.     var:
  23.       eventhub: "audit_logs"
  24.       consumer_group: "$Default"
  25.       connection_string: "Endpoint=sb://eventhubteleconsecurity.servicebus.windows.net/;SharedAccessKeyName=FilebeatKey;SharedAccessKey=--ACCESS_KEY_GENERATED_IN_AZURE--=;EntityPath=insights-logs-auditlogs"
  26.       storage_account: "--STORAGE_NAME--"
  27.       storage_account_key: "--STORAGE_KEY_GENERATED_IN_AZURE--"
  28.   signinlogs:
  29.     enabled: true
  30.     var:
  31.       eventhub: "signin_logs"
  32.       consumer_group: "$Default"
  33.       connection_string: "Endpoint=sb://eventhubteleconsecurity.servicebus.windows.net/;SharedAccessKeyName=FilebeatKey;SharedAccessKey=--ACCESS_KEY_GENERATED_IN_AZURE--=;EntityPath=insights-logs-signinlogs"
  34.       storage_account: "--STORAGE_NAME--"
  35.       storage_account_key: "--STORAGE_KEY_GENERATED_IN_AZURE--"
  36.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement