diff --git a/integrations/docker/compose.manager-elastic.yml b/integrations/docker/compose.manager-elastic.yml deleted file mode 100644 index c299851001e6e..0000000000000 --- a/integrations/docker/compose.manager-elastic.yml +++ /dev/null @@ -1,256 +0,0 @@ -name: "manager-elastic-integration" - -services: - events-generator: - image: wazuh/indexer-events-generator - build: - context: ../tools/events-generator - depends_on: - wazuh.indexer: - condition: service_healthy - command: bash -c "python run.py -o filebeat" - volumes: - - alerts:/var/ossec/logs/alerts/ - - wazuh.manager: - image: wazuh/wazuh-manager:${WAZUH_VERSION} - hostname: wazuh.manager - restart: always - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 655360 - hard: 655360 - ports: - - "1514:1514" - - "1515:1515" - - "514:514/udp" - - "55000:55000" - environment: - - INDEXER_URL=https://wazuh.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=admin - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- - - LOG_LEVEL=info - - MONITORING_ENABLED=false - volumes: - - ./certs/root-ca-manager.pem:/etc/ssl/root-ca.pem - - ./certs/wazuh.manager.pem:/etc/ssl/filebeat.pem - - ./certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key - - ./certs/root-ca.pem:/usr/share/logstash/root-ca.pem - - alerts:/var/ossec/logs/alerts/ - - wazuh.indexer: - image: opensearchproject/opensearch:${WAZUH_INDEXER_VERSION} - depends_on: - wazuh-certs-generator: - condition: service_completed_successfully - hostname: wazuh.indexer - ports: - - 9200:9200 - environment: - - WAZUH_INDEXER_VERSION=${WAZUH_INDEXER_VERSION} - - node.name=wazuh.indexer - - discovery.type=single-node - - bootstrap.memory_lock=true - - "DISABLE_INSTALL_DEMO_CONFIG=true" - - plugins.security.ssl.http.enabled=true - - plugins.security.allow_default_init_securityindex=true - - plugins.security.ssl.http.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.transport.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.http.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.transport.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.http.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.ssl.transport.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.authcz.admin_dn="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California, C=US" - - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" - - compatibility.override_main_response_version=true - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - healthcheck: - test: curl -sku admin:admin https://localhost:9200/_cat/health | grep -q docker-cluster - start_period: 10s - start_interval: 3s - volumes: - - data:/usr/share/opensearch/data - - ./certs/wazuh.indexer.pem:/usr/share/opensearch/config/wazuh.indexer.pem - - ./certs/wazuh.indexer-key.pem:/usr/share/opensearch/config/wazuh.indexer-key.pem - - ./certs/root-ca.pem:/usr/share/opensearch/config/root-ca.pem - - wazuh-certs-generator: - image: wazuh/wazuh-certs-generator:${WAZUH_CERTS_GENERATOR_VERSION} - hostname: wazuh-certs-generator - environment: - - WAZUH_CERTS_GENERATOR_VERSION=${WAZUH_CERTS_GENERATOR_VERSION} - entrypoint: sh -c "/entrypoint.sh; chown -R 1000:999 /certificates; chmod 740 /certificates; chmod 440 /certificates/*" - volumes: - - ./certs/:/certificates/ - - ./config/certs.yml:/config/certs.yml - - logstash: - depends_on: - es01: - condition: service_healthy - wazuh-certs-generator: - condition: service_completed_successfully - image: logstash-oss:${LOGSTASH_OSS_VERSION} - build: - context: ../logstash - args: - - LOGSTASH_OSS_VERSION=${LOGSTASH_OSS_VERSION} - environment: - LOGSTASH_OSS_VERSION: ${LOGSTASH_OSS_VERSION} - LOG_LEVEL: info - MONITORING_ENABLED: false - volumes: - - ../elastic/logstash/pipeline:/usr/share/logstash/pipeline - - es_certs:/usr/share/logstash/es_certs - - alerts:/var/ossec/logs/alerts/ - command: logstash -f /usr/share/logstash/pipeline/manager-to-elastic.conf - - # ================================= - # Elasticsearch and Kibana - # ================================= - # https://www.elastic.co/guide/en/elastic-stack-get-started/current/get-started-docker.html - - setup: - image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} - volumes: - - es_certs:/usr/share/elasticsearch/config/certs - user: "0" - command: > - bash -c ' - if [ x${ELASTIC_PASSWORD} == x ]; then - echo "Set the ELASTIC_PASSWORD environment variable in the .env file"; - exit 1; - elif [ x${KIBANA_PASSWORD} == x ]; then - echo "Set the KIBANA_PASSWORD environment variable in the .env file"; - exit 1; - fi; - if [ ! -f config/certs/ca.zip ]; then - echo "Creating CA"; - bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip; - unzip config/certs/ca.zip -d config/certs; - fi; - if [ ! -f config/certs/certs.zip ]; then - echo "Creating certs"; - echo -ne \ - "instances:\n"\ - " - name: es01\n"\ - " dns:\n"\ - " - es01\n"\ - " - localhost\n"\ - " ip:\n"\ - " - 127.0.0.1\n"\ - " - name: kibana\n"\ - " dns:\n"\ - " - kibana\n"\ - " - localhost\n"\ - " ip:\n"\ - " - 127.0.0.1\n"\ - > config/certs/instances.yml; - bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; - unzip config/certs/certs.zip -d config/certs; - fi; - echo "Setting file permissions" - chown -R 1000:1000 config/certs; - find . -type d -exec chmod 750 \{\} \;; - find . -type f -exec chmod 640 \{\} \;; - echo "Waiting for Elasticsearch availability"; - until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done; - echo "Setting kibana_system password"; - until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done; - echo "All done!"; - ' - healthcheck: - test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"] - interval: 1s - timeout: 5s - retries: 120 - - es01: - depends_on: - setup: - condition: service_healthy - image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} - volumes: - - es_certs:/usr/share/elasticsearch/config/certs - ports: - - ${ES_PORT}:9200 - environment: - - node.name=es01 - - cluster.name=${CLUSTER_NAME} - - cluster.initial_master_nodes=es01 - - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} - - bootstrap.memory_lock=true - - xpack.security.enabled=true - - xpack.security.http.ssl.enabled=true - - xpack.security.http.ssl.key=certs/es01/es01.key - - xpack.security.http.ssl.certificate=certs/es01/es01.crt - - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - - xpack.security.transport.ssl.enabled=true - - xpack.security.transport.ssl.key=certs/es01/es01.key - - xpack.security.transport.ssl.certificate=certs/es01/es01.crt - - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - - xpack.security.transport.ssl.verification_mode=certificate - - xpack.license.self_generated.type=${LICENSE} - mem_limit: ${MEM_LIMIT} - ulimits: - memlock: - soft: -1 - hard: -1 - healthcheck: - test: - [ - "CMD-SHELL", - "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", - ] - interval: 10s - timeout: 10s - retries: 120 - - kibana: - depends_on: - es01: - condition: service_healthy - image: docker.elastic.co/kibana/kibana:${STACK_VERSION} - volumes: - - es_certs:/usr/share/kibana/config/certs - ports: - - ${KIBANA_PORT}:5601 - environment: - - SERVERNAME=kibana - - ELASTICSEARCH_HOSTS=https://es01:9200 - - ELASTICSEARCH_USERNAME=kibana_system - - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD} - - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt - - SERVER_SSL_ENABLED=true - - SERVER_SSL_KEY=/usr/share/kibana/config/certs/kibana/kibana.key - - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/certs/kibana/kibana.crt - mem_limit: ${MEM_LIMIT} - healthcheck: - test: - [ - "CMD-SHELL", - "curl -s -I https://localhost:5601 | grep -q 'HTTP/1.1 302 Found'", - ] - interval: 10s - timeout: 10s - retries: 120 - -volumes: - data: - es_certs: - alerts: diff --git a/integrations/docker/compose.manager-opensearch.yml b/integrations/docker/compose.manager-opensearch.yml deleted file mode 100644 index 52055b82f4511..0000000000000 --- a/integrations/docker/compose.manager-opensearch.yml +++ /dev/null @@ -1,216 +0,0 @@ -name: "manager-opensearch-integration" - -services: - events-generator: - image: wazuh/indexer-events-generator - build: - context: ../tools/events-generator - depends_on: - wazuh.indexer: - condition: service_healthy - command: bash -c "python run.py -o filebeat" - volumes: - - alerts:/var/ossec/logs/alerts/ - - wazuh.manager: - image: wazuh/wazuh-manager:${WAZUH_VERSION} - depends_on: - wazuh-certs-generator: - condition: service_completed_successfully - hostname: wazuh.manager - restart: always - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 655360 - hard: 655360 - ports: - - "1514:1514" - - "1515:1515" - - "514:514/udp" - - "55000:55000" - environment: - - INDEXER_URL=https://wazuh.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=admin - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- - - LOG_LEVEL=info - - MONITORING_ENABLED=false - volumes: - - ./certs/root-ca-manager.pem:/etc/ssl/root-ca.pem - - ./certs/wazuh.manager.pem:/etc/ssl/filebeat.pem - - ./certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key - - ./certs/root-ca.pem:/usr/share/logstash/root-ca.pem - - alerts:/var/ossec/logs/alerts/ - - wazuh.indexer: - image: opensearchproject/opensearch:${WAZUH_INDEXER_VERSION} - depends_on: - wazuh-certs-generator: - condition: service_completed_successfully - hostname: wazuh.indexer - ports: - - 9200:9200 - environment: - - WAZUH_INDEXER_VERSION=${WAZUH_INDEXER_VERSION} - - node.name=wazuh.indexer - - discovery.type=single-node - - bootstrap.memory_lock=true - - "DISABLE_INSTALL_DEMO_CONFIG=true" - - plugins.security.ssl.http.enabled=true - - plugins.security.allow_default_init_securityindex=true - - plugins.security.ssl.http.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.transport.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.http.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.transport.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.http.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.ssl.transport.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.authcz.admin_dn="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California, C=US" - - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" - - compatibility.override_main_response_version=true - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - healthcheck: - test: curl -sku admin:admin https://localhost:9200/_cat/health | grep -q docker-cluster - start_period: 10s - start_interval: 3s - volumes: - - data:/usr/share/opensearch/data - - ./certs/wazuh.indexer.pem:/usr/share/opensearch/config/wazuh.indexer.pem - - ./certs/wazuh.indexer-key.pem:/usr/share/opensearch/config/wazuh.indexer-key.pem - - ./certs/root-ca.pem:/usr/share/opensearch/config/root-ca.pem - - generate-certs-config: - image: alpine:latest - volumes: - - ./config:/config - command: | - sh -c " - echo ' - nodes: - indexer: - - name: wazuh.indexer - ip: \"wazuh.indexer\" - - name: opensearch.node - ip: \"opensearch.node\" - server: - - name: wazuh.manager - ip: \"wazuh.manager\" - dashboard: - - name: wazuh.dashboard - ip: \"wazuh.dashboard\" - - name: opensearch.dashboards - ip: \"opensearch.dashboards\" - ' > /config/certs.yml - " - - wazuh-certs-generator: - image: wazuh/wazuh-certs-generator:${WAZUH_CERTS_GENERATOR_VERSION} - hostname: wazuh-certs-generator - environment: - - WAZUH_CERTS_GENERATOR_VERSION=${WAZUH_CERTS_GENERATOR_VERSION} - depends_on: - generate-certs-config: - condition: service_completed_successfully - entrypoint: sh -c "/entrypoint.sh; chown -R 1000:999 /certificates; chmod 740 /certificates; chmod 440 /certificates/*" - volumes: - - ./certs/:/certificates/ - - ./config/certs.yml:/config/certs.yml - - logstash: - depends_on: - opensearch.node: - condition: service_healthy - wazuh-certs-generator: - condition: service_completed_successfully - image: logstash-oss:${LOGSTASH_OSS_VERSION} - build: - context: ../logstash - args: - - LOGSTASH_OSS_VERSION=${LOGSTASH_OSS_VERSION} - environment: - LOGSTASH_OSS_VERSION: ${LOGSTASH_OSS_VERSION} - LOG_LEVEL: info - MONITORING_ENABLED: false - volumes: - - ../opensearch/logstash/pipeline:/usr/share/logstash/pipeline - - ./certs/root-ca.pem:/etc/ssl/root-ca.pem - - alerts:/var/ossec/logs/alerts/ - command: logstash -f /usr/share/logstash/pipeline/manager-to-opensearch.conf - - # ================================================ - # OpenSearch and OpenSearch Dashboards - # ================================================ - - opensearch.node: - image: opensearchproject/opensearch:${OS_VERSION} - depends_on: - wazuh-certs-generator: - condition: service_completed_successfully - environment: - - cluster.name=opensearch-cluster - - node.name=opensearch.node - - discovery.type=single-node - - bootstrap.memory_lock=true - - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" - - "DISABLE_INSTALL_DEMO_CONFIG=true" - volumes: - - ../opensearch/opensearch.yml:/usr/share/opensearch/config/opensearch.yml - - ./certs/opensearch.node-key.pem:/usr/share/opensearch/config/certs/opensearch.key - - ./certs/opensearch.node.pem:/usr/share/opensearch/config/certs/opensearch.pem - - ./certs/root-ca.pem:/usr/share/opensearch/config/certs/root-ca.pem - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - ports: - - 9201:9200 - - 9600:9600 - healthcheck: - test: - [ - "CMD-SHELL", - "curl -sku admin:admin https://opensearch.node:9200 2>&1 | grep -q 'The OpenSearch Project: https://opensearch.org/'", - ] - interval: 1s - timeout: 5s - retries: 120 - - opensearch-dashboards: - image: opensearchproject/opensearch-dashboards:${OS_VERSION} - depends_on: - opensearch.node: - condition: service_healthy - ports: - - 5602:5601 - expose: - - "5602" - volumes: - - ../opensearch/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml - - ./certs/:/usr/share/opensearch-dashboards/config/certs/ - - ./certs/opensearch.dashboards-key.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.key - - ./certs/opensearch.dashboards.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.pem - - ./certs/root-ca.pem:/usr/share/opensearch-dashboards/config/certs/root-ca.pem - - environment: - - 'OPENSEARCH_HOSTS="https://opensearch.node:9200"' - -volumes: - data: - es_certs: - alerts: diff --git a/integrations/docker/compose.manager-splunk.yml b/integrations/docker/compose.manager-splunk.yml deleted file mode 100644 index b029cd2224562..0000000000000 --- a/integrations/docker/compose.manager-splunk.yml +++ /dev/null @@ -1,178 +0,0 @@ -name: "manager-splunk-integration" - -services: - events-generator: - image: wazuh/indexer-events-generator - build: - context: ../tools/events-generator - depends_on: - wazuh.indexer: - condition: service_healthy - command: bash -c "python run.py -o filebeat" - volumes: - - alerts:/var/ossec/logs/alerts/ - - wazuh.manager: - image: wazuh/wazuh-manager:${WAZUH_VERSION} - hostname: wazuh.manager - restart: always - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 655360 - hard: 655360 - ports: - - "1514:1514" - - "1515:1515" - - "514:514/udp" - - "55000:55000" - environment: - - INDEXER_URL=https://wazuh.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=admin - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- - - LOG_LEVEL=info - - MONITORING_ENABLED=false - volumes: - - ./certs/root-ca-manager.pem:/etc/ssl/root-ca.pem - - ./certs/wazuh.manager.pem:/etc/ssl/filebeat.pem - - ./certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key - - ./certs/root-ca.pem:/usr/share/logstash/root-ca.pem - - alerts:/var/ossec/logs/alerts/ - - wazuh.indexer: - image: opensearchproject/opensearch:${WAZUH_INDEXER_VERSION} - depends_on: - wazuh-certs-generator: - condition: service_completed_successfully - hostname: wazuh.indexer - ports: - - 9200:9200 - environment: - - WAZUH_INDEXER_VERSION=${WAZUH_INDEXER_VERSION} - - node.name=wazuh.indexer - - discovery.type=single-node - - bootstrap.memory_lock=true - - "DISABLE_INSTALL_DEMO_CONFIG=true" - - plugins.security.ssl.http.enabled=true - - plugins.security.allow_default_init_securityindex=true - - plugins.security.ssl.http.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.transport.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.http.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.transport.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.http.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.ssl.transport.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.authcz.admin_dn="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California, C=US" - - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" - - compatibility.override_main_response_version=true - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - healthcheck: - test: curl -sku admin:admin https://localhost:9200/_cat/health | grep -q docker-cluster - start_period: 10s - start_interval: 3s - volumes: - - data:/usr/share/opensearch/data - - ./certs/wazuh.indexer.pem:/usr/share/opensearch/config/wazuh.indexer.pem - - ./certs/wazuh.indexer-key.pem:/usr/share/opensearch/config/wazuh.indexer-key.pem - - ./certs/root-ca.pem:/usr/share/opensearch/config/root-ca.pem - - wazuh-certs-generator: - image: wazuh/wazuh-certs-generator:${WAZUH_CERTS_GENERATOR_VERSION} - hostname: wazuh-certs-generator - environment: - - WAZUH_CERTS_GENERATOR_VERSION=${WAZUH_CERTS_GENERATOR_VERSION} - entrypoint: sh -c "/entrypoint.sh; chown -R 1000:999 /certificates; chmod 740 /certificates; chmod 440 /certificates/*" - volumes: - - ./certs/:/certificates/ - - ./config/certs.yml:/config/certs.yml - - logstash: - depends_on: - splunk: - condition: service_healthy - wazuh-certs-generator: - condition: service_completed_successfully - image: logstash-oss:${LOGSTASH_OSS_VERSION} - build: - context: ../logstash - args: - - LOGSTASH_OSS_VERSION=${LOGSTASH_OSS_VERSION} - environment: - LOGSTASH_OSS_VERSION: ${LOGSTASH_OSS_VERSION} - LOG_LEVEL: info - MONITORING_ENABLED: false - volumes: - - ../splunk/logstash/pipeline:/usr/share/logstash/pipeline - - ./certs/root-ca.pem:/etc/ssl/root-ca.pem - - alerts:/var/ossec/logs/alerts/ - command: logstash -f /usr/share/logstash/pipeline/manager-to-splunk.conf - - # ================================================ - # Splunk - # ================================================ - - generator: - image: cfssl/cfssl - depends_on: - wazuh-certs-generator: - condition: service_completed_successfully - volumes: - - ./certs/:/certs/ - - ../splunk/cfssl/:/conf/ - entrypoint: /bin/bash - command: > - -c ' - cd /certs - cat /conf/host.json | \ - cfssl gencert \ - -ca root-ca.pem \ - -ca-key root-ca.key \ - -config /conf/cfssl.json \ - -profile=server - | \ - cfssljson -bare splunk - openssl pkcs8 -topk8 -inform pem -in splunk-key.pem -outform pem -nocrypt -out splunk.key - rm splunk.csr - cat splunk.pem splunk-key.pem root-ca.pem > splunkhec.pem - chown -R 1000:1000 /certs/splunk* - ' - - splunk: - image: splunk/splunk:${SPLUNK_VERSION} - volumes: - - ./certs/splunk.key:/opt/splunk/etc/auth/custom/splunk.key - - ./certs/splunk.pem:/opt/splunk/etc/auth/custom/splunk.pem - - ./certs/splunkhec.pem:/opt/splunk/etc/auth/custom/splunkhec.pem - - ../splunk/config/indexes.conf:/opt/splunk/etc/system/local/indexes.conf - - ../splunk/config/default.yml:/tmp/defaults/default.yml - depends_on: - generator: - condition: service_completed_successfully - ports: - - "8000:8000" - - "8088:8088" - environment: - SPLUNK_VERSION: ${SPLUNK_VERSION} - SPLUNK_HEC_TOKEN: "abcd1234" - SPLUNK_HOSTNAME: splunk - SPLUNK_HTTP_ENABLESSL: "true" - SPLUNK_PASSWORD: Password.1234 - SPLUNK_STANDALONE_URL: https://splunk:8080 - SPLUNK_START_ARGS: --accept-license - -volumes: - data: - es_certs: - alerts: diff --git a/integrations/elastic/logstash/pipeline/manager-to-elastic.conf b/integrations/elastic/logstash/pipeline/manager-to-elastic.conf deleted file mode 100644 index 60bac54c94eb9..0000000000000 --- a/integrations/elastic/logstash/pipeline/manager-to-elastic.conf +++ /dev/null @@ -1,26 +0,0 @@ -input { - file { - id => "wazuh_alerts" - codec => "json" - start_position => "beginning" - stat_interval => "1 second" - path => "/var/ossec/logs/alerts/alerts.json" - mode => "tail" - ecs_compatibility => "disabled" - } -} - -output { - elasticsearch { - hosts => "es01:9200" - index => "wazuh-alerts-4.x-%{+YYYY.MM.dd}" - user => "elastic" - password => "elastic" - ssl => true - cacert => '/usr/share/logstash/es_certs/ca/ca.crt' - template => '/usr/share/logstash/pipeline/es_template.json' - template_name => 'wazuh' - template_overwrite => true - } - stdout{} -} diff --git a/integrations/opensearch/logstash/pipeline/manager-to-opensearch.conf b/integrations/opensearch/logstash/pipeline/manager-to-opensearch.conf deleted file mode 100644 index 2a631e634efae..0000000000000 --- a/integrations/opensearch/logstash/pipeline/manager-to-opensearch.conf +++ /dev/null @@ -1,30 +0,0 @@ -input { - file { - id => "wazuh_alerts" - codec => "json" - start_position => "beginning" - stat_interval => "1 second" - path => "/var/ossec/logs/alerts/alerts.json" - mode => "tail" - ecs_compatibility => "disabled" - } -} - -output { - opensearch { - hosts => ["opensearch.node:9200"] - auth_type => { - type => 'basic' - user => 'admin' - password => 'admin' - } - index => "wazuh-alerts-4.x-%{+YYYY.MM.dd}" - ssl => true - cacert => "/etc/ssl/root-ca.pem" - template => '/usr/share/logstash/pipeline/os_template.json' - template_name => 'wazuh' - template_overwrite => true - legacy_template => false - } - stdout{} -} diff --git a/integrations/splunk/logstash/pipeline/manager-to-splunk.conf b/integrations/splunk/logstash/pipeline/manager-to-splunk.conf deleted file mode 100644 index 8953866646b7a..0000000000000 --- a/integrations/splunk/logstash/pipeline/manager-to-splunk.conf +++ /dev/null @@ -1,24 +0,0 @@ -input { - file { - id => "wazuh_alerts" - codec => "json" - start_position => "beginning" - stat_interval => "1 second" - path => "/var/ossec/logs/alerts/alerts.json" - mode => "tail" - ecs_compatibility => "disabled" - } -} - - -output { - http { - format => "json" - http_method => "post" - url => "https://splunk:8088/services/collector/raw" - headers => ["Authorization", "Splunk abcd1234"] - cacert => "/etc/ssl/root-ca.pem" - } - stdout{} -} -