Bradford Dabbs
Bradford Dabbs
I've also handled role assignments with inventory groups, which is useful for doing lookups to populate things like the seed hosts. Something like this: ``` [elasticsearch:children] es_master es_data es_ingest [es_master]...
This is still broken. We need to change the following line to use `inventory_hostname` as well: https://github.com/rocknsm/rock/blob/27c35e05775ea0ffdd5b0bb361d58aa1afd508f1/playbooks/templates/rock_config.yml.j2#L42
This _should_ work for the Bro logs. I have previously tested everything but the ASN lookup. ``` cidr { address => [ "%{[id_orig_h]}" ] network => [ "0.0.0.0/32", "10.0.0.0/8", "172.16.0.0/12",...
Relates to #407
As @theturingnerd pointed out, it now runs on 443 at /app/docket
This has come up in a couple of conversations recently. The near-term fix is to use separate mount points for products that consume a lot of data, which fixes the...
@dcode can this be closed and addressed as part of #63?
Reference files are what I had in mind when I made the change to only put the configured settings in the file. The reason we haven't completely moved in that...
Here is the relevant task: ``` - name: Create stenographer directories file: path: "{{ stenographer_data_dir }}/{{ item[0] }}/{{ item[1] }}" mode: 0755 owner: "{{ stenographer_user }}" group: "{{ stenographer_group }}"...
1 & 2 can be gathered from the ES API. I recommend we use Metricbeat with the [System](https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-module-system.html) and [Kafka](https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-module-kafka.html) modules for 3 & 4. If we use that approach,...