install-filebeat

#!/bin/bash

# Declare Variables ###############################
red='\033[1;31m'
grn='\033[1;32m'
yel='\033[1;33m'
blu='\033[1;36m'
pnk='\033[1;35m'
clr='\033[0m'
DAGDIR=$HOME/constellation
version="1.38"

echo -e "${grn}Installer version ${blu}$version."
echo -ne "${grn}Getting external IP address... ";
EXTERNAL_HOST_IP=$(curl -s https://api.ipify.org)
echo -e "${yel}$EXTERNAL_HOST_IP ${clr}";
echo

# DECLARE FUNCTIONS ##################
function checkCert()
{
  if [ ! -f ./*.p12 ]; then
    echo -e "${red} Certification File not found! ${yel}Please make sure you download your .p12 file here before running the installer!${clr}"
    echo -e "${red} Installation Aborted.${clr}"
    echo
    exit 1
  fi
  certfile=$(ls *.p12)
  echo -e "${grn} Found cert file ${blu}$certfile${clr}"
  echo
}

function installFilebeat()
{
  echo -e "${grn} Installing Filebeat ...${clr}"
  curl -L -O -s https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.4.1-amd64.deb
  sudo dpkg -i filebeat-7.4.1-amd64.deb
  systemctl enable filebeat
  echo
}

function extractCerts()
{
  echo -ne "Please input cert password : "
  CERTPWD=''
  while IFS= read -r -s -n1 pass; do
    if [ -z "$pass" ]; then
      echo
      break
    else
      printf '*'
      CERTPWD="$CERTPWD$pass"
    fi
  done
  echo -e "${grn}Extracting certificates ..."
  openssl pkcs12 -in $certfile -password pass:$CERTPWD -nocerts -nodes > client.key
  openssl pkcs12 -in $certfile -password pass:$CERTPWD -clcerts -nokeys > client.cer
  openssl pkcs12 -in $certfile -password pass:$CERTPWD -cacerts -nokeys -chain > client-ca.cer
  if [[ $? -ne 0 ]]; then
    echo -e "${red} ERROR - wrong password or general failure. Please check your password and start over. ${clr}"
    echo -e "${red} Installation Aborted.${clr}"
    echo
    exit 1
  fi
  echo
  echo -e "${grn}Copying the certificates over to ${blu}/etc/filebeat/certs ${grn}...${clr}"
  mkdir /etc/filebeat/certs >/dev/null 2>&1
  cp client*.* /etc/filebeat/certs/ >/dev/null 2>&1
  echo -e "${grn}Certificate extracted and installed.${clr}"
}

function createConfig()
{
  echo
  echo -e "${grn}Creating config file ...${clr}"
  numBak=$(ls /etc/filebeat/filebeat.yml* | grep -c .)
  let "numBak++"
  mv /etc/filebeat/filebeat.yml /etc/filebeat/filebeat.yml.bak$numBak
### CREATE CONFIG FILE ###  
cat <<EOF > /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - $DAGDIR/logs/json_logs/*.log
  json.keys_under_root: true
  json.add_error_key: true
output.elasticsearch:
  hosts: ["elasticsearch:9200"]
  protocol: https
  ssl.enabled: true
  ssl.certificate_authorities: ["/etc/filebeat/certs/client-ca.cer"]
  ssl.certificate: "/etc/filebeat/certs/client.cer"
  ssl.key: "/etc/filebeat/certs/client.key"
  ssl.verification_mode: none
filebeat.config.modules:
  path: /etc/filebeat/modules.d/*.yml
  reload.enabled: false
setup.template.settings:
  index.number_of_shards: 1
processors:
- add_fields:
    target: node
    fields:
       ip: "$EXTERNAL_HOST_IP"
EOF
echo
}

function addHost()
{
checkHost=$(cat /etc/hosts | grep -c "elasticsearch")
if [[ "$checkHost" == "0" ]]; then
  echo "3.10.146.3 elasticsearch" >> /etc/hosts
  echo -e "${grn}Adding ${blu}3.10.146.3 elasticsearch ${grn}to hosts file. ${clr}"
else
  echo -e "${blu}3.10.146.3 elasticsearch ${grn}found in hosts file. Skipping.${clr}"
fi
echo
}

function startService()
{
  systemctl start filebeat
  if [[ $? -ne 0 ]]; then
    echo -e "${red}Something went wrong. Please check your system logs for any errors${clr}"
    echo -e "${red}Installation Aborted.${clr}"
    echo
    exit 1
  else
    echo -e "${yel}Filebeat installation and activation complete!${clr}"
    echo -e "${grn}You can check the filebeat logs by doing ${blu}systemctl status filebeat${clr}"
    echo
  fi
}
# BEGIN ###############################

checkCert
installFilebeat
extractCerts
createConfig
addHost
startService