bink/cookbook-black_widow
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
No description
This repository has been archived on 2026-04-20. You can view files and clone it, but you cannot make any changes to its state, such as pushing and creating new issues, pull requests or comments.
11 commits 1 branch 5 tags 44 KiB
  • HTML 64.2%
  • Ruby 35.8%
Find a file
Exact
Terry Cain bd76503a20
 Fixed typos
2021-01-14 13:17:53 +00:00
recipes Fixed typos 2021-01-14 13:17:53 +00:00
templates/default Fixed issue on elasticsearch hosts 2021-01-14 13:14:08 +00:00
test/integration Refactored to send events to elasticsearch 2021-01-14 12:01:15 +00:00
.gitignore Legacy code 2021-01-07 18:13:11 +00:00
.gitlab-ci.yml Cleaned up attributes 2021-01-08 13:05:30 +00:00
Berksfile Legacy code 2021-01-07 18:13:11 +00:00
Berksfile.lock Fixed issue on elasticsearch hosts 2021-01-14 13:14:08 +00:00
kitchen.yml Legacy code 2021-01-07 18:13:11 +00:00
metadata.rb Fixed issue on elasticsearch hosts 2021-01-14 13:14:08 +00:00
README.md Refactored to send events to elasticsearch 2021-01-14 12:01:15 +00:00

README.md

page_title
Black Widow

Build Status

The Black Widow cookbook deploys journalbeat and auditbeat, and configures them to stream messages to Elasticsearch.

Journalbeat reads from the systemd journal. Auditbeat is a replacement for auditd, it will load audit rules into the kernel via netlink and then stream usable JSON messages instead of the multiple messages per event that auditd would emit.

TODO

  • Add auditbeat
  • Possibly add filebeat