File tree Expand file tree Collapse file tree 5 files changed +29
-6
lines changed
Expand file tree Collapse file tree 5 files changed +29
-6
lines changed Original file line number Diff line number Diff line change 4949 become : yes
5050
5151- name : Create folder directory for inputs configuration
52+ become : true
53+ become_user : splunkfwd
5254 file :
5355 path : " {{ item }}"
5456 state : directory
5759 - /opt/splunkforwarder/etc/apps/auditd_app/local/
5860
5961- name : copy inputs.conf to capture auditd logs
62+ become : true
63+ become_user : splunkfwd
6064 copy :
6165 src : auditd_inputs.conf
6266 dest : /opt/splunkforwarder/etc/apps/auditd_app/local/inputs.conf
Original file line number Diff line number Diff line change 7575
7676- name : Create folder directory for inputs configuration
7777 become : true
78+ become_user : splunkfwd
7879 file :
7980 path : " {{ item }}"
8081 state : directory
8485
8586- name : copy inputs.conf to capture osquery logs
8687 become : true
88+ become_user : splunkfwd
8789 copy :
8890 src : osquery_inputs.conf
8991 dest : /opt/splunkforwarder/etc/apps/osquery_app/local/inputs.conf
Original file line number Diff line number Diff line change 5050
5151- name : Create folder directory for inputs configuration
5252 become : true
53+ become_user : splunkfwd
5354 file :
5455 path : " {{ item }}"
5556 state : directory
5960
6061- name : copy inputs.conf to capture sysmon for linux logs
6162 become : true
63+ become_user : splunkfwd
6264 copy :
6365 src : sysmon_inputs.conf
6466 dest : /opt/splunkforwarder/etc/apps/sysmon_app/local/inputs.conf
Original file line number Diff line number Diff line change 11---
22
3+ - name : Create splunkfwd group
4+ become : true
5+ group :
6+ name : splunkfwd
7+ state : present
8+
9+ - name : Create splunkfwd user
10+ become : true
11+ user :
12+ name : splunkfwd
13+ group : splunkfwd
14+ create_home : yes
15+ state : present
16+
317- name : Install splunk uf
418 become : true
519 apt : deb="{{ ludus_ar_linux_splunk_uf_url }}"
620
721- name : copy outputs.conf to forward data to splunk server
822 become : true
23+ become_user : splunkfwd
924 template :
1025 src : outputs.conf.j2
1126 dest : /opt/splunkforwarder/etc/system/local/outputs.conf
1227 force : yes
1328
1429- name : splunk license acceptance
1530 become : true
31+ become_user : splunkfwd
1632 command : /opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --no-prompt --seed-passwd {{ ludus_ar_linux_splunk_password }}
1733
18- - name : Wait for splunk uf to start
19- pause :
20- seconds : 180
21-
2234- name : Stop splunk uf
2335 become : true
36+ become_user : splunkfwd
2437 command : " /opt/splunkforwarder/bin/splunk stop"
2538
2639- name : setup to start at boot
Original file line number Diff line number Diff line change 66- include_tasks : install_auditd.yml
77- include_tasks : install_art.yml
88
9- - name : Restart splunk uf
9+ - name : Start splunk uf
1010 become : true
11- command : " systemctl restart SplunkForwarder"
11+ systemd :
12+ name : SplunkForwarder
13+ state : restarted
You can’t perform that action at this time.
0 commit comments