sysutils/beats8: initial Filebeat support

Author: 0xThiebaut

sysutils/beats8/Makefile

@@ -0,0 +1,8 @@
+PLUGIN_NAME=		beats8
+PLUGIN_VERSION=		1.0
+PLUGIN_REVISION=	0
+PLUGIN_COMMENT=		Send logs, network, metrics and heartbeat to elasticsearch
+PLUGIN_DEPENDS=		beats8
+PLUGIN_MAINTAINER=	0xThiebaut
+
+.include "../../Mk/plugins.mk"

sysutils/beats8/pkg-descr

@@ -0,0 +1,13 @@
+Beats is the platform for building lightweight, open source data
+shippers for many types of operational data you want to enrich with
+Logstash, search and analyze in Elasticsearch, and visualize in Kibana.
+
+Filebeat is a lightweight, open source shipper for log file data. As the
+next-generation Logstash Forwarder, Filebeat tails logs and quickly
+sends this information to Logstash for further parsing and enrichment or
+to Elasticsearch for centralized storage and analysis.
+
+The OPNsense Beats plugin only initializes Elasticsearch;
+It doesn't load Kibana dashboards.
+
+WWW: https://www.elastic.co/guide/en/beats

sysutils/beats8/src/opnsense/mvc/app/controllers/OPNsense/Filebeat/Api/ServiceController.php

@@ -0,0 +1,49 @@
+<?php
+
+/**
+ *    Copyright (C) 2025 Maxime THIEBAUT
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Filebeat\Api;
+
+use OPNsense\Base\ApiMutableServiceControllerBase;
+
+/**
+ * Class ServiceController
+ * @package OPNsense\Filebeat
+ */
+class ServiceController extends ApiMutableServiceControllerBase
+{
+    protected static $internalServiceClass = '\OPNsense\Beats8\Filebeat';
+    protected static $internalServiceTemplate = 'OPNsense/Filebeat';
+    protected static $internalServiceEnabled = 'enabled';
+    protected static $internalServiceName = 'filebeat';
+    protected function reconfigureForceRestart()
+    {
+        return 0;
+    }
+}

sysutils/beats8/src/opnsense/mvc/app/controllers/OPNsense/Filebeat/Api/SettingsController.php

@@ -0,0 +1,43 @@
+<?php
+
+/**
+ *    Copyright (C) 2025 Maxime THIEBAUT
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Filebeat\Api;
+
+use OPNsense\Base\ApiMutableModelControllerBase;
+
+/**
+ * Class SettingsController Handles settings related API actions for the HelloWorld module
+ * @package OPNsense\Filebeat
+ */
+class SettingsController extends ApiMutableModelControllerBase
+{
+    protected static $internalModelClass = 'OPNsense\Beats8\Filebeat';
+    protected static $internalModelName = 'filebeat';
+}

sysutils/beats8/src/opnsense/mvc/app/controllers/OPNsense/Filebeat/IndexController.php

@@ -0,0 +1,46 @@
+<?php
+
+/**
+ *    Copyright (C) 2025 Maxime THIEBAUT
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Filebeat;
+
+/**
+ * Class IndexController
+ * @package OPNsense\Filebeat
+ */
+class IndexController extends \OPNsense\Base\IndexController
+{
+    public function indexAction()
+    {
+        // pick the template to serve to our users.
+        $this->view->pick('OPNsense/Beats8/filebeat');
+        // fetch form data "general" in
+        $this->view->generalForm = $this->getForm("filebeat");
+    }
+}

sysutils/beats8/src/opnsense/mvc/app/controllers/OPNsense/Filebeat/forms/filebeat.xml

@@ -0,0 +1,53 @@
+<form>
+    <field>
+        <id>filebeat.enabled</id>
+        <label>Enabled</label>
+        <type>checkbox</type>
+        <help>Enable the Filebeat service.</help>
+    </field>
+    <field>
+        <id>filebeat.modules.enabled</id>
+        <label>Modules</label>
+        <type>select_multiple</type>
+        <help>The Filebeat modules to enable.</help>
+    </field>
+    <field>
+        <id>filebeat.inputs.enabled</id>
+        <label>Inputs</label>
+        <type>select_multiple</type>
+        <help>The Filebeat inputs to enable.</help>
+    </field>
+    <field>
+        <label>Elasticsearch</label>
+        <type>header</type>
+    </field>
+    <field>
+        <id>filebeat.output.elasticsearch.hosts</id>
+        <label>Host</label>
+        <type>text</type>
+        <help>The Elasticsearch host to which Filebeat should send its logs. IPv6 addresses should always be defined as: https://[2001:db8::1]:9200.</help>
+        <hint>http://localhost:9200</hint>
+    </field>
+    <field>
+        <id>filebeat.output.elasticsearch.api_key</id>
+        <label>API Key</label>
+        <type>password</type>
+        <help>The authentication API key in its id:api_key format.</help>
+        <hint>id:api_key</hint>
+    </field>
+    <field>
+        <id>filebeat.output.elasticsearch.ssl.verification_mode</id>
+        <label>SSL Verification</label>
+        <type>dropdown</type>
+        <help>Controls the verification of certificates. The full mode verifies that the provided certificate is signed by a trusted authority (CA) and also verifies that the server's hostname (or IP address) matches the names identified within the certificate. The strict mode is similar to full mode, but requires the Subject Alternative Name to be defined as well. The certificate mode verifies that the provided certificate is signed by a trusted authority (CA), but does not perform any hostname verification.</help>
+        <advanced>true</advanced>
+    </field>
+    <field>
+        <id>filebeat.output.elasticsearch.ssl.ca_trusted_fingerprint</id>
+        <label>SSL Fingerprint</label>
+        <type>text</type>
+        <help>A HEX encoded root CA SHA256 fingerprint added to the list of trusted CAs before SSL validation happens.</help>
+        <hint>CA:FE:BA:BE:...</hint>
+        <advanced>true</advanced>
+    </field>
+</form>

sysutils/beats8/src/opnsense/mvc/app/models/OPNsense/Beats8/ACL/ACL.xml

@@ -0,0 +1,9 @@
+<acl>
+    <page-services-beats8>
+        <name>Services: Beats8</name>
+        <patterns>
+            <pattern>ui/filebeat/*</pattern>
+            <pattern>api/filebeat/*</pattern>
+        </patterns>
+    </page-services-beats8>
+</acl>

sysutils/beats8/src/opnsense/mvc/app/models/OPNsense/Beats8/Filebeat.php

@@ -0,0 +1,64 @@
+<?php
+
+/**
+ *    Copyright (C) 2025 Maxime THIEBAUT
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Beats8;
+
+use OPNsense\Base\BaseModel;
+use OPNsense\Base\Messages\Message;
+
+class Filebeat extends BaseModel
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function performValidation($validateFullModel = false)
+    {
+        $messages = parent::performValidation($validateFullModel);
+
+        if ($validateFullModel || $this->modules->enabled->isFieldChanged() || $this->inputs->enabled->isFieldChanged()) {
+            if ($this->modules->enabled->isEmpty() && $this->inputs->enabled->isEmpty()) {
+                $messages->appendMessage(
+                    new Message(
+                        gettext("Either an input or module needs to be specified."),
+                        $this->modules->enabled->__reference
+                    )
+                );
+                $messages->appendMessage(
+                    new Message(
+                        gettext("Either an input or module needs to be specified."),
+                        $this->inputs->enabled->__reference
+                    )
+                );
+            }
+        }
+
+        return $messages;
+    }
+}

sysutils/beats8/src/opnsense/mvc/app/models/OPNsense/Beats8/Filebeat.xml

@@ -0,0 +1,55 @@
+<model>
+    <mount>//OPNsense/filebeat</mount>
+    <description>
+        Send logs to elasticsearch
+    </description>
+    <items>
+        <enabled type="BooleanField">
+            <Default>0</Default>
+            <Required>Y</Required>
+        </enabled>
+        <modules>
+            <enabled type="OptionField">
+                <OptionValues>
+                    <suricata>Suricata (Intrusion Detection)</suricata>
+                </OptionValues>
+                <Multiple>Y</Multiple>
+            </enabled>
+        </modules>
+        <inputs>
+            <enabled type="OptionField">
+                <Default>audit</Default>
+                <OptionValues>
+                    <audit>Audit</audit>
+                    <configd>Backend</configd>
+                    <boot>Boot</boot>
+                    <system>General</system>
+                    <lighttpd>Web GUI</lighttpd>
+                </OptionValues>
+                <Multiple>Y</Multiple>
+            </enabled>
+        </inputs>
+        <output>
+            <elasticsearch>
+                <hosts type="UrlField">
+                    <Required>Y</Required>
+                </hosts>
+                <api_key type="UpdateOnlyTextField">
+                    <Required>Y</Required>
+                </api_key>
+                <ssl>
+                    <verification_mode type="OptionField">
+                        <Default>Full</Default>
+                        <OptionValues>
+                            <strict>Strict</strict>
+                            <full>Full</full>
+                            <certificate>Certificate</certificate>
+                        </OptionValues>
+                        <Required>Y</Required>
+                    </verification_mode>
+                    <ca_trusted_fingerprint type="TextField"/>
+                </ssl>
+            </elasticsearch>
+        </output>
+    </items>
+</model>

sysutils/beats8/src/opnsense/mvc/app/models/OPNsense/Beats8/Menu/Menu.xml

@@ -0,0 +1,7 @@
+<menu>
+    <Services>
+        <Beats8 cssClass="fa fa-heartbeat fa-fw">
+            <Filebeat url="/ui/filebeat"/>
+        </Beats8>
+    </Services>
+</menu>