diff options
author | Vijay Venkatesh Kumar <vv770d@att.com> | 2020-02-20 21:50:14 +0000 |
---|---|---|
committer | Vijay Venkatesh Kumar <vv770d@att.com> | 2020-02-27 21:54:11 +0000 |
commit | 694394bbd53bbeca17b7f99dc3a635e422817d25 (patch) | |
tree | 4b09fc3d237badc3b6394d9316acde6cbeda2c0e /kubernetes/dcaegen2/components/dcae-inventory-api/resources/log | |
parent | 86de3eeeda61299847aa24f3e61f13c8e0b94322 (diff) |
dcae sec updates for dashboard and inventory
- Dashboard switched to https + non-root + portal sdk 2.6.0
- InventoryAPI keystore pwd read from file and filebeat support
Change-Id: I40d2f6a8414f0a8fc8ed7b60ed0118e69cdbb2fd
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
Issue-ID: DCAEGEN2-1592
Issue-ID: OJSI-159
Signed-off-by: Vijay Venkatesh Kumar <vv770d@att.com>
Diffstat (limited to 'kubernetes/dcaegen2/components/dcae-inventory-api/resources/log')
-rw-r--r-- | kubernetes/dcaegen2/components/dcae-inventory-api/resources/log/filebeat.yml | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/resources/log/filebeat.yml b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/log/filebeat.yml new file mode 100644 index 0000000000..0e5ee9bffa --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/log/filebeat.yml @@ -0,0 +1,72 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase + +logging: + level: debug + + # enable file rotation with default configuration + to_files: true + + # do not log to syslog + to_syslog: false + + files: + path: /usr/share/filebeat/logs + name: mybeat.log + keepfiles: 7 |