Auditbeat pushing correctly with file integrity module

modules/utilities/unix/logging/auditbeat/auditbeat.pp

@@ -10,15 +10,37 @@ class { 'auditbeat':
       'paths'   => ['/bin', '/usr/bin', '/sbin', '/usr/sbin', '/etc'],
     },
     # {
-    #   'module'  => 'auditd',
-    #   'enabled' => true,
-    #   '' => [''],  TODO: this needs correctly configuring. see https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-module-auditd.html
+      # 'module'  => 'auditd',
+      # 'enabled' => true,
+      # 'audit_rules' => '-a always,exit -F arch=b64 -S all -F key=64bit-abi',
+       # TODO: this needs correctly configuring. see https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-module-auditd.html
     # },
   ],
   outputs => {
     'logstash' => {
-      'hosts' => ["http://$logstash_ip:$logstash_port"],
-      'index' => 'auditbeat-%{+YYYY.MM.dd}',
+      'hosts' => ["$logstash_ip:$logstash_port"],
     },
   },
-}
+}
+
+
+#
+# class { 'auditbeat':
+#   modules => [
+#     {
+#       'module'  => 'file_integrity',
+#       'enabled' => true,
+#       'paths'   => ['/bin', '/usr/bin', '/sbin', '/usr/sbin', '/etc'],
+#     },
+#     {
+#       'module'      => 'auditd',
+#       'enabled'     => true,
+#     },
+#   ],
+#   outputs => {
+#     'elasticsearch' => {
+#       'hosts' => ['http://localhost:9200'],
+#       'index' => 'auditbeat-%{+YYYY.MM.dd}',
+#     },
+#   }
+# }

scenarios/examples/elkstack.xml

@@ -10,7 +10,7 @@
 	-->
 
 	<system>
-		<system_name>escalation</system_name>
+		<system_name>elk</system_name>
 		<base platform="linux" type="server" distro=".*Ubuntu.*"/>
 
 		<input into_datastore="IP_address">
@@ -74,6 +74,15 @@
 			</input>
 		</utility>
 
+		<utility module_path=".*auditbeat.*">
+			<input into="logstash_ip">
+				<datastore access="0">IP_address</datastore>
+			</input>
+			<input into="logstash_port">
+				<datastore access="0">logstash_port</datastore>
+			</input>
+		</utility>
+
 		<network type="private_network" >
 			<input into="IP_address">
 				<datastore access="0">IP_address</datastore>
@@ -81,6 +90,27 @@
 		</network>
 	</system>
 
+	<!--<system>-->
+		<!--<system_name>auditpusher</system_name>-->
+		<!--<base platform="linux" type="server" distro=".*Ubuntu.*"/>-->
+
+		<!--<utility module_path=".*auditbeat.*">-->
+			<!--<input into="logstash_ip">-->
+				<!--<value>172.16.0.2</value>-->
+			<!--</input>-->
+			<!--&lt;!&ndash; TODO: rename to elasticsearch port if it works smoothly&ndash;&gt;-->
+			<!--<input into="logstash_port">-->
+				<!--<value>9200</value>-->
+			<!--</input>-->
+		<!--</utility>-->
+
+		<!--<network type="private_network" >-->
+			<!--<input into="IP_address">-->
+				<!--<value>172.16.0.3</value>-->
+			<!--</input>-->
+		<!--</network>-->
+	<!--</system>-->
+
 	<!--TODO: Test this system afterwards. Save as another example.xml -->
 	<!--<system>-->
 		<!--<system_name>escalation</system_name>-->