We have been looking into vast estate of Linux clients and the project scope is looking for data for Operational data (filebeat) and (metrics-beat) && Security/complicance (Auditbeat) etc. The original plan was to install the relevant beats individually which I feel is bit awkward. Since most of the libraries are repeated in these beats, Is there a way to build the above 3 beats into a single package?
or better still, is there a template so we can build any relevant combination of such beats into single package and configure them remotely? [Single build template for multiple beats (Filebeat + MetricBeat + AuditBeat etc.)]
You would have to script this yourself. I have done similar with a bash script and an Aws S3 bucket to pull down the relevant beat. Automation tools such as Ansible would allow you to deploy to the relevant devices based on tag, hostnames etc...
I agree to the scripting side, but if you see the libraries && core-code is repeated in each beats. It won't be a nice idea to do scripting into the core-code piece, but rather best done at a source-code level or template such builds at core-code level.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.