|
|
|
---
|
|
|
|
|
|
|
|
graylog_version: 3.3.8
|
|
|
|
graylog_archive_url: https://downloads.graylog.org/releases/graylog/graylog-{{ graylog_version }}.tgz
|
|
|
|
graylog_archive_sha1: 6e2d790251d2fd6483682b9be739752e6825e1fa
|
|
|
|
graylog_root_dir: /opt/graylog
|
|
|
|
graylog_manage_upgrade: True
|
|
|
|
|
|
|
|
graylog_is_master: True
|
|
|
|
|
|
|
|
# Additional libs to download
|
|
|
|
graylog_libs:
|
|
|
|
log4j-systemd-journal-appender:
|
|
|
|
version: 2.4.0
|
|
|
|
sha1: a23b5c723712bfcf41cc3d962ea383c14b1a4532
|
|
|
|
url: https://repo1.maven.org/maven2/de/bwaldvogel/log4j-systemd-journal-appender/2.4.0/log4j-systemd-journal-appender-2.4.0.jar
|
|
|
|
|
|
|
|
graylog_plugins:
|
|
|
|
auth-sso:
|
|
|
|
version: 3.3.0
|
|
|
|
sha1: 300e41632ea2495f9735c82ad1237a97c015044d
|
|
|
|
url: https://github.com/Graylog2/graylog-plugin-auth-sso/releases/download/3.3.0/graylog-plugin-auth-sso-3.3.0.jar
|
|
|
|
dnsresolver:
|
|
|
|
version: 1.2.0
|
|
|
|
sha1: b470bd4b39a22574527e01a943a601c10cc2520b
|
|
|
|
url: https://github.com/graylog-labs/graylog-plugin-dnsresolver/releases/download/1.2.0/graylog-plugin-dnsresolver-1.2.0.jar
|
|
|
|
|
|
|
|
# Plugins bundled, which should not be removed
|
|
|
|
graylog_plugins_core:
|
|
|
|
- aws
|
|
|
|
- collector
|
|
|
|
- threatintel
|
|
|
|
graylog_plugins_to_install:
|
|
|
|
- auth-sso
|
|
|
|
|
|
|
|
# A random one will be created is not defined
|
|
|
|
# graylog_pass_secret:
|
|
|
|
# graylog_admin_pass:
|
|
|
|
|
|
|
|
# 9000 is for the web interface and api, 12201 is the default for gelf HTTP inputs
|
|
|
|
graylog_api_port: 9000
|
|
|
|
graylog_listeners_http_ports: [12201]
|
|
|
|
graylog_http_ports: "{{ [graylog_api_port] + graylog_listeners_http_ports }}"
|
|
|
|
graylog_http_src_ip: []
|
|
|
|
|
|
|
|
# Must match your inputs (eg, syslog/raw)
|
|
|
|
# used to open ports in the firewall
|
|
|
|
graylog_listeners_udp_ports: [514]
|
|
|
|
graylog_listeners_tcp_ports: [514]
|
|
|
|
graylog_listeners_src_ip: [0.0.0.0/0]
|
|
|
|
|
|
|
|
# graylog_external_uri: https://logs.domain.tld/
|
|
|
|
|
|
|
|
graylog_es_hosts:
|
|
|
|
- http://localhost:9200
|
|
|
|
graylog_es_cluster_name: elasticsearch
|
|
|
|
|
|
|
|
graylog_mongodb_uri:
|
|
|
|
- mongodb://localhost/graylog
|
|
|
|
|
|
|
|
# Max size of Graylog journal, in GB
|
|
|
|
graylog_journal_max_size: 5
|
|
|
|
|
|
|
|
# If you want to obtain a cert with dehydrated
|
|
|
|
# it'll be deployed as {{ graylog_root_dir }}/ssl/cert.pem and {{ graylog_root_dir }}/ssl/key.pem
|
|
|
|
# graylog_letsencrypt_cert: graylog.domain.tls
|
|
|
|
|
|
|
|
# If set, will populate enabled_tls_protocols
|
|
|
|
# on el7, TLSv1.3 seems to break filebeat connections, so, just enable TLSv1.2
|
|
|
|
graylog_tls_versions:
|
|
|
|
- TLSv1.2
|
|
|
|
|
|
|
|
# Mem to allocate to the JVM (Xmx / Xms)
|
|
|
|
graylog_jvm_mem: 2g
|