Version information
This version is compatible with:
- Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 4.7.0 < 7.0.0
- , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'philomory-graylog_api', '0.5.0'Learn more about managing modules with a PuppetfileDocumentation
graylog_api
Table of Contents
- Description
- Setup - The basics of getting started with graylog_api
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Description
This module allows you to use Graylog's REST API to adjust its configuration. It picks up where the official graylog module leaves off.
Setup
What graylog_api affects
This module manages configuration aspects of Graylog that can only be adjusted via the REST API. This includes:
- LDAP Authentication
- SSO Authentication
- Static users
- User roles
- Inputs
- Streams
- Pipelines and Pipeline rules
- Extractors
- Lookup Tables, Data Adapters and Caches
- Grok Patterns
- Dashboards
- Index Sets
More components of Graylog configuration are in scope for this module, but they have not been implemented yet.
Setup Requirements
The Ruby installation used by the Puppet agent on the Graylog server will need
to have the httparty and retries gems installed. The easiest way to manage
this is to use a package resource with the puppet_gem provider:
package { ['httparty','retries']:
ensure => present,
provider => 'puppet_gem',
}
The server will also need to have Graylog installed, of course. For this we recommend the official graylog-graylog module.
Beginning with graylog_api
In order to use any of the resources contained in this module, you first need
to supply the credentials the module should use to access the REST API. In
general, this should be the root credentials. Provide these through the
graylog_api resource.
graylog_api { 'api':
username => 'admin',
password => $password,
port => 9000,
tls => false,
server => 'localhost'
}
The resource title here must be 'api'.
Supplying the password
This module requires the graylog root password in cleartext in order to be able
to authenticate to the API. The official graylog module, on the other hand,
only needs the password hash. Rather than storing both the password and the
hash, we recommend storing the password in Hiera using EYAML, and computing the
hash using Puppet's built-in sha256 function.
Usage
Configure the default index set
graylog_index_set { 'graylog':
description => 'The Graylog default index set',
display_name => 'Default index set',
shards => 1,
replicas => 0,
rotation_strategy => 'size',
rotation_strategy_details => {
max_size => '10 GB'.to_bytes,
},
retention_strategy => 'delete',
retention_strategy_details => {
max_number_of_indices => 10,
},
}
Configure inputs
# Default properties are often acceptable
graylog_api::input::gelf_tcp { 'A GELF TCP Input': }
# But you can customize if you want
graylog_api::input::gelf_tcp { 'A GELF TCP Input with TLS':
port => 12202,
tls_cert_file => '/etc/graylog/server/tls/cert.pem',
tls_enable => true,
tls_key_file => '/etc/graylog/server/tls/key.pem',
}
Load Grok Patterns
# Load a single pattern
graylog_grok_pattern { 'SOMEFORMAT':
pattern => '%{WORD:username} %{IP:ipaddress} %{GREEDYDATA:message}',
}
# Or load a bunch of patterns from a pattern file
graylog_api::grok::pattern_file { 'common patterns':
content => file('profile/graylog/patterns/common),
}
Set up processing pipelines
# First set up some rules
graylog_api::pipeline::rule { 'copy message to full_message':
description => 'Copy the message field to the full_message field before performing extraction',
condition => 'has_field("message") && has_field("log_format") && !has_field("full_message")',
action => 'set_field("full_message",$message.message);',
}
graylog_api::pipeline::rule { 'parse log format':
description => 'Parse log via GROK if log_format field is provided',
condition => 'has_field("log_format")',
action => @(END_OF_ACTION),
let format_name = uppercase(to_string($message.log_format));
let pattern = concat(concat("%{",format_name),"}");
let map = grok(pattern: pattern, value: to_string($message.message), only_named_captures: true);
remove_field("log_format");
set_fields(map);
|-END_OF_ACTION
}
# Then put those rules in a pipeline
graylog_api::pipeline { 'custom log formats':
description => "Parse custom log formats",
stages => [
'copy message to full_message',
'parse log format'
],
connected_streams => ['All messages'],
}
Limitations
There are a lot of different settings in Graylog that this module cannot yet manage. Essentially it only manages those settings that we've needed so far ourselves.
This module aims for compatibility with Graylog 3.x, and specifically has been tested with Graylog 3.1.x. It probably works on later versions of Graylog 3.x but may not work with 4.x or 2.x.
If you discover any issues, please report them at https://github.com/magicmemories/puppet-graylog_api/issues
License and Authorship
This module was authored by Adam Gardner, and is Copyright (c) 2019 Magic Memories (USA) LLC.
It is distributed under the terms of the Apache-2.0 license; see the LICENSE file for details.
Reference
Table of Contents
Defined types
graylog_api::extractor::regex: Defines a Regex extractor.graylog_api::extractor::regex_replace: Defines a Regex replace extractor.graylog_api::grok::pattern_file: Loads a full file worth of Grok patterns into Graylog.graylog_api::input::beats: Defines a (old-style) Beats input.graylog_api::input::beats2: Defines a (new-style) Beats input.graylog_api::input::cef_tcp: Defines a CEF-TCP input.graylog_api::input::cef_udp: Defines a CEF-UDP input.graylog_api::input::gelf_http: Defines a GELF-HTTP input.graylog_api::input::gelf_tcp: Defines a GELF-TCP input.graylog_api::input::gelf_udp: Defines a GELF-UDP input.graylog_api::input::syslog_tcp: Defines a Syslog-TCP input.graylog_api::input::syslog_udp: Defines a Syslog-UDP input.graylog_api::pipeline: Define a processing pipeline.graylog_api::pipeline::rule: Defines a pipeline rule.
Resource types
graylog_api: Sets the API credentials used by the rest of the types in the module.graylog_dashboard: Creates an Dashboard.graylog_dashboard_layout: Lays out the widgets on a dashboard.graylog_dashboard_widget: Creates an Dashboard Widget.graylog_extractor: Creates an Extractor.graylog_grok_pattern: Installs a Grok pattern.graylog_index_set: Defines an Index Set.graylog_input: Creates an Input.graylog_ldap_settings: Configures LDAP authentication.graylog_lookup_adapter: Creates a Lookup Table Data Adapter.graylog_lookup_cache: Creates a Lookup Table Cache.graylog_lookup_table: Configures a Lookup Table.graylog_pipeline: Creates a processing pipleine.graylog_pipeline_rule: Creates a Pipeline Rule.graylog_plugin_auth_sso: SSO authentication plugin configurationgraylog_role: Creates a user role.graylog_stream: Creates a Stream configuration.graylog_user: Creates a internal user
Defined types
graylog_api::extractor::regex
Defines a Regex extractor.
Parameters
The following parameters are available in the graylog_api::extractor::regex defined type.
ensure
Data type: Enum['present','absent']
Whether this input should exist.
Default value: 'present'
input
Data type: String
Title of the input this extractor is attached to.
Default value: ''
source_field
Data type: String
Source field
Default value: ''
target_field
Data type: String
Choose a field name to store the extracted value. It can only contain alphanumeric characters and underscores. Example: http_response_code.
Default value: ''
regex_value
Data type: String
Title of the input this extractor is attached to.
Default value: ''
cut_or_copy
Data type: Optional[String]
Do you want to copy or cut from source? You cannot use the cutting feature on standard fields like message and source.
Default value: undef
condition_type
Data type: Optional[String]
Extracting only from messages that match a certain condition helps you avoiding wrong or unnecessary extractions and can also save CPU resources.
Default value: undef
condition_value
Data type: Optional[String]
Condition value
Default value: undef
converters
Data type: Optional[Array]
A list of optional converter types which must be Java class identifiers of converters, such as org.graylog2.inputs.converters.NumericConverter.
Default value: undef
order
Data type: Optional[Integer]
Sort index for this extractor.
Default value: undef
graylog_api::extractor::regex_replace
Defines a Regex replace extractor.
Parameters
The following parameters are available in the graylog_api::extractor::regex_replace defined type.
ensure
Data type: Enum['present','absent']
Whether this input should exist.
Default value: 'present'
input
Data type: String
Title of the input this extractor is attached to.
Default value: ''
source_field
Data type: String
Source field
Default value: ''
target_field
Data type: String
Choose a field name to store the extracted value. It can only contain alphanumeric characters and underscores. Example: http_response_code.
Default value: ''
regex_value
Title of the input this extractor is attached to.
cut_or_copy
Data type: Optional[String]
Do you want to copy or cut from source? You cannot use the cutting feature on standard fields like message and source.
Default value: undef
condition_type
Data type: Optional[String]
Extracting only from messages that match a certain condition helps you avoiding wrong or unnecessary extractions and can also save CPU resources.
Default value: undef
condition_value
Data type: Optional[String]
Condition value
Default value: undef
converters
Data type: Optional[Array]
A list of optional converter types which must be Java class identifiers of converters, such as org.graylog2.inputs.converters.NumericConverter.
Default value: undef
order
Data type: Optional[Integer]
Sort index for this extractor.
Default value: undef
regex
Data type: String
Default value: ''
replacement
Data type: String
Default value: ''
replace_all
Data type: Optional[Boolean]
Default value: false
graylog_api::grok::pattern_file
This loads a full file worth of Grok patterns into Graylog. Since Grok patterns can contain numerous characters that would require escaping in either Hiera data or Puppet code, it's usually more convienient to keep them in their own dedicated files.
- Note Note that if you load multiple files, and more than one such file defines a pattern with the same name, this will lead to a duplicate declaration error.
Examples
Loading a patterns file
graylog_api::grok::pattern_file { 'example patterns':
contents => file('profile/graylog/patterns/example_patterns'),
}
Parameters
The following parameters are available in the graylog_api::grok::pattern_file defined type.
contents
Data type: String
A multi-line string containing at most one Grok pattern per line. Lines containing only whitespace, or whose first non-whitespace character is a #, are safely skipped. Actual pattern lines begin with the pattern name in all-caps, followed by a space, followed by the pattern itself. See the Graylog documentation for a full description of the Grok pattern format.
graylog_api::input::beats
This is the Beats input from Graylog 2.x, still available in Graylog 3.x as 'Beats (deprecated)'. For the new Beats input introduced in Graylog 3.0, see graylog_api::input::beats2
Parameters
The following parameters are available in the graylog_api::input::beats defined type.
ensure
Data type: Enum['present','absent']
Whether this input should exist.
Default value: 'present'
bind_address
Data type: String
The IP address to listen on.
Default value: '0.0.0.0'
override_source
Data type: Optional[String]
The source is a hostname derived from the received packet by default. Set this if you want to override it with a custom string.
Default value: undef
port
Data type: Stdlib::Port
The port to listen on.
Default value: 5044
recv_buffer_size
Data type: Integer
The size in bytes of the recvBufferSize for network connections to this input. Defaults to 1 MB.
Default value: .to_bytes
scope
Data type: Enum['global','local']
Whether this input is defined on all nodes ('global') or just this node ('local').
Default value: 'global'
static_fields
Data type: Optional[Hash]
Static fields to assign to this input.
Default value: undef
tcp_keepalive
Data type: Boolean
Whether to enable TCP keepalive packets.
Default value: false
tls_cert_file
Data type: String
The path to the server certificate to use when securing the connection with TLS. Has no effect unless tls_enable is true.
Note that this must be the entire certificate chain, and that Graylog is sensitive to exact formatting of PEM certificates, e.g. there must be a trailing newline.
Default value: ''
tls_client_auth
Data type: String
Whether to use TLS to authenticate clients. Can be 'disabled', 'optional', or 'required'.
Default value: 'disabled'
tls_client_auth_cert_file
Data type: String
The path to the file (or directory) which stores the certificates of trusted clients. Has no effect if tls_client_auth is 'disabled' or tls_enable is false.
Default value: ''
tls_enable
Data type: Boolean
Whether to enable TLS for securing the input.
Default value: false
tls_key_file
Data type: String
The path to the private key which corresponds to the tls_cert_file. Has no effect if tls_enable is false.
Note that for PEM private keys, Graylog is sensitive to exact formatting, e.g. there must be a trailing newline.
Default value: ''
tls_key_password
Data type: String
The password to decrypt to private key specified in tls_key_file. Leave blank if not using TLS, or if the key is not encrypted.
Default value: ''
graylog_api::input::beats2
This is the new Beats input introduced in Graylog 3. For the prior Beats input (still available in as 'Beats (deprecated)'), see graylog_api::input::beats.
Parameters
The following parameters are available in the graylog_api::input::beats2 defined type.
ensure
Data type: Enum['present','absent']
Whether this input should exist.
Default value: 'present'
bind_address
Data type: String
The IP address to listen on.
Default value: '0.0.0.0'
include_beats_prefix
Data type: Boolean
Whether to prefix additional fields with the name of the beat type, e.g. source -> filebeat_source.
Default value: false
override_source
Data type: Optional[String]
The source is a hostname derived from the received packet by default. Set this if you want to override it with a custom string.
Default value: undef
port
Data type: Stdlib::Port
The port to listen on.
Default value: 5044
recv_buffer_size
Data type: Integer
The size in bytes of the recvBufferSize for network connections to this input. Defaults to 1 MB.
Default value: .to_bytes
scope
Data type: Enum['global','local']
Whether this input is defined on all nodes ('global') or just this node ('local').
Default value: 'global'
static_fields
Data type: Optional[Hash]
Static fields to assign to this input.
Default value: undef
tcp_keepalive
Data type: Boolean
Whether to enable TCP keepalive packets.
Default value: false
tls_cert_file
Data type: String
The path to the server certificate to use when securing the connection with TLS. Has no effect unless tls_enable is true.
Note that this must be the entire certificate chain, and that Graylog is sensitive to exact formatting of PEM certificates, e.g. there must be a trailing newline.
Default value: ''
tls_client_auth
Data type: String
Whether to use TLS to authenticate clients. Can be 'disabled', 'optional', or 'required'.
Default value: 'disabled'
tls_client_auth_cert_file
Data type: String
The path to the file (or directory) which stores the certificates of trusted clients. Has no effect if tls_client_auth is 'disabled' or tls_enable is false.
Default value: ''
tls_enable
Data type: Boolean
Whether to enable TLS for securing the input.
Default value: false
tls_key_file
Data type: String
The path to the private key which corresponds to the tls_cert_file. Has no effect if tls_enable is false.
Note that for PEM private keys, Graylog is sensitive to exact formatting, e.g. there must be a trailing newline.
Default value: ''
tls_key_password
Data type: String
The password to decrypt to private key specified in tls_key_file. Leave blank if not using TLS, or if the key is not encrypted.
Default value: ''
graylog_api::input::cef_tcp
Defines an input accepting CEF messages over TCP.
Parameters
The following parameters are available in the graylog_api::input::cef_tcp defined type.
ensure
Data type: Enum['present','absent']
Whether this input should exist.
Default value: 'present'
bind_address
Data type: String
The IP address to listen on. Defaults to 0.0.0.0.
Default value: '0.0.0.0'
locale
Data type: String
The locale to use when parsing the CEF timestamps. Format can be either "en"-style or "en_US"-style.
Default value: 'en'
max_message_size
Data type: Integer
The maximum length of a message.
Default value: .to_bytes
num_worker_threads
Data type: Integer
How many worker threads the input should use.
Default value: 2
port
Data type: Stdlib::Port
The port to listen on. Defaults to 514, however be aware that in many server setups Graylog will not be able a privileged port without additional configuration.
Default value: 5555
recv_buffer_size
Data type: Integer
The size in bytes of the recvBufferSize for network connections to this input. Defaults to 256 kilobytes.
Default value: .to_bytes
scope
Data type: Enum['global','local']
Whether this input is defined on all nodes ('global') or just this node ('local'). Default is global.
Default value: 'global'
static_fields
Data type: Optional[Hash]
Static fields to assign to this input.
Default value: undef
tcp_keepalive
Data type: Boolean
Whether to enable TCP keepalive packets.
Default value: false
timezone
Data type: String
The timezone of the timestamps in the CEF messages. Format is TZ Database, e.g. "America/New_York" or "UTC".
Default value: 'UTC'
tls_cert_file
Data type: String
The path to the server certificate to use when securing the connection with TLS. Has no effect unless tls_enable is true. Defaults to the empty string. Note that this must be the entire certificate chain, and that Graylog is sensitive to exact formatting of PEM certificates, e.g. there must be a trailing newline.
Default value: ''
tls_client_auth
Data type: String
Whether to use TLS to authenticate clients. Can be 'disabled', 'optional', or 'required'.
Default value: 'disabled'
tls_client_auth_cert_file
Data type: String
The path to the file (or directory) which stores the certificates of trusted clients. Has no effect if tls_client_auth is 'disabled' or tls_enable is false.
Default value: ''
tls_enable
Data type: Boolean
Whether to enable TLS for securing the input.
Default value: false
tls_key_file
Data type: String
The path to the private key which corresponds to the tls_cert_file. Has no effect if tls_enable is false. Note that for PEM private keys, Graylog is sensitive to exact formatting, e.g. there must be a trailing newline.
Default value: ''
tls_key_password
Data type: String
The password to decrypt to private key specified in tls_key_file. Leave blank if not using TLS, or if the key is not encrypted.
Default value: ''
use_full_names
Data type: Boolean
Whether to use full field names in CEF messages (as defined in the CEF specification).
Default value: false
use_null_delimiter
Data type: Boolean
Whether to use a null byte as a frame delimiter. If false, a newline is used as the delimiter instead.
Default value: false
graylog_api::input::cef_udp
Defines an input accepting CEF messages over UDP.
Parameters
The following parameters are available in the graylog_api::input::cef_udp defined type.
ensure
Data type: Enum['present','absent']
Whether this input should exist.
Default value: 'present'
bind_address
Data type: String
The IP address to listen on. Defaults to 0.0.0.0.
Default value: '0.0.0.0'
locale
Data type: String
The locale to use when parsing the CEF timestamps. Format can be either "en"-style or "en_US"-style.
Default value: 'en'
num_worker_threads
Data type: Integer
How many worker threads the input should use.
Default value: 2
port
Data type: Stdlib::Port
The port to listen on. Defaults to 514, however be aware that in many server setups Graylog will not be able a privileged port without additional configuration.
Default value: 5555
recv_buffer_size
Data type: Integer
The size in bytes of the recvBufferSize for network connections to this input. Defaults to 256 kilobytes.
Default value: .to_bytes
scope
Data type: Enum['global','local']
Whether this input is defined on all nodes ('global') or just this node ('local'). Default is global.
Default value: 'global'
static_fields
Data type: Optional[Hash]
Static fields to assign to this input.
Default value: undef
timezone
Data type: String
The timezone of the timestamps in the CEF messages. Format is TZ Database, e.g. "America/New_York" or "UTC".
Default value: 'UTC'
use_full_names
Data type: Boolean
Whether to use full field names in CEF messages (as defined in the CEF specification).
Default value: false
use_null_delimiter
Whether to use a null byte as a frame delimiter. If false, a newline is used as the delimiter instead.
graylog_api::input::gelf_http
Defines an input accepting GELF-formatted JSON over HTTP POST.
Parameters
The following parameters are available in the graylog_api::input::gelf_http defined type.
ensure
Data type: Enum['present','absent']
Whether this input should exist.
Default value: 'present'
bind_address
Data type: String
The IP address to listen on.
Default value: '0.0.0.0'
decompress_size_limit
Data type: Integer
The maximum number of bytes of decompressed message data will be accepted in a single POST. Defaults to 8 megabytes.
Default value: .to_bytes
enable_cors
Data type: Boolean
Whether the input should send CORS headers to satisfy browser security policies.
Default value: true
idle_writer_timeout
Data type: Integer
How long the server should wait to receive additional messages from the client before closing the connection, in seconds. Set to 0 to disable.
Default value: 60
max_chunk_size
Data type: Integer
The maximum HTTP chunk size in bytes (e. g. length of HTTP request body).
Default value: 65536
override_source
Data type: Optional[String]
The source is a hostname derived from the received packet by default. Set this if you want to override it with a custom string.
Default value: undef
port
Data type: Stdlib::Port
The port to listen on.
Default value: 12280
recv_buffer_size
Data type: Integer
The size in bytes of the recvBufferSize for network connections to this input.
Default value: .to_bytes
scope
Data type: Enum['global','local']
Whether this input is defined on all nodes ('global') or just this node ('local').
Default value: 'global'
static_fields
Data type: Optional[Hash]
Static fields to assign to this input.
Default value: undef
tcp_keepalive
Data type: Boolean
Whether to enable TCP keepalive packets.
Default value: false
tls_cert_file
Data type: String
The path to the server certificate to use when securing the connection with TLS. Has no effect unless tls_enable is true.
Note that this must be the entire certificate chain, and that Graylog is sensitive to exact formatting of PEM certificates, e.g. there must be a trailing newline.
Default value: ''
tls_client_auth
Data type: String
Whether to use TLS to authenticate clients. Can be 'disabled', 'optional', or 'required'.
Default value: 'disabled'
tls_client_auth_cert_file
Data type: String
The path to the file (or directory) which stores the certificates of trusted clients. Has no effect if tls_client_auth is 'disabled' or tls_enable is false.
Default value: ''
tls_enable
Data type: Boolean
Whether to enable TLS for securing the input.
Default value: false
tls_key_file
Data type: String
The path to the private key which corresponds to the tls_cert_file. Has no effect if tls_enable is false.
Note that for PEM private keys, Graylog is sensitive to exact formatting, e.g. there must be a trailing newline.
Default value: ''
tls_key_password
Data type: String
The password to decrypt to private key specified in tls_key_file. Leave blank if not using TLS, or if the key is not encrypted.
Default value: ''
graylog_api::input::gelf_tcp
Defines an input accepting GELF over TCP, optionally encrypted with TLS.
Parameters
The following parameters are available in the graylog_api::input::gelf_tcp defined type.
ensure
Data type: Enum['present','absent']
Whether this input should exist.
Default value: 'present'
bind_address
Data type: String
The IP address to listen on.
Default value: '0.0.0.0'
decompress_size_limit
Data type: Integer
The maximum number of bytes of decompressed message data will be accepted in a single POST.
Default value: .to_bytes
max_message_size
Data type: Integer
The maximum length of a message, in bytes. Default value is 2 megabytes.
Default value: .to_bytes
override_source
Data type: Optional[String]
The source is a hostname derived from the received packet by default. Set this if you want to override it with a custom string.
Default value: undef
port
Data type: Stdlib::Port
The port to listen on.
Default value: 12201
recv_buffer_size
Data type: Integer
The size in bytes of the recvBufferSize for network connections to this input. Defaults to 1 MB.
Default value: .to_bytes
scope
Data type: Enum['global','local']
Whether this input is defined on all nodes ('global') or just this node ('local').
Default value: 'global'
static_fields
Data type: Optional[Hash]
Static fields to assign to this input.
Default value: undef
tcp_keepalive
Data type: Boolean
Whether to enable TCP keepalive packets.
Default value: false
tls_cert_file
Data type: String
The path to the server certificate to use when securing the connection with TLS. Has no effect unless tls_enable is true. Defaults to the empty string. Note that this must be the entire certificate chain, and that Graylog is sensitive to exact formatting of PEM certificates, e.g. there must be a trailing newline.
Default value: ''
tls_client_auth
Data type: String
Whether to use TLS to authenticate clients. Can be 'disabled', 'optional', or 'required'.
Default value: 'disabled'
tls_client_auth_cert_file
Data type: String
The path to the file (or directory) which stores the certificates of trusted clients. Has no effect if tls_client_auth is 'disabled' or tls_enable is false.
Default value: ''
tls_enable
Data type: Boolean
Whether to enable TLS for securing the input.
Default value: false
tls_key_file
Data type: String
The path to the private key which corresponds to the tls_cert_file. Has no effect if tls_enable is false. Note that for PEM private keys, Graylog is sensitive to exact formatting, e.g. there must be a trailing newline.
Default value: ''
tls_key_password
Data type: String
The password to decrypt to private key specified in tls_key_file. Leave blank if not using TLS, or if the key is not encrypted.
Default value: ''
use_null_delimiter
Data type: Boolean
Whether to use a null byte as a frame delimiter. If false, a newline is used as the delimiter instead.
Default value: true
graylog_api::input::gelf_udp
Defines an input accepting GELF over UDP.
Parameters
The following parameters are available in the graylog_api::input::gelf_udp defined type.
ensure
Data type: Enum['present','absent']
Whether this input should exist.
Default value: 'present'
bind_address
Data type: String
The IP address to listen on. Defaults to 0.0.0.0.
Default value: '0.0.0.0'
decompress_size_limit
Data type: Integer
The maximum number of bytes of decompressed message data will be accepted in a single POST. Defaults to 8 megabytes.
Default value: .to_bytes
override_source
Data type: Optional[String]
The source is a hostname derived from the received packet by default. Set this if you want to override it with a custom string.
Default value: undef
port
Data type: Stdlib::Port
The port to listen on. Defaults to 12280.
Default value: 12201
recv_buffer_size
Data type: Integer
The size in bytes of the recvBufferSize for network connections to this input. Defaults to 256 kilobytes.
Default value: .to_bytes
scope
Data type: Enum['global','local']
Whether this input is defined on all nodes ('global') or just this node ('local'). Default is global.
Default value: 'global'
static_fields
Data type: Optional[Hash]
Static fields to assign to this input.
Default value: undef
graylog_api::input::syslog_tcp
Defines an input accepting Syslog messages over TCP.
Parameters
The following parameters are available in the graylog_api::input::syslog_tcp defined type.
ensure
Data type: Enum['present','absent']
Whether this input should exist.
Default value: 'present'
allow_override_date
Whether to allow setting the message timestamp to the current server time, if the timstamp in the message failed to parse. Defaults to true.
bind_address
Data type: String
The IP address to listen on. Defaults to 0.0.0.0.
Default value: '0.0.0.0'
expand_structured_data
Whether to expand structured data elements by prefixing attributes with their SD-ID. Defaults to true.
force_rdns
Whether to force reverse DNS resolution of sender's hostname. Use if the hostname in the message cannot be parsed. Default value is false. NOTE: Be careful with this setting if you are sending DNS server logs into this input as it can cause a feedback loop.
override_source
Data type: Optional[String]
The source is a hostname derived from the received packet by default. Set this if you want to override it with a custom string.
Default value: undef
port
Data type: Stdlib::Port
The port to listen on. Defaults to 514, however be aware that in many server setups Graylog will not be able a privileged port without additional configuration.
Default value: 5044
recv_buffer_size
Data type: Integer
The size in bytes of the recvBufferSize for network connections to this input. Defaults to 256 kilobytes.
Default value: .to_bytes
scope
Data type: Enum['global','local']
Whether this input is defined on all nodes ('global') or just this node ('local'). Default is global.
Default value: 'global'
static_fields
Data type: Optional[Hash]
Static fields to assign to this input.
Default value: undef
store_full_message
Whether to store the full original syslog message as full_message. Defaults to true.
tcp_keepalive
Data type: Boolean
Whether to enable TCP keepalive packets.
Default value: false
tls_cert_file
Data type: String
The path to the server certificate to use when securing the connection with TLS. Has no effect unless tls_enable is true. Defaults to the empty string. Note that this must be the entire certificate chain, and that Graylog is sensitive to exact formatting of PEM certificates, e.g. there must be a trailing newline.
Default value: ''
tls_client_auth
Data type: String
Whether to use TLS to authenticate clients. Can be 'disabled', 'optional', or 'required'.
Default value: 'disabled'
tls_client_auth_cert_file
Data type: String
The path to the file (or directory) which stores the certificates of trusted clients. Has no effect if tls_client_auth is 'disabled' or tls_enable is false.
Default value: ''
tls_enable
Data type: Boolean
Whether to enable TLS for securing the input.
Default value: false
tls_key_file
Data type: String
The path to the private key which corresponds to the tls_cert_file. Has no effect if tls_enable is false. Note that for PEM private keys, Graylog is sensitive to exact formatting, e.g. there must be a trailing newline.
Default value: ''
tls_key_password
Data type: String
The password to decrypt to private key specified in tls_key_file. Leave blank if not using TLS, or if the key is not encrypted.
Default value: ''
use_null_delimiter
Whether to use a null byte as a frame delimiter. If false, a newline is used as the delimiter instead.
graylog_api::input::syslog_udp
Defines an input accepting Syslog messages over UDP.
Parameters
The following parameters are available in the graylog_api::input::syslog_udp defined type.
ensure
Data type: Enum['present','absent']
Whether this input should exist.
Default value: 'present'
allow_override_date
Data type: Boolean
Whether to allow setting the message timestamp to the current server time, if the timstamp in the message failed to parse. Defaults to true.
Default value: true
bind_address
Data type: String
The IP address to listen on. Defaults to 0.0.0.0.
Default value: '0.0.0.0'
expand_structured_data
Data type: Boolean
Whether to expand structured data elements by prefixing attributes with their SD-ID. Defaults to true.
Default value: true
force_rdns
Data type: Boolean
Whether to force reverse DNS resolution of sender's hostname. Use if the hostname in the message cannot be parsed. Default value is false. NOTE: Be careful with this setting if you are sending DNS server logs into this input as it can cause a feedback loop.
Default value: false
override_source
Data type: Optional[String]
The source is a hostname derived from the received packet by default. Set this if you want to override it with a custom string.
Default value: undef
port
Data type: Stdlib::Port
The port to listen on. Defaults to 514, however be aware that in many server setups Graylog will not be able a privileged port without additional configuration.
Default value: 514
recv_buffer_size
Data type: Integer
The size in bytes of the recvBufferSize for network connections to this input. Defaults to 256 kilobytes.
Default value: .to_bytes
scope
Data type: Enum['global','local']
Whether this input is defined on all nodes ('global') or just this node ('local'). Default is global.
Default value: 'global'
static_fields
Data type: Optional[Hash]
Static fields to assign to this input.
Default value: undef
store_full_message
Data type: Boolean
Whether to store the full original syslog message as full_message. Defaults to true.
Default value: true
graylog_api::pipeline
This is a convenience wrapper around graylog_pipeline, which prevents frees you from worrying about pipeline syntax.
- Note This class is a work in progress in many ways. It's probably smarter to use graylog_pipeline directly until this has been fleshed out more. The main problem is that this defined type doesn't allow assigning stages an explicit priority, insteading giving them priority in order counting from 1.
Examples
Creating a pipeline where each stage is a single rule
graylog_api::pipeline { 'example',
description => 'an example pipeline',
stages => [
'rule 1',
'rule 2',
],
streams => ['All messages'],
}
Creating a pipeline where each stage has multiple rules
graylog_api::pipeline { 'example':
description => 'an example pipeline',
stages => [
['rule 1a', 'rule 1b'],
['rule 2a', 'rule 2b'],
],
streams => ['All messages'],
}
Creating a pipeline where stages have explicit match types
graylog_api::pipeline { 'example':
description => 'an example pipeline',
stages => [
{
match => 'all',
rules => ['rule 1a', 'rule 1b'],
},
{
match => 'either',
rules => ['rule 2a', 'rule 2b'],
},
],
streams => ['All messages'],
}
Parameters
The following parameters are available in the graylog_api::pipeline defined type.
description
Data type: String
The description of the pipeline.
Default value: ''
stages
Data type: Array[Graylog_api::Pipeline::Stage::Loose]
An array of stages. Each stage can be either:
- A rule name - This rule will be given a stage to itself.
- An array of rule names - These will be placed in a 'match all' stage.
- A hash with two keys:
- match - the match type of the stage, either 'all' or 'either'
- rules - An array of rules in the stage.
Stage priority cannot be set manually using this defined type; the first stage in the array will be stage 1, the second stage 2, etc. If you need to set explicit stage priorities to control how multiple pipelines run in parallel, use the graylog_pipeline native type directly.
streams
Data type: Variant[String,Array[String]]
An array of Stream names to connect the pipeline to. Note that these are case-sensitive. Also note that, if the Pipeline Processor is running before the Message Filter Chain, then the only stream that will have messages at processing time will be the 'All messages' stream.
Default value: []
graylog_api::pipeline::rule
This is a convenience wrapper around graylog_pipeline_rule which ensures no mismatch between the name in the rule source and the name of the resource.
Examples
Creating a pipeline rule
graylog_api::pipeline::rule { 'example':
description => 'an example rule',
condition => 'has_field("foo")',
action => 'set_field("bar","baz");',
}
Parameters
The following parameters are available in the graylog_api::pipeline::rule defined type.
description
Data type: String
A description of the rule.
Default value: ''
condition
Data type: String
The condition in the 'when' clause of the rule. Defaults to true, e.g. by default the rule will match all messages.
Default value: 'true'
action
Data type: String
The action to take if the rule matches. Defaults to the empty string (e.g. no action is taken when the rule matches).
Default value: ''
Resource types
graylog_api
This sets the API credentials used by the rest of the types in the module to communicate with the Graylog API. It does not actually represent a concrete resource on the target system.
Examples
graylog_api { 'api':
password => $password,
tls => false,
verify_ssl => false,
ssl_ca_file => '/etc/pki/tls/certs/ca-bundle.crt',
server => 'graylog.example.com',
port => 9000,
username => 'admin',
}
Properties
The following properties are available in the graylog_api type.
password
The API password used to connect to the Graylog server. Should be the password for the root user.
username
The API username used to connect to the Graylog server. Should be the username for the root user (default 'admin').
Default value: admin
port
the api port
tls
enable tls
Default value: false
verify_tls
enable/disable ssl cert verification
Default value: false
ssl_ca_file
The certificate authority file
Default value: /etc/pki/tls/certs/ca-bundle.crt
server
The graylog server hostname
Default value: localhost
Parameters
The following parameters are available in the graylog_api type.
name
Valid values: api
namevar
must be 'api'
graylog_dashboard
Creates an Dashboard.
- See also graylog_dashboard_widget graylog_dashboard_layout
Examples
graylog_dashboard { 'Example Dashboard':
ensure => present,
description => 'An example dashboard.',
}
Properties
The following properties are available in the graylog_dashboard type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
description
The description of the Dashboard.
purge
Whether to remove widgets from this dashboard if they aren't declared in Puppet
Parameters
The following parameters are available in the graylog_dashboard type.
name
namevar
The name of the Dashboard.
graylog_dashboard_layout
Lays out the widgets on a dashboard.
- See also graylog_dashboard graylog_dashboard_widget
Examples
graylog_dashboard_layout { 'Example Dashboard':
positions => {
'Example Widget 1' => {x => 1, y => 1, w => 2, h => 5},
'Example Widget 2' => {x => 3, y => 1, w => 2, h => 5},
'Example Widget 3' => {x => 1, y => 6, w => 4, h => 2},
},
}
Properties
The following properties are available in the graylog_dashboard_layout type.
positions
A hash of hashes. Each key is the name of a widget appearing on this dashboard. The corresponding value is a hash with four keys:
- x - The horizontal position of this widget
- y - The vertical position of this widget
- w - The width of this widget
- h - The height of this widget
Parameters
The following parameters are available in the graylog_dashboard_layout type.
name
namevar
The name of the Dashboard whose layout this is.
graylog_dashboard_widget
The title of this resource should be the name of the dashboard on which the widget appears, followed by !!!, followed by the name of the widget.
- See also graylog_dashboard graylog_dashboard_layout
Examples
graylog_dashboard_widget { 'Example Dashboard!!!Example Widget':
ensure => present,
cache_time => 10,
config => {
field => 'example_field',
limit => 5,
sort_order => 'desc',
stacked_fields => '',
timerange => {
range => 86400,
type => 'relative',
},
query => 'foo:bar',
},
type => 'QUICKVALUES_HISTOGRAM',
}
Properties
The following properties are available in the graylog_dashboard_widget type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
cache_time
The amount of time (in seconds) this widget should cache data before requesting new data.
config
A hash of configuration values for the widget. Structure of the hash varies by widget type.
type
The type of widget.
Parameters
The following parameters are available in the graylog_dashboard_widget type.
name
namevar
The name of the dashboard on which this widget appears, followed by !!!, followed by the name of the widget.
graylog_extractor
This type covers the raw API and is agnostic to the type of extractor being created. In most cases, you should declare extractors using the graylog_api::extractor::* defined types, which wrap this type and provide properties for extractor-type-specific configuration. You can use this type directly to configure an extractor type that doesn't have an existing wrapper.
Examples
graylog_extractor { 'Example Regex extractor':
ensure => present,
input => 'Syslog TCP',
type => 'org.graylog2.inputs.extractors.RegexExtractor',
source_field => 'message'
target_field => 'foo'
configuration => {
value => '^#(.*)'
},
}
Properties
The following properties are available in the graylog_extractor type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
input
Title of the input this extractor is attached to.
type
The type of the Extractor. Must be the Java enum constant for the extractor, such as REGEX
source_field
Source field
target_field
Choose a field name to store the extracted value. It can only contain alphanumeric characters and underscores. Example: http_response_code.
configuration
A hash of configuration values for the extractor; structure varies by extractor type.
cut_or_copy
Valid values: copy, cut
Do you want to copy or cut from source? You cannot use the cutting feature on standard fields like message and source.
Default value: copy
condition_type
Valid values: none, regex, string
Extracting only from messages that match a certain condition helps you avoiding wrong or unnecessary extractions and can also save CPU resources.
Default value: none
condition_value
Condition value
Default value: ''
converters
A list of optional converter types which must be Java class identifiers of converters, such as org.graylog2.inputs.converters.NumericConverter
Default value: {}
order
Sort index for this extractor
Parameters
The following parameters are available in the graylog_extractor type.
name
namevar
A descriptive name for this extractor.
graylog_grok_pattern
Installs a Grok pattern. Note that when representing Grok patterns in Puppet code or YAML-formatted Hiera data, extra escaping is necessary for many regex characters. Thus, it is often more convenient to use the graylog_api::grok::pattern_file defined type to define Grok patterns in their own dedicated file.
- See also graylog_api::grok::pattern
Examples
graylog_grok_pattern { 'EXAMPLE':
pattern => '%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level_name} %{GREEDYDATA:message}',
}
Properties
The following properties are available in the graylog_grok_pattern type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
pattern
The literal pattern string.
Parameters
The following parameters are available in the graylog_grok_pattern type.
name
namevar
The token that represents the pattern. Must be in all-caps.
graylog_index_set
Creates and configures an Index Set. Use the title 'graylog' to configure the pre-existing default index set created for new installations.
Examples
graylog_index_set { 'graylog':
description => 'The Graylog default index set',
display_name => 'Default index set',
shards => 1,
replicas => 0,
rotation_strategy => 'size',
rotation_strategy_details => {
max_size => '10 GB'.to_bytes,
},
retention_strategy => 'delete',
retention_strategy_details => {
max_number_of_indices => 10,
},
}
Properties
The following properties are available in the graylog_index_set type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
display_name
The name of the Index Set
description
A description of the Index Set
shards
Number of Elasticsearch shards used per index in this index set.
replicas
Number of Elasticsearch replicas used per index in this index set.
rotation_strategy
Valid values: Puppet::Type::Graylog_index_set::ROTATION_STRATEGIES.keys
What type of rotation strategy to use
rotation_strategy_details
Configuration details for the chosen rotation strategy
retention_strategy
Valid values: Puppet::Type::Graylog_index_set::RETENTION_STRATEGIES.keys
What type of retention strategy to use
retention_strategy_details
Configuration details for the chosen rention strategy
index_analyzer
Elasticsearch analyzer for this index set.
Default value: standard
max_segments
Maximum number of segments per Elasticsearch index after optimization (force merge).
Default value: 1
disable_index_optimization
Disable Elasticsearch index optimization (force merge) after rotation.
Default value: false
Parameters
The following parameters are available in the graylog_index_set type.
prefix
namevar
A unique prefix used in Elasticsearch indices belonging to this index set. The prefix must start with a letter or number, and can only contain letters, numbers, '_', '-' and '+'.
graylog_input
This type covers the raw API and is agnostic to the type of input being created. In most cases, you should declare inputs using the graylog_api::input::* defined types, which wrap this type and provide properties for input-type-specific configuration. You can use this type directly to configure an input type that doesn't have an existing wrapper.
Examples
graylog_input { 'Example Beats input':
ensure => present,
type => 'org.graylog.plugins.beats.BeatsInput',
scope => 'global',
configuration => {
bind_address => '0.0.0.0',
recv_buffer_size => '8 MB'.to_bytes,
override_source => 'Example override',
port => 5044,
tcp_keepalive => false,
tls_cert_file => '',
tls_client_auth => false,
tls_client_auth_cert_file => '',
tls_enable => false,
tls_key_file => '',
tls_key_password => '',
},
}
Properties
The following properties are available in the graylog_input type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
type
The type of the Input. Must be the Java class identifier for the input, such as org.graylog.plugins.beats.BeatsInput.
scope
Valid values: local, global
Whether this input is defined on all nodes ('global') or just this node ('local').
Default value: global
configuration
A hash of configuration values for the input; structure varies by input type.
static_fields
A hash of static fields to apply to messages ingested by this input.
Parameters
The following parameters are available in the graylog_input type.
name
namevar
The name of the Input Source
graylog_ldap_settings
Configures LDAP authentication, including the mapping between LDAP Groups and Graylog Roles. Make sure you also configure the Graylog Roles themselves using the graylog_role type.
- See also graylog_role
Examples
graylog_ldap_settings { 'ldap':
enabled => true,
system_username => 'CN=Graylog,OU=ServiceAccounts,DC=example,DC=com',
system_password => $password,
ldap_uri => "ldap://1.2.3.4:389/",
use_start_tls => true,
trust_all_certificates => false,
active_directory => false,
search_base => 'OU=People,DC=example,DC=com',
search_pattern => '(&(objectClass=person)(uid={0}))',
display_name_attribute => 'displayName',
default_group => 'Reader',
group_search_base => 'OU=Groups,DC=example,DC=com',
group_id_attribute => 'cn',
additional_default_groups => [],
group_search_pattern => '(objectClass=group)',
group_mapping => {
'GraylogAdmins' => 'Admin',
'Developers' => 'PowerUser',
},
}
Properties
The following properties are available in the graylog_ldap_settings type.
enabled
Whether to enable LDAP authentication.
system_username
Username to bind to LDAP server as.
system_password
Password to bind to LDAP server with.
ldap_uri
URI of LDAP server, including protocol and port.
use_start_tls
Whether to use StartTLS
trust_all_certificates
Whether to automatically trust all certificates when using StartTLS or LDAPS.
active_directory
Whether the LDAP server is an active directory server.
search_base
The search base for user lookups.
search_pattern
The LDAP filter for user lookups.
default_group
The default group users are mapped to.
group_mapping
A hash mapping LDAP groups to Graylog roles.
group_search_base
The search base for group lookups.
group_id_attribute
The attribute by which LDAP groups are identified.
additional_default_groups
Additional groups to apply by default to all users.
group_search_pattern
The LDAP filter for group lookups.
display_name_attribute
The attribute for user display names.
Parameters
The following parameters are available in the graylog_ldap_settings type.
name
Valid values: ldap
namevar
Must be "ldap", only one instance of the graylog_ldap_settings type is allowed.
graylog_lookup_adapter
Creates a Data Adapter for use with a Lookup table. At present all configuration must be done manually, there are not yet any convenience wrappers for specific adapter types.
Examples
graylog_lookup_adapter { 'example-adapter':
ensure => present,
display_name => "Example Data",
description => "A CSV file of Example Data.",
configuration => {
type => 'csvfile',
path => '/etc/graylog/lookup-table.csv',
separator => ',',
quotechar => '"',
key_column => 'foo',
value_column => 'bar',
check_interval => 60,
case_insensitive_lookup => true,
},
require => File['/etc/graylog/lookup-table.csv'],
}
Properties
The following properties are available in the graylog_lookup_adapter type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
display_name
The display name (Graylog calls this "title") of the Data Adapter
description
A description of the Data Adapter
configuration
A hash of configuration for the Data Adapter. The exact configuration properties support will vary depending on the type of adapter being used.
Parameters
The following parameters are available in the graylog_lookup_adapter type.
name
namevar
The unique name of the Data Adapter. Must consist of only letters, numbers and dashes.
graylog_lookup_cache
Creates a Cache for use with a Lookup Table. By default Graylog only supports two cache types, a noop cache called "none" and an in-memory cache called "guava_cache".
Examples
graylog_lookup_cache { 'example-cache':
ensure => present,
display_name => 'Example Data',
description => 'A cache of example data.',
configuration => {
type => 'guava_cache',
max_size => 1000,
expire_after_access => 60,
expire_after_access_unit => 'SECONDS',
expire_after_write => 0,
expire_after_write_unit => undef,
},
}
Properties
The following properties are available in the graylog_lookup_cache type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
display_name
The display name (Graylog calls this "title") of the Lookup Cache.
description
A description of the Lookup Cache.
configuration
A hash of configuration for the Lookup Cache. The exact properties will vary depending on the type of cache being managed.
Parameters
The following parameters are available in the graylog_lookup_cache type.
name
namevar
The unique name of the Lookup Cache. Must consist of only letters, numbers and dashes.
graylog_lookup_table
Configures a Lookup Table.
Examples
graylog_lookup_table { 'example-data':
ensure => present,
display_name => "Example Lookup Table",
description => 'A lookup table of example data.',
adapter => 'example-adapter',
cache => 'example-cache',
default_single_value => 'foo',
default_single_value_type => 'STRING',
default_multi_value => '',
default_multi_value_type => 'NULL',
}
Properties
The following properties are available in the graylog_lookup_table type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
display_name
The display name (Graylog calls this "title") of the Lookup Table.
description
A description of the Lookup Table.
default_single_value
The default value for a single-value lookup.
default_single_value_type
The default value type for a single-value lookup.
default_multi_value
The default value for a multi-value lookup.
default_multi_value_type
The default value type for a multi-value lookup.
adapter
The name of the Lookup Adapter used for this Lookup Table.
cache
The name of the Lookup Cache used for this Lookup Table.
Parameters
The following parameters are available in the graylog_lookup_table type.
name
namevar
The unique name of the Lookup Table. Must consist of only letters, numbers and dashes.
graylog_pipeline
Creates a processing pipeline. This type takes the pipeline definition as source text; note that the pipeline name in the source text must match the resource title. Overall, you may find it more convenient to use the graylog_api::pipeline defined type, which can take care of this for you, as well as accepting e.g. an array of rules to apply rather than source text.
- See also graylog_api::pipeline
Examples
graylog_pipeline { 'example pipeline':
description => 'An example processing pipleine',
source => @(END_OF_PIPELINE),
pipeline "everity"
stage 3 match either
rule "foo";
rule "bar";
stage 5 match all
rule "baz";
end
|-END_OF_PIPELINE
connected_streams => ['All messages'],
}
Properties
The following properties are available in the graylog_pipeline type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
description
A description of the processing pipeline.
source
The source code for the processing pipeline.
connected_streams
Streams to process with this pipeline. Note that case matters, here. \ Also note that, if the Pipeline Processor is running before the Message \ Filter Chain, then the only stream that will have messages at processing \ time will be the 'All messages' stream.
Parameters
The following parameters are available in the graylog_pipeline type.
name
namevar
The name of the processing pipeline.
graylog_pipeline_rule
Creates a Pipeline Rule. Note that the rule name given in the rule source must match the name of the resource as well. You may opt to use the graylog_api::pipeline::rule defined type instead, which manages that automatically.
- See also graylog_api::pipeline::rule
Examples
graylog_pipeline_rule { 'example':
description => 'An example rule',
source => @(END_OF_RULE),
rule "example"
when
has_field("foo")
then
set_field("bar","baz");
end
|-END_OF
}
Properties
The following properties are available in the graylog_pipeline_rule type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
description
A description of the pipeline rule.
source
The source code for the pipeline rule.
Parameters
The following parameters are available in the graylog_pipeline_rule type.
name
namevar
The name of the pipeline rule.
graylog_plugin_auth_sso
SSO authentication pluging configuration definition.
Examples
graylog_auth_sso_plugin_config { 'sso':
trusted_proxies => '127.0.0.1/32',
username_header => 'REMOTE_USER',
require_trusted_proxies => true,
auto_create_user => true,
fullname_header => 'displayName',
email_header => 'mail',
default_email_domain => 'foo.bar',
sync_roles => true,
roles_header => 'fooGroup',
}
Properties
The following properties are available in the graylog_plugin_auth_sso type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
trusted_proxies
Enable this to require the request containing the SSO header as directly coming from a trusted proxy. This is highly recommended to avoid header injection.
username_header
HTTP header containing the implicitly trusted name of the Graylog user
fullname_header
HTTP header containing the full name of user to create (defaults to the user name).
email_header
HTTP header containing the email address of user to create
default_email_domain
The default domain to use if there is no email header configured
default_role
The default Graylog role determines whether a user created can access the entire system, or has limited access.
Default value: Reader
require_trusted_proxies
Enable this to require the request containing the SSO header as directly coming from a trusted proxy. This is highly recommended to avoid header injection. The current subnet setting is: 127.0.0.1/32, 0:0:0:0:0:0:0:1/128. You can configure the setting in the Graylog server configuration file.
Default value: true
auto_create_user
Enable this if Graylog should automatically create a user account for externally authenticated users. If disabled, an administrator needs to manually create a user account.
Default value: false
sync_roles
Enable this if Graylog should automatically synchronize the roles of the user, with that specified in the HTTP header. Only existing roles in Graylog will be added to the user.
Default value: false
roles_header
Prefix of the HTTP header, can contain a comma-separated list of roles in one header, otherwise all headers with that prefix will be recognized.
Default value: ''
Parameters
The following parameters are available in the graylog_plugin_auth_sso type.
name
Valid values: sso
namevar
Must be "sso", only one instance of the graylog_plugin_auth_sso type is allowed.
graylog_role
A user role definition. Note that the Admin and Reader roles are built-in and cannot be modified.
Examples
graylog_role { 'example':
description => 'An example user role',
permissions => [
'dashboards:create',
'dashboards:edit',
'dashboards:read',
'savedsearches:read',
'savedsearches:edit',
'savedsearches:create',
'searches:relative',
'searches:keyword',
'searches:absolute',
'streams:read',
],
}
Properties
The following properties are available in the graylog_role type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
description
A description of the role.
permissions
Permissions this role provides, see the /system/permissions API endpoint for list of valid permissions.
Parameters
The following parameters are available in the graylog_role type.
name
namevar
The name of the role
graylog_stream
Creates a Stream configuration.
Examples
graylog_stream { 'example':
description => 'An example stream.',
rules => [
{
field => 'foo',
type => 'equals',
value => 'bar',
},
],
}
Properties
The following properties are available in the graylog_stream type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
description
A description of the stream.
enabled
Whether this stream is enabled.
Default value: true
matching_type
Valid values: AND, OR, and, or, all, any
Aliases: "and"=>"AND", "or"=>"OR", "all"=>"AND", "any"=>"OR"
Whether messages must match all rules, or any rule, to belong to the stream.
Default value: AND
rules
An array of rules which messages must match to be routed to this stream. Each rule is a hash with the following keys:
- field - string, the name of the field being matched
- type - string, the type of match being performed; one of: equals, matches, greater_than, less_than, field_presence, contain, or always_match
- value - string or number, the value the field is being compared to; set to empty string if no comparison is being made (e.g. for field_presence matcher)
- inverted - boolean, whether to negate the match condition
- description - string, a description of the rule
remove_matches_from_default_stream
Whether messages that appear in this stream get removed from the default stream.
Default value: false
index_set
The prefix of the index set that stream operates on.
Parameters
The following parameters are available in the graylog_stream type.
name
namevar
The name of the stream.
graylog_user
A user definition. Note that the admin user is built-in an cannot be changed.
Examples
graylog_user { 'test':
password => 'B1GnbfoNp9PND6ihXfZFjg',
full_name => 'Test user',
email => 'foo@bar',
roles => [
'Reader'
]
}
Properties
The following properties are available in the graylog_user type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
email
User email address
full_name
Full name of the user
roles
User roles
session_timeout_ms
Session timeout
permissions
User permissions
Default value: []
timezone
User timezone
startpage
User startpage
Parameters
The following parameters are available in the graylog_user type.
name
namevar
The name of the user
password
User password
Changelog
All notable changes to this project will be documented in this file.
This project follows Semantic Versioning. Since it is currently a 0.x release, no aspect of the public API is guaranteed to be stable between versions, even minor versions.
Release 0.5.0
New Features
- Support for TLS connections to the Graylog API server
Release 0.4.3
Bugfixes
graylog_roleprovider no longer tries to map a stream name from permissions likestreams:read, only e.g.streams:read:some-stream-name.
Release 0.4.2
Bugfixes
- Fix a typo in graylog_api::inputs::cef_udp
Release 0.4.1
New Features
- New graylog_api::inputs::cef_tcp input class.
- New graylog_api::inputs::cef_udp input class.
Release 0.4.0
New Features
Enhancements
- graylog_index_set type now has a
disable_index_optimizationparameter (#2) - graylog_role provider now automatically maps permissions names of the form
streams:streamnamerather than requiring the stream ID be embedded in the data passed in. (#2)
Bugfixes
- Updating rules for existing streams now works properly (#2)
Release 0.3.0
New features
- New graylog_api::input::syslog_tcp type (#1)
Release 0.2.1
Bugfixes
- Remove leftover debugging code.
Release 0.2.0
New features
- graylog_input and graylog_api::input::* now support a static_fields property.
Release 0.1.3
Bugfixes
- Fixed an issue updating Lookup Tables and Lookup Caches
- Fixed an issue minor issue with stream rules that don't use the Value attribute.
Release 0.1.2
Bugfixes
- Fixed issue introduced by namevar not being called 'name' for the
graylog_index_setproperty.
Release 0.1.1
Breaking Changes
graylog_index_setnow uses theprefixproperty as its namevar, and thenameproperty has been renamed todisplay_name. This fits better with the fact that the prefix is unique and immutable, and the display name is not.- Accordingly, the
index_setproperty of thegraylog_streamdata type now refers to the prefix of the associated index set, and not its display name.
Release 0.1.0
Initial Release
Dependencies
- puppetlabs/stdlib (>= 4.11.0 < 6.0.0)
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.