def pause(module, base_url, headers, stream_id):
url = "/".join([base_url, stream_id, "pause"])
response, info = fetch_url(module=module,
url=url,
headers=json.loads(headers),
method='POST')
if info['status'] != 200:
module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) +
", Message: " + str(info['body'])))
try:
content = to_text(response.read(), errors='surrogate_or_strict')
except AttributeError:
content = info.pop('body', '')
return info['status'], info['msg'], content, url
def query_tag(module, base_url, tag, headers):
url = "/".join([base_url, "experimental/gnql?query=tags:%s" % tag])
response, info = fetch_url(module=module,
url=url,
headers=json.loads(headers),
method='GET')
if info['status'] != 200:
module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) +
", Message: " + str(info['body'])))
try:
content = to_text(response.read(), errors='surrogate_or_strict')
except AttributeError:
content = info.pop('body', '')
return info['status'], info['msg'], content, url
def delete(module, base_url, headers):
url = "/".join([base_url, module.params['name']])
response, info = fetch_url(module=module,
url=url,
headers=json.loads(headers),
method='DELETE')
if info['status'] != 204:
module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) +
", Message: " + str(info['body'])))
try:
content = to_text(response.read(), errors='surrogate_or_strict')
except AttributeError:
content = info.pop('body', '')
return info['status'], info['msg'], content, url
def default_index_set(module, endpoint, base_url, headers):
url = "https://%s/api/system/indices/index_sets?skip=0&limit=0&stats=false" % (endpoint)
response, info = fetch_url(module=module, url=url, headers=json.loads(headers), method='GET')
if info['status'] != 200:
module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) + ", Message: " + str(info['body'])))
try:
content = to_text(response.read(), errors='surrogate_or_strict')
indices = json.loads(content)
except AttributeError:
content = info.pop('body', '')
default_index_set_id = ""
if indices is not None:
default_index_set_id = indices['index_sets'][0]['id']
return default_index_set_id
def main():
module = AnsibleModule(argument_spec=dict(
action=dict(type='str',
required=False,
default='list_tags',
choices=['query_ip', 'query_tag', 'list_tags']),
ip=dict(type='str'),
tag=dict(type='str'),
greynoise_api_key=dict(type='str', no_log=True)))
action = module.params['action']
ip = module.params['ip']
tag = module.params['tag']
greynoise_api_key = module.params['greynoise_api_key']
base_url = "https://api.greynoise.io/v2"
headers = '{ "Accept": "application/json", \
"Key": "%s" }' % greynoise_api_key
if action == "query_ip":
status, message, content, url = query_ip(module, base_url, ip, headers)
elif action == "query_tag":
status, message, content, url = query_tag(module, base_url, tag,
headers)
elif action == "list_tags":
status, message, content, url = list_tags(module, base_url, headers)
uresp = {}
content = to_text(content, encoding='UTF-8')
try:
js = json.loads(content)
except ValueError:
js = ""
uresp['status'] = status
uresp['msg'] = message
uresp['json'] = js
uresp['url'] = url
module.exit_json(**uresp)
def create_rule(module, base_url, headers):
url = "/".join([base_url, module.params['stream_id'], "rules"])
payload = {}
for key in ['field', 'type', 'value', 'inverted', 'description']:
if module.params[key] is not None:
payload[key] = module.params[key]
response, info = fetch_url(module=module, url=url, headers=json.loads(headers), method='POST', data=module.jsonify(payload))
if info['status'] != 201:
module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) + ", Message: " + str(info['body'])))
try:
content = to_text(response.read(), errors='surrogate_or_strict')
except AttributeError:
content = info.pop('body', '')
return info['status'], info['msg'], content, url
def list(module, base_url, headers, id):
if id is not None:
url = base_url + "/%s" % (id)
else:
url = base_url
response, info = fetch_url(module=module,
url=url,
headers=json.loads(headers),
method='GET')
if info['status'] != 200:
module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) +
", Message: " + str(info['body'])))
try:
content = to_text(response.read(), errors='surrogate_or_strict')
except AttributeError:
content = info.pop('body', '')
return info['status'], info['msg'], content, url
def create(module, base_url, headers, index_set_id):
url = base_url
payload = {}
for key in ['title', 'description', 'remove_matches_from_default_stream', 'matching_type', 'rules']:
if module.params[key] is not None and module.params[key] != "":
payload[key] = module.params[key]
payload['index_set_id'] = index_set_id
response, info = fetch_url(module=module, url=url, headers=json.loads(headers), method='POST', data=module.jsonify(payload))
if info['status'] != 201:
module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) + ", Message: " + str(info['body'])))
try:
content = to_text(response.read(), errors='surrogate_or_strict')
except AttributeError:
content = info.pop('body', '')
return info['status'], info['msg'], content, url
def update(module, base_url, headers):
url = "/".join([base_url, module.params['id']])
payload = {}
for key in ['title', 'description', 'index_prefix', 'field_type_refresh_interval', 'writable', 'default',
'index_analyzer', 'shards', 'replicas', 'rotation_strategy_class', 'retention_strategy_class',
'rotation_strategy', 'retention_strategy', 'index_optimization_max_num_segments',
'index_optimization_disabled']:
if module.params[key] is not None:
payload[key] = module.params[key]
response, info = fetch_url(module=module, url=url, headers=json.loads(headers), method='PUT', data=module.jsonify(payload))
if info['status'] != 200:
module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) + ", Message: " + str(info['body'])))
try:
content = to_text(response.read(), errors='surrogate_or_strict')
except AttributeError:
content = info.pop('body', '')
return info['status'], info['msg'], content, url
def main():
module = AnsibleModule(argument_spec=dict(
endpoint=dict(type='str'),
graylog_user=dict(type='str'),
graylog_password=dict(type='str', no_log=True),
validate_certs=dict(type='bool', required=False, default=True),
allow_http=dict(type='bool', required=False, default=False),
action=dict(type='str',
required=False,
default='create',
choices=['create', 'update']),
input_type=dict(type='str',
required=False,
default='UDP',
choices=['UDP', 'TCP', 'HTTP']),
title=dict(type='str', required=True),
global_input=dict(type='bool', required=False, default=True),
node=dict(type='str', required=False),
bind_address=dict(type='str', required=False, default='0.0.0.0'),
port=dict(type='int', required=False, default=12201),
number_worker_threads=dict(type='int', required=False, default=2),
override_source=dict(type='str', required=False),
recv_buffer_size=dict(type='int', required=False, default=1048576),
tcp_keepalive=dict(type='bool', required=False, default=False),
tls_enable=dict(type='bool', required=False, default=False),
tls_cert_file=dict(type='str', required=False),
tls_key_file=dict(type='str', required=False),
tls_key_password=dict(type='str', required=False, no_log=True),
tls_client_auth=dict(type='str',
required=False,
default='disabled',
choices=['disabled', 'optional', 'required']),
tls_client_auth_cert_file=dict(type='str', required=False),
use_null_delimiter=dict(type='bool', required=False, default=False),
decompress_size_limit=dict(type='int', required=False,
default=8388608),
enable_cors=dict(type='bool', required=False, default=True),
idle_writer_timeout=dict(type='int', required=False, default=60),
max_chunk_size=dict(type='int', required=False, default=65536),
max_message_size=dict(type='int', required=False, default=2097152)))
endpoint = module.params['endpoint']
graylog_user = module.params['graylog_user']
graylog_password = module.params['graylog_password']
allow_http = module.params['allow_http']
if allow_http == True:
endpoint = "http://" + endpoint
else:
endpoint = "https://" + endpoint
# Build full name of input type
if module.params['input_type'] == "TCP":
module.params[
'input_type'] = "org.graylog2.inputs.gelf.tcp.GELFTCPInput"
elif module.params['input_type'] == "UDP":
module.params[
'input_type'] = "org.graylog2.inputs.gelf.udp.GELFUDPInput"
else:
module.params[
'input_type'] = "org.graylog2.inputs.gelf.http.GELFHttpInput"
base_url = endpoint + "/api/system/inputs"
api_token = get_token(module, endpoint, graylog_user, graylog_password,
allow_http)
headers = '{ "Content-Type": "application/json", "X-Requested-By": "Graylog API", "Accept": "application/json", \
"Authorization": "Basic ' + api_token.decode() + '" }'
status, message, content, url = action(module, base_url, headers)
uresp = {}
content = to_text(content, encoding='UTF-8')
try:
js = json.loads(content)
except ValueError:
js = ""
uresp['json'] = js
uresp['status'] = status
uresp['msg'] = message
uresp['url'] = url
module.exit_json(**uresp)
def main():
module = AnsibleModule(argument_spec=dict(
endpoint=dict(type='str'),
graylog_user=dict(type='str'),
graylog_password=dict(type='str', no_log=True),
allow_http=dict(type='bool', required=False, default=False),
validate_certs=dict(type='bool', required=False, default=True),
action=dict(type='str',
required=False,
default='list',
choices=[
'create', 'create_connection', 'parse_rule',
'create_rule', 'update', 'update_connection',
'update_rule', 'delete', 'delete_rule', 'list',
'list_rules', 'query_rules', 'query_pipelines'
]),
pipeline_id=dict(type='str'),
pipeline_name=dict(type='str'),
rule_id=dict(type='str'),
rule_name=dict(type='str'),
stream_ids=dict(type='list'),
title=dict(type='str'),
description=dict(type='str'),
source=dict(type='str')))
endpoint = module.params['endpoint']
graylog_user = module.params['graylog_user']
graylog_password = module.params['graylog_password']
action = module.params['action']
pipeline_id = module.params['pipeline_id']
pipeline_name = module.params['pipeline_name']
rule_id = module.params['rule_id']
rule_name = module.params['rule_name']
allow_http = module.params['allow_http']
if allow_http == True:
endpoint = "http://" + endpoint
else:
endpoint = "https://" + endpoint
pipeline_url = endpoint + "/api/system/pipelines/pipeline"
rule_url = endpoint + "/api/system/pipelines/rule"
connection_url = endpoint + "/api/system/pipelines/connections"
api_token = get_token(module, endpoint, graylog_user, graylog_password)
headers = '{ "Content-Type": "application/json", "X-Requested-By": "Graylog API", "Accept": "application/json", \
"Authorization": "Basic ' + api_token.decode() + '" }'
if action == "create":
status, message, content, url = create(module, pipeline_url, headers)
elif action == "parse_rule":
status, message, content, url = parse_rule(module, rule_url, headers)
elif action == "create_rule":
status, message, content, url = create_rule(module, rule_url, headers)
elif action == "create_connection":
status, message, content, url = create_connection(
module, connection_url, headers)
elif action == "update":
status, message, content, url = update(module, pipeline_url, headers)
elif action == "update_connection":
status, message, content, url = update_connection(
module, connection_url, headers)
elif action == "update_rule":
status, message, content, url = update_rule(module, rule_url, headers)
elif action == "delete":
status, message, content, url = delete(module, pipeline_url, headers,
pipeline_id)
elif action == "delete_rule":
status, message, content, url = delete_rule(module, rule_url, headers,
rule_id)
elif action == "list":
query = "no"
status, message, content, url = list(module, pipeline_url, headers,
pipeline_id, query)
elif action == "query_pipelines":
pipeline_id = query_pipelines(module, pipeline_url, headers,
pipeline_name)
query = "yes"
status, message, content, url = list(module, pipeline_url, headers,
pipeline_id, query)
elif action == "list_rules":
query = "no"
status, message, content, url = list_rules(module, rule_url, headers,
rule_id, query)
elif action == "query_rules":
rule_id = query_rules(module, rule_url, headers, rule_name)
query = "yes"
status, message, content, url = list_rules(module, rule_url, headers,
rule_id, query)
uresp = {}
content = to_text(content, encoding='UTF-8')
try:
js = json.loads(content)
except ValueError:
js = ""
uresp['json'] = js
uresp['status'] = status
uresp['msg'] = message
uresp['url'] = url
module.exit_json(**uresp)
def main():
module = AnsibleModule(argument_spec=dict(
endpoint=dict(type='str'),
graylog_user=dict(type='str'),
graylog_password=dict(type='str', no_log=True),
action=dict(type='str',
required=False,
default='list_configurations',
choices=[
'list_configurations',
'query_collector_configurations', 'update_snippet'
]),
configuration_id=dict(type='str'),
configuration_name=dict(type='str'),
configuration_tags=dict(type='list'),
snippet_name=dict(type='str'),
snippet_source=dict(type='str'),
backend=dict(type='str')))
endpoint = module.params['endpoint']
graylog_user = module.params['graylog_user']
graylog_password = module.params['graylog_password']
action = module.params['action']
configuration_id = module.params['configuration_id']
configuration_name = module.params['configuration_name']
snippet_name = module.params['snippet_name']
configuration_url = "https://%s/api/plugins/org.graylog.plugins.collector/configurations" % (
endpoint)
api_token = get_token(module, endpoint, graylog_user, graylog_password)
headers = '{ "Content-Type": "application/json", "X-Requested-By": "Graylog API", "Accept": "application/json", \
"Authorization": "Basic ' + api_token.decode() + '" }'
if action == "list_configurations":
query = "no"
status, message, content, url = list_configurations(
module, configuration_url, headers, configuration_id, query)
elif action == "update_snippet":
configuration_id = query_collector_configurations(
module, configuration_url, headers, configuration_name)
snippet_id = query_snippets(module, configuration_url, headers,
configuration_id, snippet_name)
status, message, content, url = update_snippet(module,
configuration_url,
headers,
configuration_id,
snippet_id)
elif action == "query_collector_configurations":
configuration_id = query_collector_configurations(
module, configuration_url, headers, configuration_name)
query = "yes"
status, message, content, url = list_configurations(
module, configuration_url, headers, configuration_id, query)
uresp = {}
content = to_text(content, encoding='UTF-8')
try:
js = json.loads(content)
except ValueError:
js = ""
uresp['json'] = js
uresp['status'] = status
uresp['msg'] = message
uresp['url'] = url
module.exit_json(**uresp)
def main():
module = AnsibleModule(argument_spec=dict(
endpoint=dict(type='str'),
graylog_user=dict(type='str'),
graylog_password=dict(type='str', no_log=True),
allow_http=dict(type='bool', required=False, default=False),
validate_certs=dict(type='bool', required=False, default=True),
action=dict(
type='str',
required=False,
default='list',
choices=[
'create', 'create_rule', 'start', 'pause', 'update',
'update_rule', 'delete', 'delete_rule', 'list', 'query_streams'
]),
stream_id=dict(type='str'),
stream_name=dict(type='str'),
rule_id=dict(type='str'),
title=dict(type='str'),
field=dict(type='str'),
type=dict(type='int', default=1),
value=dict(type='str'),
index_set_id=dict(type='str'),
inverted=dict(type='bool', default=False),
description=dict(type='str'),
remove_matches_from_default_stream=dict(type='bool', default=False),
matching_type=dict(type='str'),
rules=dict(type='list')))
endpoint = module.params['endpoint']
graylog_user = module.params['graylog_user']
graylog_password = module.params['graylog_password']
action = module.params['action']
stream_id = module.params['stream_id']
stream_name = module.params['stream_name']
rule_id = module.params['rule_id']
title = module.params['title']
field = module.params['field']
type = module.params['type']
value = module.params['value']
index_set_id = module.params['index_set_id']
inverted = module.params['inverted']
description = module.params['description']
remove_matches_from_default_stream = module.params[
'remove_matches_from_default_stream']
matching_type = module.params['matching_type']
rules = module.params['rules']
allow_http = module.params['allow_http']
if allow_http == True:
endpoint = "http://" + endpoint
else:
endpoint = "https://" + endpoint
base_url = endpoint + "/api/streams"
api_token = get_token(module, endpoint, graylog_user, graylog_password)
headers = '{ "Content-Type": "application/json", "X-Requested-By": "Graylog API", "Accept": "application/json", \
"Authorization": "Basic ' + api_token.decode() + '" }'
if action == "create":
if index_set_id is None:
index_set_id = default_index_set(module, endpoint, base_url,
headers)
status, message, content, url = create(module, base_url, headers,
index_set_id)
elif action == "create_rule":
status, message, content, url = create_rule(module, base_url, headers)
elif action == "update":
status, message, content, url = update(
module, base_url, headers, stream_id, title, description,
remove_matches_from_default_stream, matching_type, rules,
index_set_id)
elif action == "update_rule":
status, message, content, url = update_rule(module, base_url, headers,
stream_id, rule_id, field,
type, value, inverted,
description)
elif action == "delete":
status, message, content, url = delete(module, base_url, headers,
stream_id)
elif action == "delete_rule":
status, message, content, url = delete_rule(module, base_url, headers,
stream_id, rule_id)
elif action == "start":
status, message, content, url = start(module, base_url, headers,
stream_id)
elif action == "pause":
status, message, content, url = pause(module, base_url, headers,
stream_id)
elif action == "list":
status, message, content, url = list(module, base_url, headers,
stream_id)
elif action == "query_streams":
stream_id = query_streams(module, base_url, headers, stream_name)
status, message, content, url = list(module, base_url, headers,
stream_id)
uresp = {}
content = to_text(content, encoding='UTF-8')
try:
js = json.loads(content)
except ValueError:
js = ""
uresp['json'] = js
uresp['status'] = status
uresp['msg'] = message
uresp['url'] = url
module.exit_json(**uresp)
def update(module, base_url, headers, stream_id, title, description,
remove_matches_from_default_stream, matching_type, rules,
index_set_id):
url = "/".join([base_url, stream_id])
payload = {}
response, info = fetch_url(module=module,
url=url,
headers=json.loads(headers),
method='GET')
if info['status'] != 200:
module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) +
", Message: " + str(info['body'])))
try:
content = to_text(response.read(), errors='surrogate_or_strict')
payload_current = json.loads(content)
except AttributeError:
content = info.pop('body', '')
if title is not None:
payload['title'] = title
else:
payload['title'] = payload_current['title']
if description is not None:
payload['description'] = description
else:
payload['description'] = payload_current['description']
if remove_matches_from_default_stream is not None:
payload[
'remove_matches_from_default_stream'] = remove_matches_from_default_stream
else:
payload['remove_matches_from_default_stream'] = payload_current[
'remove_matches_from_default_stream']
if matching_type is not None:
payload['matching_type'] = matching_type
else:
payload['matching_type'] = payload_current['matching_type']
if rules is not None:
payload['rules'] = rules
else:
payload['rules'] = payload_current['rules']
if index_set_id is not None:
payload['index_set_id'] = index_set_id
else:
payload['index_set_id'] = payload_current['index_set_id']
response, info = fetch_url(module=module,
url=url,
headers=json.loads(headers),
method='PUT',
data=module.jsonify(payload))
if info['status'] != 200:
module.fail_json(msg="Fail: %s" % ("Status: " + str(info['msg']) +
", Message: " + str(info['body'])))
try:
content = to_text(response.read(), errors='surrogate_or_strict')
except AttributeError:
content = info.pop('body', '')
return info['status'], info['msg'], content, url
def main():
module = AnsibleModule(argument_spec=dict(
endpoint=dict(type='str'),
graylog_user=dict(type='str'),
graylog_password=dict(type='str', no_log=True),
allow_http=dict(type='bool', required=False, default=False),
validate_certs=dict(type='bool', required=False, default=True),
action=dict(
type='str',
required=False,
default='list',
choices=['create', 'update', 'delete', 'list', 'query_index_sets'
]),
title=dict(type='str'),
description=dict(type='str'),
creation_date=dict(type='str', required=False),
id=dict(type='str'),
index_prefix=dict(type='str'),
index_analyzer=dict(type='str', default="standard"),
shards=dict(type='int', default=4),
replicas=dict(type='int', default=1),
field_type_refresh_interval=dict(type='int', default=5000),
rotation_strategy_class=dict(
type='str',
default=
'org.graylog2.indexer.rotation.strategies.TimeBasedRotationStrategy'
),
retention_strategy_class=dict(
type='str',
default=
'org.graylog2.indexer.retention.strategies.DeletionRetentionStrategy'
),
rotation_strategy=dict(
type='dict',
default=dict(
type=
'org.graylog2.indexer.rotation.strategies.TimeBasedRotationStrategyConfig',
rotation_period='P1D')),
retention_strategy=dict(
type='dict',
default=dict(
type=
'org.graylog2.indexer.retention.strategies.DeletionRetentionStrategyConfig',
max_number_of_indices=14)),
index_optimization_max_num_segments=dict(type='int', default=1),
index_optimization_disabled=dict(type='bool', default=False),
writable=dict(type='bool', default=True),
default=dict(type='bool', default=False)))
endpoint = module.params['endpoint']
graylog_user = module.params['graylog_user']
graylog_password = module.params['graylog_password']
action = module.params['action']
allow_http = module.params['allow_http']
title = module.params['title']
id = module.params['id']
creation_date = module.params['creation_date'] or datetime.datetime.utcnow(
).isoformat() + 'Z'
if allow_http == True:
endpoint = "http://" + endpoint
else:
endpoint = "https://" + endpoint
base_url = endpoint + "/api/system/indices/index_sets"
api_token = get_token(module, endpoint, graylog_user, graylog_password)
headers = '{ "Content-Type": "application/json", "X-Requested-By": "Graylog API", "Accept": "application/json", \
"Authorization": "Basic ' + api_token.decode() + '" }'
if action == "create":
status, message, content, url = create(module, base_url, headers,
creation_date)
elif action == "update":
status, message, content, url = update(module, base_url, headers)
elif action == "delete":
status, message, content, url = delete(module, base_url, headers, id)
elif action == "list":
status, message, content, url = list(module, base_url, headers, id)
elif action == "query_index_sets":
id = query_index_sets(module, base_url, headers, title)
status, message, content, url = list(module, base_url, headers, id)
uresp = {}
content = to_text(content, encoding='UTF-8')
try:
js = json.loads(content)
except ValueError:
js = ""
uresp['json'] = js
uresp['status'] = status
uresp['msg'] = message
uresp['url'] = url
module.exit_json(**uresp)
def main():
module = AnsibleModule(argument_spec=dict(
endpoint=dict(type='str'),
graylog_user=dict(type='str'),
graylog_password=dict(type='str', no_log=True),
action=dict(type='str',
required=False,
default='get',
choices=['get', 'update', 'delete', 'test']),
allow_http=dict(type='bool', required=False, default=False),
validate_certs=dict(type='bool', required=False, default=True),
enabled=dict(type='bool', required=False, default=False),
active_directory=dict(type='bool', required=False, default=False),
ldap_uri=dict(type='str', required=False),
use_start_tls=dict(type='bool', required=False, default=False),
trust_all_certificates=dict(type='bool', required=False,
default=False),
system_password_set=dict(type='bool', required=False, default=False),
system_username=dict(type='str', required=False),
system_password=dict(type='str', required=False, no_log=True),
search_base=dict(type='str', required=False),
search_pattern=dict(type='str', required=False),
display_name_attribute=dict(type='str', required=False),
group_search_base=dict(type='str', required=False),
group_search_pattern=dict(type='str', required=False),
group_id_attribute=dict(type='str', required=False),
default_group=dict(type='str', required=False, default='Reader'),
group_mapping=dict(type='list', required=False)))
endpoint = module.params['endpoint']
graylog_user = module.params['graylog_user']
graylog_password = module.params['graylog_password']
action = module.params['action']
allow_http = module.params['allow_http']
if allow_http == True:
endpoint = "http://" + endpoint
else:
endpoint = "https://" + endpoint
base_url = endpoint + "/api/system/ldap"
api_token = get_token(module, endpoint, graylog_user, graylog_password,
allow_http)
headers = '{ "Content-Type": "application/json", "X-Requested-By": "Graylog API", "Accept": "application/json", \
"Authorization": "Basic ' + api_token.decode() + '" }'
if action == "get":
status, message, content, url = get(module, base_url, headers)
elif action == "update":
status, message, content, url = update(module, base_url, headers)
elif action == "delete":
status, message, content, url = delete(module, base_url, headers)
elif action == "test":
status, message, content, url = test(module, base_url, headers)
uresp = {}
content = to_text(content, encoding='UTF-8')
try:
js = json.loads(content)
except ValueError:
js = ""
uresp['json'] = js
uresp['status'] = status
uresp['msg'] = message
uresp['url'] = url
module.exit_json(**uresp)
