linux-systema Morio Client Module
linux-systema Morio Client Module
This module bundles configuration for the following agents:audit,logs,metrics
audit(template for Auditbeat)/modules/audit/module-templates.d/linux-system.yml
audit(template for Auditbeat)
Auditd rules for Linux
Client Variables
AUDIT_LINUX_SYSTEM_RULE_FILES:["/etc/morio/audit/rules.d/linux-system-morio.rules","/etc/morio/audit/rules.d/linux-system-mitre.rules"]
["/etc/morio/audit/rules.d/linux-system-morio.rules","/etc/morio/audit/rules.d/linux-system-mitre.rules"]
A list of files with auditd rules to load
logs(template for Filebeat)/modules/logs/input-templates.d/linux-system.yml
logs(template for Filebeat)
Collects log data from journald on Linux systems
metrics(template for Metricbeat)/modules/metrics/module-templates.d/linux-system.yml
metrics(template for Metricbeat)
Collects metrics from Linux systems
Client Variables
METRICS_LINUX_SYSTEM_INTERVAL_FILESYSTEM:10m
The interval to use for collecting filesystem data
METRICS_LINUX_SYSTEM_METRICSETS_ALWAYS:["cpu","diskio","load","memory","network","service"]
["cpu","diskio","load","memory","network","service"]
The metricsets to collect on every tick
METRICS_LINUX_SYSTEM_MOUNTPOINTS_IGNORE_REGEX:^/(snap|sys|cgroup|proc|dev|host|lib)($|/)
A regular expression of mountpoints for which to drop filesystem events