diff --git a/roles/test-beat/tasks/auditbeat/assert.yml b/roles/test-beat/tasks/auditbeat/assert.yml deleted file mode 100644 index 3a5a293..0000000 --- a/roles/test-beat/tasks/auditbeat/assert.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- - -- name: Assert Auditbeat audits execve - shell: 'grep execve {{ beat_output_file }} | tail -1' - register: execve_json - when: ansible_system == "Linux" - -- set_fact: execve_event="{{ execve_json.stdout | from_json }}" - when: ansible_system == "Linux" - -- debug: - var: execve_event - when: ansible_system == "Linux" - -- assert: - that: - - "'@timestamp' in execve_event" - - "'@metadata' in execve_event" - - "'auditd' in execve_event" - - "'process' in execve_event" - - "'user' in execve_event" - - "'event' in execve_event" - - "'tags' in execve_event" - - "'file' in execve_event" - when: ansible_system == "Linux" - -- name: Assert Auditbeat file_integrity event - shell: 'grep file_integrity {{ beat_output_file }} | grep "auditbeat_hello.txt" | head -1' - register: file_integrity_json_unix - when: ansible_system != "Win32NT" - -- set_fact: file_integrity_event="{{ file_integrity_json_unix.stdout | from_json }}" - when: ansible_system != "Win32NT" - -- name: Assert Auditbeat file_integrity event (win) - win_shell: 'cat -Encoding UTF8 {{ beat_output_file }} | - select-string -Encoding UTF8 "auditbeat_hello.txt" | - Select -Expandproperty Line | select -First 1' - register: file_integrity_json_win - when: ansible_system == "Win32NT" - -- set_fact: file_integrity_event="{{ file_integrity_json_win.stdout | from_json }}" - when: ansible_system == "Win32NT" - -- debug: - var: file_integrity_event - -- assert: - that: - - "'@timestamp' in file_integrity_event" - - "'@metadata' in file_integrity_event" - - "'file' in file_integrity_event" diff --git a/roles/test-beat/tasks/common/assert.yml b/roles/test-beat/tasks/common/assert.yml index ea11712..1e3634c 100644 --- a/roles/test-beat/tasks/common/assert.yml +++ b/roles/test-beat/tasks/common/assert.yml @@ -1,20 +1,5 @@ --- -- name: 'Stat {{ beat_name }} output file' - stat: - path: '{{ beat_output_file }}' - register: output_stat - -- name: '{{ beat_name }} output file stats' - debug: - var: output_stat - -- name: "Assert that {{ beat_name }} output file exists" - assert: - that: - - "output_stat.stat.exists" - - "output_stat.stat.size > 0" - - name: 'Stat {{ beat_name }} log file' stat: path: '{{ beat_log_file }}' diff --git a/roles/test-beat/tasks/darwin/main.yml b/roles/test-beat/tasks/darwin/main.yml index 2890939..da59420 100644 --- a/roles/test-beat/tasks/darwin/main.yml +++ b/roles/test-beat/tasks/darwin/main.yml @@ -46,12 +46,6 @@ loop_control: loop_var: post_run_item -- name: 'Wait for {{ beat_service_name }} to produce output.json' - wait_for: - path: '{{ beat_output_file }}' - search_regex: '"version"' - timeout: 20 - - name: 'Fetch metrics from {{ beat_name }} over HTTP' get_url: url: http://localhost:5066/stats diff --git a/roles/test-beat/tasks/linux/main.yml b/roles/test-beat/tasks/linux/main.yml index b7711ea..34024fa 100644 --- a/roles/test-beat/tasks/linux/main.yml +++ b/roles/test-beat/tasks/linux/main.yml @@ -51,12 +51,6 @@ loop_control: loop_var: post_run_item -- name: 'Wait for {{ beat_name }} to produce output.json' - wait_for: - path: '{{ beat_output_file }}' - search_regex: '"version"' - timeout: 20 - - name: 'Fetch metrics from {{ beat_name }} over HTTP' get_url: url: http://localhost:5066/stats diff --git a/roles/test-beat/tasks/main.yml b/roles/test-beat/tasks/main.yml index c0b1e0a..26e60ee 100644 --- a/roles/test-beat/tasks/main.yml +++ b/roles/test-beat/tasks/main.yml @@ -22,10 +22,9 @@ - 'vars/{{ ansible_system | lower }}.yml' - default.yml -- name: Set config/output/log file vars +- name: Set config/log file vars set_fact: beat_config_file: '{{ beat_config_path}}/{{ beat_name }}.yml' - beat_output_file: '{{ beat_logs_path }}/output.json' beat_log_file: '{{ beat_logs_path }}/{{ beat_name }}.json' beat_registry_file: '{{ beat_data_path }}/{{ registry_file }}' beat_metrics_file: '{{ beat_logs_path }}/metrics.json' @@ -48,12 +47,6 @@ loop_var: system_item always: - - name: Save output to host - fetch: - src: '{{ beat_output_file }}' - dest: 'logs/{{ beat_name }}{{ beat_pkg_suffix }}-{{ win_arch | default(ansible_architecture) }}-{{ inventory_hostname }}/output.json' - flat: yes - - name: Save log to host fetch: src: '{{ beat_log_file }}' @@ -89,11 +82,3 @@ loop_control: loop_var: assert_item -- name: Run {{ beat_name }} assertions on outputs - include: '{{ beat_assert_item }}' - with_first_found: - - files: - - '{{ beat_name }}/assert.yml' - - default.yml - loop_control: - loop_var: beat_assert_item diff --git a/roles/test-beat/tasks/packetbeat/assert.yml b/roles/test-beat/tasks/packetbeat/assert.yml deleted file mode 100644 index 42c227c..0000000 --- a/roles/test-beat/tasks/packetbeat/assert.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- - -- name: Assert Packetbeat http event - shell: 'grep "GET /favicon.ico" {{ beat_output_file }} | tail -1' - register: http_json - when: ansible_system != "Win32NT" - -- set_fact: http_event="{{ http_json.stdout | from_json }}" - when: ansible_system != "Win32NT" - -- name: Assert Packetbeat http event (win) - win_shell: 'cat -Encoding UTF8 {{ beat_output_file }} | - select-string -Encoding UTF8 "GET /favicon.ico" | - Select -Expandproperty Line | select -First 1' - register: http_json_win - when: ansible_system == "Win32NT" - -- set_fact: http_event="{{ http_json_win.stdout | from_json }}" - when: ansible_system == "Win32NT" - -- debug: - var: http_event -- assert: - that: - - "'@timestamp' in http_event" - - "'@metadata' in http_event" - - "'http' in http_event" diff --git a/roles/test-beat/tasks/win32nt/assert.yml b/roles/test-beat/tasks/win32nt/assert.yml deleted file mode 100644 index 0f18d00..0000000 --- a/roles/test-beat/tasks/win32nt/assert.yml +++ /dev/null @@ -1,82 +0,0 @@ ---- - -- name: 'Stat {{ beat_name }} output file (win)' - win_stat: - path: '{{ beat_output_file }}' - register: output_stat - -- name: '{{ beat_name }} output file stats' - debug: - var: output_stat - -- name: "Assert that {{ beat_name }} output file exists" - assert: - that: - - "output_stat.stat.exists" - - "output_stat.stat.size > 0" - -- name: 'Stat {{ beat_name }} log file (win)' - win_stat: - path: '{{ beat_log_file }}' - register: log_stat - -- name: '{{ beat_name }} log file stats' - debug: - var: log_stat - -- name: 'Assert that {{ beat_name }} log file exists' - assert: - that: - - "log_stat.stat.exists" - - "log_stat.stat.size > 0" - -- name: 'Stat {{ beat_name }} registry file (win)' - win_stat: - path: '{{ beat_registry_file }}' - register: registry_stat - when: registry_file != '' - -- name: '{{ beat_name }} registry file stats' - debug: - var: registry_stat - when: registry_file != '' - -- name: 'Check {{ beat_name }} registry file' - assert: - that: - - "registry_stat.stat.exists" - - "registry_stat.stat.size > 0" - when: registry_file != '' - -- name: 'Get {{ beat_name }} metrics (win)' - win_shell: 'cat -Encoding UTF8 {{ beat_metrics_file }} | select -First 1' - register: log_metrics_win - -- set_fact: log_metrics_event='{{ log_metrics_win.stdout | from_json }}' - -- name: '{{ beat_name }} monitoring metrics (win)' - debug: - var: log_metrics_event - -- name: 'Check {{ beat_name }} has monitoring metrics (win)' - assert: - that: - - "log_metrics_event.beat.cpu.system.ticks >= 0" - - "log_metrics_event.beat.cpu.system.time.ms >= 0" - - "log_metrics_event.beat.cpu.total.ticks >= 0" - - "log_metrics_event.beat.cpu.total.time.ms >= 0" - - "log_metrics_event.beat.cpu.user.ticks >= 0" - - "log_metrics_event.beat.cpu.user.time.ms >= 0" - - "log_metrics_event.beat.info.ephemeral_id" - - "log_metrics_event.beat.info.uptime.ms" - - "log_metrics_event.system.cpu.cores" - - "'load' not in 'log_metrics_event.system.cpu'" - # These metric names were established in 6.3. - when: "version is version_compare('6.3', '>=')" - -- name: 'Check {{ beat_name }} reports the number of open handles (win)' - assert: - that: - - "log_metrics_event.beat.handles.open >= 0" - # These metric names were established in 6.5. - when: "version is version_compare('6.5', '>=')" diff --git a/roles/test-beat/tasks/winlogbeat/assert.yml b/roles/test-beat/tasks/winlogbeat/assert.yml deleted file mode 100644 index bc1a9da..0000000 --- a/roles/test-beat/tasks/winlogbeat/assert.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- - -- name: Assert Winlogbeat output event - win_shell: 'cat -Encoding UTF8 {{ beat_output_file }} | select -First 1' - register: wlb_json - -- set_fact: - wlb_event: '{{ wlb_json.stdout | from_json }}' - -- debug: - var: wlb_event - -- name: Assert Winlogbeat event contents (<7.0) - assert: - that: - - "'@timestamp' in wlb_event" - - "'log_name' in wlb_event" - - "'source_name' in wlb_event" - - "'computer_name' in wlb_event" - - "'type' in wlb_event" - - "'record_number' in wlb_event" - - "'event_id' in wlb_event" - - "'level' in wlb_event" - when: "version is version_compare('7.0', '<')" - -- name: Assert Winlogbeat event contents (>=7.0) - assert: - that: - - "'@timestamp' in wlb_event" - - "'channel' in wlb_event['winlog']" - - "'provider_name' in wlb_event['winlog']" - - "'computer_name' in wlb_event['winlog']" - - "'api' in wlb_event['winlog']" - - "'record_id' in wlb_event['winlog']" - - "'event_id' in wlb_event['winlog']" - - "'level' in wlb_event['log']" - when: "version is version_compare('7.0', '>=')" - -- name: Assert Winlogbeat registry contents - win_shell: 'cat -Encoding UTF8 {{ beat_registry_file }}' - register: wlb_registry_output - -- set_fact: - wlb_registry: '{{ wlb_registry_output.stdout | from_yaml }}' - -- debug: - var: wlb_registry - -- assert: - that: - - "'update_time' in wlb_registry" - - "'event_logs' in wlb_registry"