Azure-Sentinel/DataConnectors/Logstash-VMSS/cloudinit-ub.txt

#cloud-config
package_upgrade: true
packages:
  - default-jre
runcmd:
  - while ( ! (find /var/log/azure/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux/extension.log | xargs grep \"Enable,success,0,Enable succeeded\")); do sleep 5; done
  - wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
  - sudo apt-get update
  - sudo apt-get install -y apt-transport-https
  - echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
  - sudo apt-get update
  - sudo apt-get install -y default-jre
  - sudo echo \"root         soft    nofile         65536\" >> /etc/security/limits.conf
  - sudo echo \"root         hard    nofile         65536\" >> /etc/security/limits.conf
  - sudo echo \"*         soft    nofile         65536\" >> /etc/security/limits.conf
  - sudo echo \"*         hard    nofile         65536\" >> /etc/security/limits.conf
  - sudo apt-get install -y logstash
  - sudo /usr/share/logstash/bin/logstash-plugin install logstash-output-syslog
  - sudo /usr/share/logstash/bin/logstash-plugin update
  - wget -q https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Logstash-VMSS/logstash.conf -O /etc/logstash/conf.d/logstash.conf
  - echo "update this line with wget -q https://sourceURL -O /etc/logstash/pipelines.yml if you have a custom pipelines file"
  - sudo systemctl start logstash.service
  - sudo systemctl enable logstash.service
  - sudo wget https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py