From 2a77c6a6e6bf78f2492adeedbade7a507d9974b2 Mon Sep 17 00:00:00 2001
From: Jose M <jm.garcia@wazuh.com>
Date: Mon, 12 Aug 2019 17:20:56 +0200
Subject: [PATCH] Implement wazuh Filebeat Module

---
 wazuh/config/01-config_filebeat.sh | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/wazuh/config/01-config_filebeat.sh b/wazuh/config/01-config_filebeat.sh
index 61cd1c2a..8bb7146b 100644
--- a/wazuh/config/01-config_filebeat.sh
+++ b/wazuh/config/01-config_filebeat.sh
@@ -3,8 +3,17 @@
 
 set -e
 
+WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.1.tar.gz
+
 # Modify the output to Elasticsearch if th ELASTICSEARCH_URL is set
 if [ "$ELASTICSEARCH_URL" != "" ]; then
   >&2 echo "Customize Elasticsearch ouput IP."
   sed -i 's|http://elasticsearch:9200|'$ELASTICSEARCH_URL'|g' /etc/filebeat/filebeat.yml
-fi
\ No newline at end of file
+fi
+
+# Install Wazuh Filebeat Module
+
+curl -s "https://packages-dev.wazuh.com/3.x/filebeat/${WAZUH_FILEBEAT_MODULE}" | tar -xvz -C /usr/share/filebeat/module
+mkdir -p /usr/share/filebeat/module/wazuh
+chmod 755 -R /usr/share/filebeat/module/wazuh
+