CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-05 10:58:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

pillarize logstash config,parsers,templates and docker port bindings

Browse Source
This commit is contained in:
m0duspwnens
2020-02-25 17:44:32 -05:00
parent e2ccebd2fa
commit 0c4973ad77
130 changed files with 191 additions and 1081 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/logstash/files/dynamic/9031_output_iis.conf
-26
View File
@@ -1,26 +0,0 @@
{%- if grains['role'] == 'so-eval' -%}
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
{%- else %}
{%- set ES = salt['pillar.get']('node:mainip', '') -%}
{%- endif %}
# Author: Justin Henderson
# SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
# Email: justin@hasecuritysolution.com
# Last Update: 12/9/2016
filter {
if [event_type] == "iis" and "test_data" not in [tags] {
mutate {
##add_tag => [ "conf_file_9031"]
}
}
}
output {
if [event_type] == "iis" and "test_data" not in [tags] {
#stdout { codec => rubydebug }
elasticsearch {
hosts => "{{ ES }}"
template => "/logstash-template.json"
}
}
}