CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Logstash logic fix

Browse Source
This commit is contained in:
Mike Reeves
2020-08-10 20:53:56 -04:00
parent 788864310c
commit 28806513d9
12 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/logstash/init.sls
View File

@@ -17,7 +17,7 @@
{% set MANAGER = salt['grains.get']('master') %} {% set MANAGER = salt['grains.get']('master') %}
{% set FEATURES = salt['pillar.get']('elastic:features', False) %} {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
{% if FEATURES %} {%- if FEATURES is sameas true %}
{% set FEATURES = "-features" %} {% set FEATURES = "-features" %}
{% else %} {% else %}
{% set FEATURES = '' %} {% set FEATURES = '' %}

2
salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja
View File

@@ -8,7 +8,7 @@ output {
if [module] =~ "zeek" and "import" not in [tags] { if [module] =~ "zeek" and "import" not in [tags] {
elasticsearch { elasticsearch {
pipeline => "%{module}.%{dataset}" pipeline => "%{module}.%{dataset}"
{%- if FEATURES %} {%- if FEATURES is sameas true %}
hosts => "https://{{ ES }}" hosts => "https://{{ ES }}"
cacert => '/ca/ca.crt' cacert => '/ca/ca.crt'
{%- else %} {%- else %}

2
salt/logstash/pipelines/config/so/9002_output_import.conf.jinja
View File

@@ -8,7 +8,7 @@ output {
if "import" in [tags] { if "import" in [tags] {
elasticsearch { elasticsearch {
pipeline => "%{module}.%{dataset}" pipeline => "%{module}.%{dataset}"
{%- if FEATURES %} {%- if FEATURES is sameas true %}
hosts => "https://{{ ES }}" hosts => "https://{{ ES }}"
cacert => '/ca/ca.crt' cacert => '/ca/ca.crt'
{%- else %} {%- else %}

2
salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja
View File

@@ -7,7 +7,7 @@
output { output {
if [event_type] == "sflow" { if [event_type] == "sflow" {
elasticsearch { elasticsearch {
{%- if FEATURES %} {%- if FEATURES is sameas true %}
hosts => "https://{{ ES }}" hosts => "https://{{ ES }}"
cacert => '/ca/ca.crt' cacert => '/ca/ca.crt'
{%- else %} {%- else %}

2
salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja
View File

@@ -7,7 +7,7 @@
output { output {
if [event_type] == "ids" and "import" not in [tags] { if [event_type] == "ids" and "import" not in [tags] {
elasticsearch { elasticsearch {
{%- if FEATURES %} {%- if FEATURES is sameas true %}
hosts => "https://{{ ES }}" hosts => "https://{{ ES }}"
cacert => '/ca/ca.crt' cacert => '/ca/ca.crt'
{%- else %} {%- else %}

2
salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja
View File

@@ -8,7 +8,7 @@ output {
if [module] =~ "syslog" { if [module] =~ "syslog" {
elasticsearch { elasticsearch {
pipeline => "%{module}" pipeline => "%{module}"
{%- if FEATURES %} {%- if FEATURES is sameas true %}
hosts => "https://{{ ES }}" hosts => "https://{{ ES }}"
cacert => '/ca/ca.crt' cacert => '/ca/ca.crt'
{%- else %} {%- else %}

2
salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja
View File

@@ -8,7 +8,7 @@ output {
if [module] =~ "osquery" { if [module] =~ "osquery" {
elasticsearch { elasticsearch {
pipeline => "%{module}.%{dataset}" pipeline => "%{module}.%{dataset}"
{%- if FEATURES %} {%- if FEATURES is sameas true %}
hosts => "https://{{ ES }}" hosts => "https://{{ ES }}"
cacert => '/ca/ca.crt' cacert => '/ca/ca.crt'
{%- else %} {%- else %}

2
salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja
View File

@@ -7,7 +7,7 @@
output { output {
if "firewall" in [tags] { if "firewall" in [tags] {
elasticsearch { elasticsearch {
{%- if FEATURES %} {%- if FEATURES is sameas true %}
hosts => "https://{{ ES }}" hosts => "https://{{ ES }}"
cacert => '/ca/ca.crt' cacert => '/ca/ca.crt'
{%- else %} {%- else %}

2
salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja
View File

@@ -8,7 +8,7 @@ output {
if [module] =~ "suricata" and "import" not in [tags] { if [module] =~ "suricata" and "import" not in [tags] {
elasticsearch { elasticsearch {
pipeline => "%{module}.%{dataset}" pipeline => "%{module}.%{dataset}"
{%- if FEATURES %} {%- if FEATURES is sameas true %}
hosts => "https://{{ ES }}" hosts => "https://{{ ES }}"
cacert => '/ca/ca.crt' cacert => '/ca/ca.crt'
{%- else %} {%- else %}

2
salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja
View File

@@ -8,7 +8,7 @@ output {
if "beat-ext" in [tags] and "import" not in [tags] { if "beat-ext" in [tags] and "import" not in [tags] {
elasticsearch { elasticsearch {
pipeline => "beats.common" pipeline => "beats.common"
{%- if FEATURES %} {%- if FEATURES is sameas true %}
hosts => "https://{{ ES }}" hosts => "https://{{ ES }}"
cacert => '/ca/ca.crt' cacert => '/ca/ca.crt'
{%- else %} {%- else %}

2
salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja
View File

@@ -8,7 +8,7 @@ output {
if [module] =~ "ossec" { if [module] =~ "ossec" {
elasticsearch { elasticsearch {
pipeline => "%{module}.%{dataset}" pipeline => "%{module}.%{dataset}"
{%- if FEATURES %} {%- if FEATURES is sameas true %}
hosts => "https://{{ ES }}" hosts => "https://{{ ES }}"
cacert => '/ca/ca.crt' cacert => '/ca/ca.crt'
{%- else %} {%- else %}

2
salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja
View File

@@ -8,7 +8,7 @@ output {
if [module] =~ "strelka" { if [module] =~ "strelka" {
elasticsearch { elasticsearch {
pipeline => "%{module}.%{dataset}" pipeline => "%{module}.%{dataset}"
{%- if FEATURES %} {%- if FEATURES is sameas true %}
hosts => "https://{{ ES }}" hosts => "https://{{ ES }}"
cacert => '/ca/ca.crt' cacert => '/ca/ca.crt'
{%- else %} {%- else %}