CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Logstash Module - Saltify some inputs

Browse Source
This commit is contained in:
Mike Reeves
2018-05-18 13:44:23 -04:00
parent 5508d24dc6
commit 2cec72b970
3 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/logstash/conf/conf.enabled.txt.parser
View File

@@ -7,6 +7,7 @@
# /usr/share/logstash/pipeline.custom/1234_input_custom.conf # /usr/share/logstash/pipeline.custom/1234_input_custom.conf
## ##
# All of the defaults are loaded. # All of the defaults are loaded.
/usr/share/logstash/pipeline.dynamic/0900_input_redis.conf
/usr/share/logstash/pipeline.so/1000_preprocess_log_elapsed.conf /usr/share/logstash/pipeline.so/1000_preprocess_log_elapsed.conf
/usr/share/logstash/pipeline.so/1001_preprocess_syslogng.conf /usr/share/logstash/pipeline.so/1001_preprocess_syslogng.conf
/usr/share/logstash/pipeline.so/1002_preprocess_json.conf /usr/share/logstash/pipeline.so/1002_preprocess_json.conf

7
salt/logstash/files/dynamic/9999_output_redis.conf
View File

@@ -1,8 +1,13 @@
{%- set nodetype = salt['pillar_get']('node:node_type', 'storage') %}
output { output {
redis { redis {
host => 'so-redis' host => 'so-redis'
data_type => 'list' data_type => 'list'
key => 'logstash:redis' {%- if nodetype == 'parser' %}
key => 'logstash:parsed'
{%- else %}
key => 'logstash:unparsed'
{%- endif %)
congestion_interval => 1 congestion_interval => 1
congestion_threshold => 50000000 congestion_threshold => 50000000
# batch_events => 500 # batch_events => 500

2
salt/top.sls
View File

@@ -23,7 +23,7 @@ base:
- logstash - logstash
'G@role:so-node': 'G@role:so-node':
{% if nodetype == 'parsing' %} {%- if nodetype == 'parsing' %}
- common - common
- logstash - logstash
{% elsif nodetype == 'hot' %} {% elsif nodetype == 'hot' %}