CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Logstash Module - Change it to arrays

Browse Source
This commit is contained in:
Mike Reeves
2018-10-16 16:46:04 -04:00
parent 57039d83c8
commit 2f517a6c8d
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
salt/logstash/files/dynamic/0006_input_beats.conf
View File

@@ -11,18 +11,21 @@ input {
filter { filter {
if "ids" in [tags] { if "ids" in [tags] {
mutate { mutate {
add_field => {"sensor_name" => "%{beat.name}"} add_field => {"sensor_name" => "%{[beat][name]}"}
add_field => {"syslog-host_from" => "%{beat.hostname}"} add_field => {"syslog-host_from" => "%{[beat][hostname]}"}
remove_tag => ["beat"] remove_tag => ["beat"]
rename => { "host" => "beat_host" } rename => { "host" => "beat_host" }
remove_field => ["beat.name", "beat.hostname"] remove_field => ["[beat][name]", "[beat][hostname]"]
} }
} }
if "bro" in [tags] { if "bro" in [tags] {
mutate { mutate {
add_field => {"sensor_name" => "%{[beat][name]}"}
add_field => {"syslog-host_from" => "%{[beat][hostname]}"}
remove_tag => ["beat"] remove_tag => ["beat"]
rename => { "host" => "beat_host" } rename => { "host" => "beat_host" }
remove_field => ["[beat][name]", "[beat][hostname]"]
} }
} }
} }