Merge pull request #487 from Security-Onion-Solutions/fix/elastic_fixes

Fix/elastic fixes
2025-12-16 22:12:48 +01:00 · 2020-04-01 11:32:22 -04:00
parent 572c1b5582 f13093dc51
commit 3001abc3ea
2 changed files with 2 additions and 0 deletions
--- a/salt/elasticsearch/files/ingest/zeek.weird
+++ b/salt/elasticsearch/files/ingest/zeek.weird
@@ -2,6 +2,7 @@
  "description" : "zeek.weird",
  "processors" : [
    { "remove":         { "field": ["host"],     "ignore_failure": true                                                                  } },
+    { "json":		{ "field": "message",			"target_field": "message2",		"ignore_failure": true	} },
    { "rename": 	{ "field": "message2.name", 		"target_field": "weird.name",			"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.addl", 		"target_field": "weird.additional_info",	"ignore_missing": true 	} },
    { "rename": 	{ "field": "message2.notice", 		"target_field": "weird.notice",		"ignore_missing": true 	} },
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -56,6 +56,7 @@ so-filebeat:
      - /opt/so/log/filebeat:/usr/share/filebeat/logs:rw
      - /opt/so/conf/filebeat/etc/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
      - /nsm/zeek:/nsm/zeek:ro
+      - /nsm/strelka/log:/nsm/strelka/log:ro
      - /opt/so/log/suricata:/suricata:ro
      - /opt/so/wazuh/logs/alerts:/wazuh/alerts:ro
      - /opt/so/wazuh/logs/archives:/wazuh/archives:ro