CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-17 06:22:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Logstash Module - Change it to arrays

Browse Source
This commit is contained in:
Mike Reeves
2018-10-16 17:25:21 -04:00
parent 2f517a6c8d
commit 335ac02720
2 changed files with 4 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/filebeat/etc/filebeat.yml
View File

@@ -2,7 +2,6 @@
{%- set HOSTNAME = salt['grains.get']('host', '') %} {%- set HOSTNAME = salt['grains.get']('host', '') %}
beat.name: {{ HOSTNAME }} beat.name: {{ HOSTNAME }}
beat.hostname: {{ HOSTNAME }}
#========================== Modules configuration ============================ #========================== Modules configuration ============================
filebeat.modules: filebeat.modules:

11
salt/logstash/files/dynamic/0006_input_beats.conf
View File

@@ -11,21 +11,18 @@ input {
filter { filter {
if "ids" in [tags] { if "ids" in [tags] {
mutate { mutate {
add_field => {"sensor_name" => "%{[beat][name]}"} rename => { "[beat][name]", "sensor_name" }
add_field => {"syslog-host_from" => "%{[beat][hostname]}"} rename => { "[beat][hostname]", "syslog-host_from" }
remove_tag => ["beat"] remove_tag => ["beat"]
rename => { "host" => "beat_host" } rename => { "host" => "beat_host" }
remove_field => ["[beat][name]", "[beat][hostname]"]
} }
} }
if "bro" in [tags] { if "bro" in [tags] {
mutate { mutate {
add_field => {"sensor_name" => "%{[beat][name]}"} rename => { "[beat][name]", "sensor_name" }
add_field => {"syslog-host_from" => "%{[beat][hostname]}"} rename => { "[beat][hostname]", "syslog-host_from" }
remove_tag => ["beat"] remove_tag => ["beat"]
rename => { "host" => "beat_host" } rename => { "host" => "beat_host" }
remove_field => ["[beat][name]", "[beat][hostname]"]
} }
} }
} }