CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-16 22:12:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add evtx import logging

Browse Source
This commit is contained in:
Josh Brower
2021-11-02 09:03:52 -04:00
parent b756c0cd38
commit 3534256517
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
salt/common/tools/sbin/so-import-evtx
View File

@@ -25,6 +25,7 @@
INDEX_DATE=$(date +'%Y.%m.%d')
RUNID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1)
LOG_FILE=/nsm/import/evtx-import.log
. /usr/sbin/so-common
@@ -51,7 +52,7 @@ function evtx2es() {
--host {{ MANAGERIP }} --scheme https \
--index so-beats-$INDEX_DATE --pipeline import.wel \
--login $ES_USER --pwd $ES_PW \
"/tmp/$RUNID.evtx" 1>/dev/null 2>/dev/null
"/tmp/$RUNID.evtx" 1>/dev/null > $LOG_FILE 2>&1
docker run --rm \
-v "$EVTX:/tmp/import.evtx" \