diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml
index 50e06c340..880289541 100644
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -111,6 +111,42 @@ elasticsearch:
             name: elastic_agent
           managed_by: security_onion
           managed: true  
+    so-logs-system.auth:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-system.auth*"
+        template:
+          settings:
+            index:
+              number_of_replicas: 0
+        composed_of:
+          - "logs-system.auth@package"
+          - "logs-system.auth@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
+    so-logs-system.syslog:
+      index_sorting: False
+      index_template:
+        index_patterns:
+          - "logs-system.syslog*"
+        template:
+          settings:
+            index:
+              number_of_replicas: 0
+        composed_of:
+          - "logs-system.syslog@package"
+          - "logs-system.syslog@custom"
+          - "so-fleet_globals-1"
+          - "so-fleet_agent_id_verification-1"
+        priority: 501
+        data_stream:
+          hidden: false
+          allow_custom_routing: false
     so-logs-system.application:
       index_sorting: False
       index_template:
@@ -219,7 +255,6 @@ elasticsearch:
         data_stream:
           hidden: false
           allow_custom_routing: false
- 
     so-logs-osquery-manager:
       index_sorting: False
       index_template: