CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add templates for system.auth and systen.syslog

Browse Source
This commit is contained in:
Wes
2023-06-12 14:23:24 +00:00
parent 8e0d895afb
commit 42f5ad9939
1 changed files with 36 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
salt/elasticsearch/defaults.yaml
View File

@@ -111,6 +111,42 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-system.auth:
index_sorting: False
index_template:
index_patterns:
- "logs-system.auth*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-system.auth@package"
- "logs-system.auth@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-system.syslog:
index_sorting: False
index_template:
index_patterns:
- "logs-system.syslog*"
template:
settings:
index:
number_of_replicas: 0
composed_of:
- "logs-system.syslog@package"
- "logs-system.syslog@custom"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
so-logs-system.application: so-logs-system.application:
index_sorting: False index_sorting: False
index_template: index_template:
@@ -219,7 +255,6 @@ elasticsearch:
data_stream: data_stream:
hidden: false hidden: false
allow_custom_routing: false allow_custom_routing: false
so-logs-osquery-manager: so-logs-osquery-manager:
index_sorting: False index_sorting: False
index_template: index_template: