CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix Filebeat spacing

Browse Source
This commit is contained in:
Mike Reeves
2020-07-10 15:51:12 -04:00
parent 5eb33d5ac7
commit 46d572fa8c
3 changed files with 2 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pillar/logstash/eval.sls
View File

@@ -18,20 +18,12 @@ logstash:
templates: templates:
- so/so-beats-template.json.jinja - so/so-beats-template.json.jinja
- so/so-common-template.json - so/so-common-template.json
- so/so-dhcp-template.json.jinja
- so/so-dns_windows-template.json.jinja
- so/so-esxi-template.json.jinja
- so/so-firewall-template.json.jinja - so/so-firewall-template.json.jinja
- so/so-flow-template.json.jinja - so/so-flow-template.json.jinja
- so/so-greensql-template.json.jinja
- so/so-ids-template.json.jinja - so/so-ids-template.json.jinja
- so/so-import-template.json.jinja - so/so-import-template.json.jinja
- so/so-iss-template.json.jinja
- so/so-mcafee-template.json.jinja
- so/so-osquery-template.json.jinja - so/so-osquery-template.json.jinja
- so/so-ossec-template.json.jinja - so/so-ossec-template.json.jinja
- so/so-strelka-template.json.jinja - so/so-strelka-template.json.jinja
- so/so-switch-template.json.jinja
- so/so-syslog-template.json.jinja - so/so-syslog-template.json.jinja
- so/so-windows-template.json.jinja
- so/so-zeek-template.json.jinja - so/so-zeek-template.json.jinja

8
pillar/logstash/search.sls
View File

@@ -14,20 +14,12 @@ logstash:
templates: templates:
- so/so-beats-template.json.jinja - so/so-beats-template.json.jinja
- so/so-common-template.json - so/so-common-template.json
- so/so-dhcp-template.json.jinja
- so/so-dns_windows-template.json.jinja
- so/so-esxi-template.json.jinja
- so/so-firewall-template.json.jinja - so/so-firewall-template.json.jinja
- so/so-flow-template.json.jinja - so/so-flow-template.json.jinja
- so/so-greensql-template.json.jinja
- so/so-ids-template.json.jinja - so/so-ids-template.json.jinja
- so/so-import-template.json.jinja - so/so-import-template.json.jinja
- so/so-iss-template.json.jinja
- so/so-mcafee-template.json.jinja
- so/so-osquery-template.json.jinja - so/so-osquery-template.json.jinja
- so/so-ossec-template.json.jinja - so/so-ossec-template.json.jinja
- so/so-strelka-template.json.jinja - so/so-strelka-template.json.jinja
- so/so-switch-template.json.jinja
- so/so-syslog-template.json.jinja - so/so-syslog-template.json.jinja
- so/so-windows-template.json.jinja
- so/so-zeek-template.json.jinja - so/so-zeek-template.json.jinja

4
salt/filebeat/etc/filebeat.yml
View File

@@ -127,7 +127,7 @@ filebeat.inputs:
imported: true imported: true
processors: processors:
- add_tags: - add_tags:
tags: [import] tags: [import]
- dissect: - dissect:
tokenizer: "/nsm/import/%{import.id}/zeek/logs/%{import.file}" tokenizer: "/nsm/import/%{import.id}/zeek/logs/%{import.file}"
field: "log.file.path" field: "log.file.path"
@@ -167,7 +167,7 @@ filebeat.inputs:
imported: true imported: true
processors: processors:
- add_tags: - add_tags:
tags: [import] tags: [import]
- dissect: - dissect:
tokenizer: "/nsm/import/%{import.id}/suricata/%{import.file}" tokenizer: "/nsm/import/%{import.id}/suricata/%{import.file}"
field: "log.file.path" field: "log.file.path"