CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Logstash Module - Change some fields so dashboards load

Browse Source
This commit is contained in:
Mike Reeves
2018-10-16 16:21:50 -04:00
parent 61c30243ff
commit 57039d83c8
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/filebeat/etc/filebeat.yml
View File

@@ -1,4 +1,8 @@
{%- set MASTER = salt['pillar.get']('sensor:master', '') %} {%- set MASTER = salt['pillar.get']('sensor:master', '') %}
{%- set HOSTNAME = salt['grains.get']('host', '') %}
beat.name: {{ HOSTNAME }}
beat.hostname: {{ HOSTNAME }}
#========================== Modules configuration ============================ #========================== Modules configuration ============================
filebeat.modules: filebeat.modules:

3
salt/logstash/files/dynamic/0006_input_beats.conf
View File

@@ -11,8 +11,11 @@ input {
filter { filter {
if "ids" in [tags] { if "ids" in [tags] {
mutate { mutate {
add_field => {"sensor_name" => "%{beat.name}"}
add_field => {"syslog-host_from" => "%{beat.hostname}"}
remove_tag => ["beat"] remove_tag => ["beat"]
rename => { "host" => "beat_host" } rename => { "host" => "beat_host" }
remove_field => ["beat.name", "beat.hostname"]
} }
} }