CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

update FB config

Browse Source
This commit is contained in:
Wes Lambert
2020-03-31 00:37:58 +00:00
parent 5226ec1560
commit 68138e009a
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/filebeat/etc/filebeat.yml
View File

@@ -20,7 +20,7 @@ name: {{ HOSTNAME }}
# Sets log level. The default log level is info. # Sets log level. The default log level is info.
# Available log levels are: error, warning, info, debug # Available log levels are: error, warning, info, debug
logging.level: error logging.level: warning
# Enable debug output for selected components. To enable all selectors use ["*"] # Enable debug output for selected components. To enable all selectors use ["*"]
# Other available selectors are "beat", "publish", "service" # Other available selectors are "beat", "publish", "service"
@@ -82,7 +82,8 @@ filebeat.inputs:
- /nsm/zeek/logs/current/{{ LOGNAME }}.log - /nsm/zeek/logs/current/{{ LOGNAME }}.log
fields: fields:
module: zeek module: zeek
dataset: {{ LOGNAME }} dataset: {{ LOGNAME }}
category: network
processors: processors:
- drop_fields: - drop_fields:
fields: ["source", "prospector", "input", "offset", "beat"] fields: ["source", "prospector", "input", "offset", "beat"]
@@ -100,6 +101,7 @@ filebeat.inputs:
fields: fields:
module: suricata module: suricata
dataset: alert dataset: alert
category: network
processors: processors:
- drop_fields: - drop_fields:
@@ -118,7 +120,7 @@ filebeat.inputs:
fields: fields:
module: ossec module: ossec
dataset: alert dataset: alert
category: host
processors: processors:
- drop_fields: - drop_fields:
fields: ["source", "prospector", "input", "offset", "beat"] fields: ["source", "prospector", "input", "offset", "beat"]