Logstash Module - Fix jinja syntax

salt/logstash/files/dynamic/9000_output_bro.conf

@@ -1,5 +1,5 @@
-{%- if grains['role'] != 'so-master' %}
+{%- if grains['role'] != 'so-master' -%}
-{%- set ES = salt['pillar.get']('node:mainip', '') %}
+{%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -17,7 +17,7 @@ output {
   if "bro" in [tags] and "test_data" not in [tags] and "import" not in [tags] {
 #    stdout { codec => rubydebug }
     elasticsearch {
-      hosts => {{ ES }}
+      hosts => "{{ ES }}"
       index => "logstash-bro-%{+YYYY.MM.dd}"
       template_name => "logstash"
       template => "/logstash-template.json"

salt/logstash/files/dynamic/9001_output_switch.conf

@@ -1,5 +1,5 @@
-{%- if grains['role'] != 'so-master' %}
+{%- if grains['role'] != 'so-master' -%}
-{%- set ES = salt['pillar.get']('node:mainip', '') %}
+{%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -16,7 +16,7 @@ output {
   if "switch" in [tags] and "test_data" not in [tags] {
     #stdout { codec => rubydebug }
     elasticsearch {
-      hosts => {{ ES }}
+      hosts => "{{ ES }}""
       index => "logstash-switch-%{+YYYY.MM.dd}"
       template => "/logstash-template.json"
     }

salt/logstash/files/dynamic/9002_output_import.conf

@@ -1,5 +1,5 @@
-{%- if grains['role'] != 'so-master' %}
+{%- if grains['role'] != 'so-master' -%}
-{%- set ES = salt['pillar.get']('node:mainip', '') %}
+{%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Updated by: Doug Burks
 # Last Update: 5/16/2017
 
@@ -14,7 +14,7 @@ output {
   if "import" in [tags] and "test_data" not in [tags] {
 #    stdout { codec => rubydebug }
     elasticsearch {
-      hosts => {{ ES }}
+      hosts => "{{ ES }}""
       index => "logstash-import-%{+YYYY.MM.dd}"
       template_name => "logstash-*"
       template => "/logstash-template.json"

salt/logstash/files/dynamic/9004_output_flow.conf

@@ -1,5 +1,5 @@
-{%- if grains['role'] != 'so-master' %}
+{%- if grains['role'] != 'so-master' -%}
-{%- set ES = salt['pillar.get']('node:mainip', '') %}
+{%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -16,7 +16,7 @@ output {
   if [event_type] == "sflow" and "test_data" not in [tags] {
     #stdout { codec => rubydebug }
     elasticsearch {
-      hosts => {{ ES }}
+      hosts => "{{ ES }}"
       index => "logstash-flow-%{+YYYY.MM.dd}"
       template => "/logstash-template.json"
     }

salt/logstash/files/dynamic/9026_output_dhcp.conf

@@ -1,5 +1,5 @@
-{%- if grains['role'] != 'so-master' %}
+{%- if grains['role'] != 'so-master' -%}
-{%- set ES = salt['pillar.get']('node:mainip', '') %}
+{%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -16,7 +16,7 @@ output {
   if [event_type] == "dhcp" and "test_data" not in [tags] {
     #stdout { codec => rubydebug }
     elasticsearch {
-      hosts => {{ ES }}
+      hosts => "{{ ES }}"
       template => "/logstash-template.json"
     }
   }

salt/logstash/files/dynamic/9029_output_esxi.conf

@@ -1,5 +1,5 @@
-{%- if grains['role'] != 'so-master' %}
+{%- if grains['role'] != 'so-master' -%}
-{%- set ES = salt['pillar.get']('node:mainip', '') %}
+{%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -15,7 +15,7 @@ filter {
 output {
   if [event_type] == "esxi" and "test_data" not in [tags] {
     elasticsearch {
-      hosts => {{ ES }}
+      hosts => "{{ ES }}"
       template => "/logstash-template.json"
     }
   }

salt/logstash/files/dynamic/9030_output_greensql.conf

@@ -1,5 +1,5 @@
-{%- if grains['role'] != 'so-master' %}
+{%- if grains['role'] != 'so-master' -%}
-{%- set ES = salt['pillar.get']('node:mainip', '') %}
+{%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -15,7 +15,7 @@ filter {
 output {
   if [event_type] == "greensql" and "test_data" not in [tags] {
     elasticsearch {
-      hosts => {{ ES }}
+      hosts => "{{ ES }}"
       template => "/logstash-template.json"
     }
   }

salt/logstash/files/dynamic/9031_output_iis.conf

@@ -1,5 +1,5 @@
-{%- if grains['role'] != 'so-master' %}
+{%- if grains['role'] != 'so-master' -%}
-{%- set ES = salt['pillar.get']('node:mainip', '') %}
+{%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -16,7 +16,7 @@ output {
   if [event_type] == "iis" and "test_data" not in [tags] {
     #stdout { codec => rubydebug }
     elasticsearch {
-      hosts => {{ ES }}
+      hosts => "{{ ES }}"
       template => "/logstash-template.json"
     }
   }

salt/logstash/files/dynamic/9032_output_mcafee.conf

@@ -1,5 +1,5 @@
-{%- if grains['role'] != 'so-master' %}
+{%- if grains['role'] != 'so-master' -%}
-{%- set ES = salt['pillar.get']('node:mainip', '') %}
+{%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -16,7 +16,7 @@ output {
   if [event_type] == "mcafee" and "test_data" not in [tags] {
     #stdout { codec => rubydebug }
     elasticsearch {
-      hosts => {{ ES }}
+      hosts => "{{ ES }}"
       template => "/logstash-template.json"
     }
   }

salt/logstash/files/dynamic/9033_output_snort.conf

@@ -1,5 +1,5 @@
-{%- if grains['role'] != 'so-master' %}
+{%- if grains['role'] != 'so-master' -%}
-{%- set ES = salt['pillar.get']('node:mainip', '') %}
+{%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -16,7 +16,7 @@ output {
     if [event_type] == "snort" and "test_data" not in [tags] {
     #stdout { codec => rubydebug }
     elasticsearch {
-      hosts => {{ ES }}
+      hosts => "{{ ES }}"
       index => "logstash-ids-%{+YYYY.MM.dd}"
       template_name => "logstash"
       template => "/logstash-template.json"

salt/logstash/files/dynamic/9034_output_syslog.conf

@@ -1,5 +1,5 @@
-{%- if grains['role'] != 'so-master' %}
+{%- if grains['role'] != 'so-master' -%}
-{%- set ES = salt['pillar.get']('node:mainip', '') %}
+{%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Updated by: Doug Burks
@@ -15,7 +15,7 @@ filter {
 output {
   if "syslog" in [tags] and "test_data" not in [tags] {
     elasticsearch {
-      hosts => {{ ES }}
+      hosts => "{{ ES }}"
       index => "logstash-syslog-%{+YYYY.MM.dd}"
       template_name => "logstash"
       template => "/logstash-template.json"

salt/logstash/files/dynamic/9200_output_firewall.conf

@@ -1,5 +1,5 @@
-{%- if grains['role'] != 'so-master' %}
+{%- if grains['role'] != 'so-master' -%}
-{%- set ES = salt['pillar.get']('node:mainip', '') %}
+{%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -16,7 +16,7 @@ output {
   if "firewall" in [tags] and "test_data" not in [tags] {
 #    stdout { codec => rubydebug }
     elasticsearch {
-      hosts => {{ ES }}
+      hosts => "{{ ES }}"
       index => "logstash-firewall-%{+YYYY.MM.dd}"
       template_name => "logstash"
       template => "/logstash-template.json"

salt/logstash/files/dynamic/9300_output_windows.conf

@@ -1,5 +1,5 @@
-{%- if grains['role'] != 'so-master' %}
+{%- if grains['role'] != 'so-master' -%}
-{%- set ES = salt['pillar.get']('node:mainip', '') %}
+{%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -16,7 +16,7 @@ output {
   if [event_type] == "windows" and "test_data" not in [tags] {
     #stdout { codec => rubydebug }
     elasticsearch {
-      hosts => {{ ES }}
+      hosts => "{{ ES }}"
       index => "logstash-windows-%{+YYYY.MM.dd}"
       template => "/logstash-template.json"
     }

salt/logstash/files/dynamic/9301_output_dns_windows.conf

@@ -1,5 +1,5 @@
-{%- if grains['role'] != 'so-master' %}
+{%- if grains['role'] != 'so-master' -%}
-{%- set ES = salt['pillar.get']('node:mainip', '') %}
+{%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -16,7 +16,7 @@ output {
   if [event_type] == "dns" and "test_data" not in [tags] {
     #stdout { codec => rubydebug }
     elasticsearch {
-      hosts => {{ ES }}
+      hosts => "{{ ES }}"
       index => "logstash-%{+YYYY.MM.dd}"
       template => "/logstash-template.json"
     }

salt/logstash/files/dynamic/9400_output_suricata.conf

@@ -1,5 +1,5 @@
-{%- if grains['role'] != 'so-master' %}
+{%- if grains['role'] != 'so-master' -%}
-{%- set ES = salt['pillar.get']('node:mainip', '') %}
+{%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -16,7 +16,7 @@ output {
   if [event_type] == "suricata" and "test_data" not in [tags] {
     #stdout { codec => rubydebug }
     elasticsearch {
-      hosts => {{ ES }}
+      hosts => "{{ ES }}"
       index => "logstash-ids-%{+YYYY.MM.dd}"
       template => "/logstash-template.json"
     }

salt/logstash/files/dynamic/9500_output_beats.conf

@@ -1,5 +1,5 @@
-{%- if grains['role'] != 'so-master' %}
+{%- if grains['role'] != 'so-master' -%}
-{%- set ES = salt['pillar.get']('node:mainip', '') %}
+{%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Wes Lambert
 # Last Update: 12/11/2017
 filter {
@@ -12,7 +12,7 @@ filter {
 output {
   if "beat" in [tags] {
     elasticsearch {
-      hosts => {{ ES }}
+      hosts => "{{ ES }}"
       index => "logstash-beats-%{+YYYY.MM.dd}"
       template_name => "logstash-beats"
       template => "/beats-template.json"

salt/logstash/files/dynamic/9998_output_test_data.conf

@@ -1,5 +1,5 @@
-{%- if grains['role'] != 'so-master' %}
+{%- if grains['role'] != 'so-master' -%}
-{%- set ES = salt['pillar.get']('node:mainip', '') %}
+{%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -15,7 +15,7 @@ filter {
 output {
   if "test_data" in [tags] {
     elasticsearch {
-      hosts => {{ ES }}
+      hosts => "{{ ES }}"
       index => "logstash-test-%{+YYYY.MM.dd}"
       template => "/logstash-template.json"
     }