CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

add 514 tcp listener to filebeat docker and add syslog listener to fb config for manager and manager search - https://github.com/Security-Onion-Solutions/securityonion/issues/1551

Browse Source
This commit is contained in:
m0duspwnens
2020-10-19 10:27:40 -04:00
parent a05329e7d8
commit 79854f111e
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/filebeat/etc/filebeat.yml
View File

@@ -74,7 +74,7 @@ filebeat.modules:
# List of prospectors to fetch data.
filebeat.inputs:
#------------------------------ Log prospector --------------------------------
{%- if grains['role'] in ['so-sensor', "so-eval", "so-helix", "so-heavynode", "so-standalone", "so-import"] %}
{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-sensor', 'so-helix', 'so-heavynode', 'so-import'] %}
- type: udp
enabled: true
host: "0.0.0.0:514"

1
salt/filebeat/init.sls
View File

@@ -82,6 +82,7 @@ so-filebeat:
- /etc/ssl/certs/intca.crt:/usr/share/filebeat/intraca.crt:ro
- port_bindings:
- 0.0.0.0:514:514/udp
- 0.0.0.0:514:514/tcp
- watch:
- file: /opt/so/conf/filebeat/etc/filebeat.yml