CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

parse Bro logs using Elasticsearch ingest node

Browse Source
This commit is contained in:
doug
2019-09-23 16:04:23 -04:00
parent c685089b2b
commit 8472b24a67
48 changed files with 1375 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/elasticsearch/init.sls
View File

@@ -121,6 +121,10 @@ so-elasticsearch:
- /nsm/elasticsearch:/usr/share/elasticsearch/data:rw
- /opt/so/log/elasticsearch:/var/log/elasticsearch:rw
so-elasticsearch-pipelines:
cmd.run:
- name: /opt/so/saltstack/salt/elasticsearch/files/so-elasticsearch-pipelines {{ esclustername }}
# Tell the main cluster I am here
#curl -XPUT http://\$ELASTICSEARCH_HOST:\$ELASTICSEARCH_PORT/_cluster/settings -H'Content-Type: application/json' -d '{"persistent": {"search": {"remote": {"$HOSTNAME": {"skip_unavailable": "true", "seeds": ["$DOCKER_INTERFACE:$REVERSE_PORT"]}}}}}'