parse Bro logs using Elasticsearch ingest node

salt/logstash/conf/conf.enabled.txt.parser

@@ -7,11 +7,12 @@
 # /usr/share/logstash/pipeline.custom/1234_input_custom.conf
 ##
 # All of the defaults are loaded.
+# Please note that Bro config is commented out because we're moving that parsing to Elasticsearch ingest.
 /usr/share/logstash/pipeline.dynamic/0900_input_redis.conf
 /usr/share/logstash/pipeline.so/1000_preprocess_log_elapsed.conf
 /usr/share/logstash/pipeline.so/1001_preprocess_syslogng.conf
 /usr/share/logstash/pipeline.so/1002_preprocess_json.conf
-/usr/share/logstash/pipeline.so/1003_preprocess_bro.conf
+#/usr/share/logstash/pipeline.so/1003_preprocess_bro.conf
 /usr/share/logstash/pipeline.so/1004_preprocess_syslog_types.conf
 /usr/share/logstash/pipeline.so/1026_preprocess_dhcp.conf
 /usr/share/logstash/pipeline.so/1029_preprocess_esxi.conf
@@ -20,44 +21,44 @@
 /usr/share/logstash/pipeline.so/1032_preprocess_mcafee.conf
 /usr/share/logstash/pipeline.so/1033_preprocess_snort.conf
 /usr/share/logstash/pipeline.so/1034_preprocess_syslog.conf
-/usr/share/logstash/pipeline.so/1100_preprocess_bro_conn.conf
-/usr/share/logstash/pipeline.so/1101_preprocess_bro_dhcp.conf
-/usr/share/logstash/pipeline.so/1102_preprocess_bro_dns.conf
-/usr/share/logstash/pipeline.so/1103_preprocess_bro_dpd.conf
-/usr/share/logstash/pipeline.so/1104_preprocess_bro_files.conf
-/usr/share/logstash/pipeline.so/1105_preprocess_bro_ftp.conf
-/usr/share/logstash/pipeline.so/1106_preprocess_bro_http.conf
-/usr/share/logstash/pipeline.so/1107_preprocess_bro_irc.conf
-/usr/share/logstash/pipeline.so/1108_preprocess_bro_kerberos.conf
-/usr/share/logstash/pipeline.so/1109_preprocess_bro_notice.conf
-/usr/share/logstash/pipeline.so/1110_preprocess_bro_rdp.conf
-/usr/share/logstash/pipeline.so/1111_preprocess_bro_signatures.conf
-/usr/share/logstash/pipeline.so/1112_preprocess_bro_smtp.conf
-/usr/share/logstash/pipeline.so/1113_preprocess_bro_snmp.conf
-/usr/share/logstash/pipeline.so/1114_preprocess_bro_software.conf
-/usr/share/logstash/pipeline.so/1115_preprocess_bro_ssh.conf
-/usr/share/logstash/pipeline.so/1116_preprocess_bro_ssl.conf
-/usr/share/logstash/pipeline.so/1117_preprocess_bro_syslog.conf
-/usr/share/logstash/pipeline.so/1118_preprocess_bro_tunnel.conf
-/usr/share/logstash/pipeline.so/1119_preprocess_bro_weird.conf
-/usr/share/logstash/pipeline.so/1121_preprocess_bro_mysql.conf
-/usr/share/logstash/pipeline.so/1122_preprocess_bro_socks.conf
-/usr/share/logstash/pipeline.so/1123_preprocess_bro_x509.conf
-/usr/share/logstash/pipeline.so/1124_preprocess_bro_intel.conf
-/usr/share/logstash/pipeline.so/1125_preprocess_bro_modbus.conf
-/usr/share/logstash/pipeline.so/1126_preprocess_bro_sip.conf
-/usr/share/logstash/pipeline.so/1127_preprocess_bro_radius.conf
-/usr/share/logstash/pipeline.so/1128_preprocess_bro_pe.conf
-/usr/share/logstash/pipeline.so/1129_preprocess_bro_rfb.conf
-/usr/share/logstash/pipeline.so/1130_preprocess_bro_dnp3.conf
-/usr/share/logstash/pipeline.so/1131_preprocess_bro_smb_files.conf
-/usr/share/logstash/pipeline.so/1132_preprocess_bro_smb_mapping.conf
-/usr/share/logstash/pipeline.so/1133_preprocess_bro_ntlm.conf
-/usr/share/logstash/pipeline.so/1134_preprocess_bro_dce_rpc.conf
+#/usr/share/logstash/pipeline.so/1100_preprocess_bro_conn.conf
+#/usr/share/logstash/pipeline.so/1101_preprocess_bro_dhcp.conf
+#/usr/share/logstash/pipeline.so/1102_preprocess_bro_dns.conf
+#/usr/share/logstash/pipeline.so/1103_preprocess_bro_dpd.conf
+#/usr/share/logstash/pipeline.so/1104_preprocess_bro_files.conf
+#/usr/share/logstash/pipeline.so/1105_preprocess_bro_ftp.conf
+#/usr/share/logstash/pipeline.so/1106_preprocess_bro_http.conf
+#/usr/share/logstash/pipeline.so/1107_preprocess_bro_irc.conf
+#/usr/share/logstash/pipeline.so/1108_preprocess_bro_kerberos.conf
+#/usr/share/logstash/pipeline.so/1109_preprocess_bro_notice.conf
+#/usr/share/logstash/pipeline.so/1110_preprocess_bro_rdp.conf
+#/usr/share/logstash/pipeline.so/1111_preprocess_bro_signatures.conf
+#/usr/share/logstash/pipeline.so/1112_preprocess_bro_smtp.conf
+#/usr/share/logstash/pipeline.so/1113_preprocess_bro_snmp.conf
+#/usr/share/logstash/pipeline.so/1114_preprocess_bro_software.conf
+#/usr/share/logstash/pipeline.so/1115_preprocess_bro_ssh.conf
+#/usr/share/logstash/pipeline.so/1116_preprocess_bro_ssl.conf
+#/usr/share/logstash/pipeline.so/1117_preprocess_bro_syslog.conf
+#/usr/share/logstash/pipeline.so/1118_preprocess_bro_tunnel.conf
+#/usr/share/logstash/pipeline.so/1119_preprocess_bro_weird.conf
+#/usr/share/logstash/pipeline.so/1121_preprocess_bro_mysql.conf
+#/usr/share/logstash/pipeline.so/1122_preprocess_bro_socks.conf
+#/usr/share/logstash/pipeline.so/1123_preprocess_bro_x509.conf
+#/usr/share/logstash/pipeline.so/1124_preprocess_bro_intel.conf
+#/usr/share/logstash/pipeline.so/1125_preprocess_bro_modbus.conf
+#/usr/share/logstash/pipeline.so/1126_preprocess_bro_sip.conf
+#/usr/share/logstash/pipeline.so/1127_preprocess_bro_radius.conf
+#/usr/share/logstash/pipeline.so/1128_preprocess_bro_pe.conf
+#/usr/share/logstash/pipeline.so/1129_preprocess_bro_rfb.conf
+#/usr/share/logstash/pipeline.so/1130_preprocess_bro_dnp3.conf
+#/usr/share/logstash/pipeline.so/1131_preprocess_bro_smb_files.conf
+#/usr/share/logstash/pipeline.so/1132_preprocess_bro_smb_mapping.conf
+#/usr/share/logstash/pipeline.so/1133_preprocess_bro_ntlm.conf
+#/usr/share/logstash/pipeline.so/1134_preprocess_bro_dce_rpc.conf
 /usr/share/logstash/pipeline.so/1998_test_data.conf
 /usr/share/logstash/pipeline.so/2000_network_flow.conf
-/usr/share/logstash/pipeline.so/6000_bro.conf
-/usr/share/logstash/pipeline.so/6001_bro_import.conf
+#/usr/share/logstash/pipeline.so/6000_bro.conf
+#/usr/share/logstash/pipeline.so/6001_bro_import.conf
 /usr/share/logstash/pipeline.so/6002_syslog.conf
 /usr/share/logstash/pipeline.so/6101_switch_brocade.conf
 /usr/share/logstash/pipeline.so/6200_firewall_fortinet.conf
@@ -68,17 +69,17 @@
 /usr/share/logstash/pipeline.so/6500_ossec.conf
 /usr/share/logstash/pipeline.so/6501_ossec_sysmon.conf
 /usr/share/logstash/pipeline.so/6502_ossec_autoruns.conf
-/usr/share/logstash/pipeline.so/8000_postprocess_bro_cleanup.conf
+#/usr/share/logstash/pipeline.so/8000_postprocess_bro_cleanup.conf
 /usr/share/logstash/pipeline.so/8001_postprocess_common_ip_augmentation.conf
 /usr/share/logstash/pipeline.so/8006_postprocess_dns.conf
 /usr/share/logstash/pipeline.so/8007_postprocess_dns_top1m_tagging.conf
 /usr/share/logstash/pipeline.so/8007_postprocess_http.conf
 /usr/share/logstash/pipeline.so/8008_postprocess_dns_whois_age.conf
 /usr/share/logstash/pipeline.so/8200_postprocess_tagging.conf
-/usr/share/logstash/pipeline.so/8502_postprocess_freq_analysis_bro_dns.conf
-/usr/share/logstash/pipeline.so/8503_postprocess_freq_analysis_bro_http.conf
-/usr/share/logstash/pipeline.so/8504_postprocess_freq_analysis_bro_ssl.conf
-/usr/share/logstash/pipeline.so/8505_postprocess_freq_analysis_bro_x509.conf
+#/usr/share/logstash/pipeline.so/8502_postprocess_freq_analysis_bro_dns.conf
+#/usr/share/logstash/pipeline.so/8503_postprocess_freq_analysis_bro_http.conf
+#/usr/share/logstash/pipeline.so/8504_postprocess_freq_analysis_bro_ssl.conf
+#/usr/share/logstash/pipeline.so/8505_postprocess_freq_analysis_bro_x509.conf
 /usr/share/logstash/pipeline.so/8998_postprocess_log_elapsed.conf
 /usr/share/logstash/pipeline.so/8999_postprocess_rename_type.conf
 /usr/share/logstash/pipeline.dynamic/9999_output_redis.conf

salt/logstash/conf/conf.enabled.txt.so-eval

@@ -7,6 +7,7 @@
 # /usr/share/logstash/pipeline.custom/1234_input_custom.conf
 ##
 # All of the defaults are loaded.
+# Please note that Bro config is commented out because we're moving that parsing to Elasticsearch ingest.
 #/usr/share/logstash/pipeline.so/0000_input_syslogng.conf
 #/usr/share/logstash/pipeline.so/0001_input_json.conf
 #/usr/share/logstash/pipeline.so/0002_input_windows_json.conf
@@ -18,7 +19,7 @@
 #/usr/share/logstash/pipeline.so/1000_preprocess_log_elapsed.conf
 #/usr/share/logstash/pipeline.so/1001_preprocess_syslogng.conf
 #/usr/share/logstash/pipeline.so/1002_preprocess_json.conf
-/usr/share/logstash/pipeline.so/1003_preprocess_bro.conf
+#/usr/share/logstash/pipeline.so/1003_preprocess_bro.conf
 #/usr/share/logstash/pipeline.so/1004_preprocess_syslog_types.conf
 /usr/share/logstash/pipeline.so/1026_preprocess_dhcp.conf
 #/usr/share/logstash/pipeline.so/1029_preprocess_esxi.conf
@@ -27,44 +28,44 @@
 #/usr/share/logstash/pipeline.so/1032_preprocess_mcafee.conf
 /usr/share/logstash/pipeline.so/1033_preprocess_snort.conf
 #/usr/share/logstash/pipeline.so/1034_preprocess_syslog.conf
-/usr/share/logstash/pipeline.so/1100_preprocess_bro_conn.conf
-/usr/share/logstash/pipeline.so/1101_preprocess_bro_dhcp.conf
-/usr/share/logstash/pipeline.so/1102_preprocess_bro_dns.conf
-/usr/share/logstash/pipeline.so/1103_preprocess_bro_dpd.conf
-/usr/share/logstash/pipeline.so/1104_preprocess_bro_files.conf
-/usr/share/logstash/pipeline.so/1105_preprocess_bro_ftp.conf
-/usr/share/logstash/pipeline.so/1106_preprocess_bro_http.conf
-/usr/share/logstash/pipeline.so/1107_preprocess_bro_irc.conf
-/usr/share/logstash/pipeline.so/1108_preprocess_bro_kerberos.conf
-/usr/share/logstash/pipeline.so/1109_preprocess_bro_notice.conf
-/usr/share/logstash/pipeline.so/1110_preprocess_bro_rdp.conf
-/usr/share/logstash/pipeline.so/1111_preprocess_bro_signatures.conf
-/usr/share/logstash/pipeline.so/1112_preprocess_bro_smtp.conf
-/usr/share/logstash/pipeline.so/1113_preprocess_bro_snmp.conf
-/usr/share/logstash/pipeline.so/1114_preprocess_bro_software.conf
-/usr/share/logstash/pipeline.so/1115_preprocess_bro_ssh.conf
-/usr/share/logstash/pipeline.so/1116_preprocess_bro_ssl.conf
-/usr/share/logstash/pipeline.so/1117_preprocess_bro_syslog.conf
-/usr/share/logstash/pipeline.so/1118_preprocess_bro_tunnel.conf
-/usr/share/logstash/pipeline.so/1119_preprocess_bro_weird.conf
-/usr/share/logstash/pipeline.so/1121_preprocess_bro_mysql.conf
-/usr/share/logstash/pipeline.so/1122_preprocess_bro_socks.conf
-/usr/share/logstash/pipeline.so/1123_preprocess_bro_x509.conf
-/usr/share/logstash/pipeline.so/1124_preprocess_bro_intel.conf
-/usr/share/logstash/pipeline.so/1125_preprocess_bro_modbus.conf
-/usr/share/logstash/pipeline.so/1126_preprocess_bro_sip.conf
-/usr/share/logstash/pipeline.so/1127_preprocess_bro_radius.conf
-/usr/share/logstash/pipeline.so/1128_preprocess_bro_pe.conf
-/usr/share/logstash/pipeline.so/1129_preprocess_bro_rfb.conf
-/usr/share/logstash/pipeline.so/1130_preprocess_bro_dnp3.conf
-/usr/share/logstash/pipeline.so/1131_preprocess_bro_smb_files.conf
-/usr/share/logstash/pipeline.so/1132_preprocess_bro_smb_mapping.conf
-/usr/share/logstash/pipeline.so/1133_preprocess_bro_ntlm.conf
-/usr/share/logstash/pipeline.so/1134_preprocess_bro_dce_rpc.conf
+#/usr/share/logstash/pipeline.so/1100_preprocess_bro_conn.conf
+#/usr/share/logstash/pipeline.so/1101_preprocess_bro_dhcp.conf
+#/usr/share/logstash/pipeline.so/1102_preprocess_bro_dns.conf
+#/usr/share/logstash/pipeline.so/1103_preprocess_bro_dpd.conf
+#/usr/share/logstash/pipeline.so/1104_preprocess_bro_files.conf
+#/usr/share/logstash/pipeline.so/1105_preprocess_bro_ftp.conf
+#/usr/share/logstash/pipeline.so/1106_preprocess_bro_http.conf
+#/usr/share/logstash/pipeline.so/1107_preprocess_bro_irc.conf
+#/usr/share/logstash/pipeline.so/1108_preprocess_bro_kerberos.conf
+#/usr/share/logstash/pipeline.so/1109_preprocess_bro_notice.conf
+#/usr/share/logstash/pipeline.so/1110_preprocess_bro_rdp.conf
+#/usr/share/logstash/pipeline.so/1111_preprocess_bro_signatures.conf
+#/usr/share/logstash/pipeline.so/1112_preprocess_bro_smtp.conf
+#/usr/share/logstash/pipeline.so/1113_preprocess_bro_snmp.conf
+#/usr/share/logstash/pipeline.so/1114_preprocess_bro_software.conf
+#/usr/share/logstash/pipeline.so/1115_preprocess_bro_ssh.conf
+#/usr/share/logstash/pipeline.so/1116_preprocess_bro_ssl.conf
+#/usr/share/logstash/pipeline.so/1117_preprocess_bro_syslog.conf
+#/usr/share/logstash/pipeline.so/1118_preprocess_bro_tunnel.conf
+#/usr/share/logstash/pipeline.so/1119_preprocess_bro_weird.conf
+#/usr/share/logstash/pipeline.so/1121_preprocess_bro_mysql.conf
+#/usr/share/logstash/pipeline.so/1122_preprocess_bro_socks.conf
+#/usr/share/logstash/pipeline.so/1123_preprocess_bro_x509.conf
+#/usr/share/logstash/pipeline.so/1124_preprocess_bro_intel.conf
+#/usr/share/logstash/pipeline.so/1125_preprocess_bro_modbus.conf
+#/usr/share/logstash/pipeline.so/1126_preprocess_bro_sip.conf
+#/usr/share/logstash/pipeline.so/1127_preprocess_bro_radius.conf
+#/usr/share/logstash/pipeline.so/1128_preprocess_bro_pe.conf
+#/usr/share/logstash/pipeline.so/1129_preprocess_bro_rfb.conf
+#/usr/share/logstash/pipeline.so/1130_preprocess_bro_dnp3.conf
+#/usr/share/logstash/pipeline.so/1131_preprocess_bro_smb_files.conf
+#/usr/share/logstash/pipeline.so/1132_preprocess_bro_smb_mapping.conf
+#/usr/share/logstash/pipeline.so/1133_preprocess_bro_ntlm.conf
+#/usr/share/logstash/pipeline.so/1134_preprocess_bro_dce_rpc.conf
 #/usr/share/logstash/pipeline.so/1998_test_data.conf
 #/usr/share/logstash/pipeline.so/2000_network_flow.conf
-/usr/share/logstash/pipeline.so/6000_bro.conf
-/usr/share/logstash/pipeline.so/6001_bro_import.conf
+#/usr/share/logstash/pipeline.so/6000_bro.conf
+#/usr/share/logstash/pipeline.so/6001_bro_import.conf
 #/usr/share/logstash/pipeline.so/6002_syslog.conf
 #/usr/share/logstash/pipeline.so/6101_switch_brocade.conf
 #/usr/share/logstash/pipeline.so/6200_firewall_fortinet.conf
@@ -77,7 +78,7 @@
 /usr/share/logstash/pipeline.so/6502_ossec_autoruns.conf
 /usr/share/logstash/pipeline.so/6600_winlogbeat_sysmon.conf
 /usr/share/logstash/pipeline.so/6700_winlogbeat.conf
-/usr/share/logstash/pipeline.so/8000_postprocess_bro_cleanup.conf
+#/usr/share/logstash/pipeline.so/8000_postprocess_bro_cleanup.conf
 /usr/share/logstash/pipeline.so/8001_postprocess_common_ip_augmentation.conf
 #/usr/share/logstash/pipeline.so/8006_postprocess_dns.conf
 #/usr/share/logstash/pipeline.so/8007_postprocess_dns_top1m_tagging.conf

salt/logstash/conf/conf.enabled.txt.storage

@@ -7,11 +7,12 @@
 # /usr/share/logstash/pipeline.custom/1234_input_custom.conf
 ##
 # All of the defaults are loaded.
+# Please note that Bro config is commented out because we're moving that parsing to Elasticsearch ingest.
 /usr/share/logstash/pipeline.dynamic/0900_input_redis.conf
 /usr/share/logstash/pipeline.so/1000_preprocess_log_elapsed.conf
 /usr/share/logstash/pipeline.so/1001_preprocess_syslogng.conf
 /usr/share/logstash/pipeline.so/1002_preprocess_json.conf
-/usr/share/logstash/pipeline.so/1003_preprocess_bro.conf
+#/usr/share/logstash/pipeline.so/1003_preprocess_bro.conf
 /usr/share/logstash/pipeline.so/1004_preprocess_syslog_types.conf
 /usr/share/logstash/pipeline.so/1026_preprocess_dhcp.conf
 /usr/share/logstash/pipeline.so/1029_preprocess_esxi.conf
@@ -20,44 +21,44 @@
 /usr/share/logstash/pipeline.so/1032_preprocess_mcafee.conf
 /usr/share/logstash/pipeline.so/1033_preprocess_snort.conf
 /usr/share/logstash/pipeline.so/1034_preprocess_syslog.conf
-/usr/share/logstash/pipeline.so/1100_preprocess_bro_conn.conf
-/usr/share/logstash/pipeline.so/1101_preprocess_bro_dhcp.conf
-/usr/share/logstash/pipeline.so/1102_preprocess_bro_dns.conf
-/usr/share/logstash/pipeline.so/1103_preprocess_bro_dpd.conf
-/usr/share/logstash/pipeline.so/1104_preprocess_bro_files.conf
-/usr/share/logstash/pipeline.so/1105_preprocess_bro_ftp.conf
-/usr/share/logstash/pipeline.so/1106_preprocess_bro_http.conf
-/usr/share/logstash/pipeline.so/1107_preprocess_bro_irc.conf
-/usr/share/logstash/pipeline.so/1108_preprocess_bro_kerberos.conf
-/usr/share/logstash/pipeline.so/1109_preprocess_bro_notice.conf
-/usr/share/logstash/pipeline.so/1110_preprocess_bro_rdp.conf
-/usr/share/logstash/pipeline.so/1111_preprocess_bro_signatures.conf
-/usr/share/logstash/pipeline.so/1112_preprocess_bro_smtp.conf
-/usr/share/logstash/pipeline.so/1113_preprocess_bro_snmp.conf
-/usr/share/logstash/pipeline.so/1114_preprocess_bro_software.conf
-/usr/share/logstash/pipeline.so/1115_preprocess_bro_ssh.conf
-/usr/share/logstash/pipeline.so/1116_preprocess_bro_ssl.conf
-/usr/share/logstash/pipeline.so/1117_preprocess_bro_syslog.conf
-/usr/share/logstash/pipeline.so/1118_preprocess_bro_tunnel.conf
-/usr/share/logstash/pipeline.so/1119_preprocess_bro_weird.conf
-/usr/share/logstash/pipeline.so/1121_preprocess_bro_mysql.conf
-/usr/share/logstash/pipeline.so/1122_preprocess_bro_socks.conf
-/usr/share/logstash/pipeline.so/1123_preprocess_bro_x509.conf
-/usr/share/logstash/pipeline.so/1124_preprocess_bro_intel.conf
-/usr/share/logstash/pipeline.so/1125_preprocess_bro_modbus.conf
-/usr/share/logstash/pipeline.so/1126_preprocess_bro_sip.conf
-/usr/share/logstash/pipeline.so/1127_preprocess_bro_radius.conf
-/usr/share/logstash/pipeline.so/1128_preprocess_bro_pe.conf
-/usr/share/logstash/pipeline.so/1129_preprocess_bro_rfb.conf
-/usr/share/logstash/pipeline.so/1130_preprocess_bro_dnp3.conf
-/usr/share/logstash/pipeline.so/1131_preprocess_bro_smb_files.conf
-/usr/share/logstash/pipeline.so/1132_preprocess_bro_smb_mapping.conf
-/usr/share/logstash/pipeline.so/1133_preprocess_bro_ntlm.conf
-/usr/share/logstash/pipeline.so/1134_preprocess_bro_dce_rpc.conf
+#/usr/share/logstash/pipeline.so/1100_preprocess_bro_conn.conf
+#/usr/share/logstash/pipeline.so/1101_preprocess_bro_dhcp.conf
+#/usr/share/logstash/pipeline.so/1102_preprocess_bro_dns.conf
+#/usr/share/logstash/pipeline.so/1103_preprocess_bro_dpd.conf
+#/usr/share/logstash/pipeline.so/1104_preprocess_bro_files.conf
+#/usr/share/logstash/pipeline.so/1105_preprocess_bro_ftp.conf
+#/usr/share/logstash/pipeline.so/1106_preprocess_bro_http.conf
+#/usr/share/logstash/pipeline.so/1107_preprocess_bro_irc.conf
+#/usr/share/logstash/pipeline.so/1108_preprocess_bro_kerberos.conf
+#/usr/share/logstash/pipeline.so/1109_preprocess_bro_notice.conf
+#/usr/share/logstash/pipeline.so/1110_preprocess_bro_rdp.conf
+#/usr/share/logstash/pipeline.so/1111_preprocess_bro_signatures.conf
+#/usr/share/logstash/pipeline.so/1112_preprocess_bro_smtp.conf
+#/usr/share/logstash/pipeline.so/1113_preprocess_bro_snmp.conf
+#/usr/share/logstash/pipeline.so/1114_preprocess_bro_software.conf
+#/usr/share/logstash/pipeline.so/1115_preprocess_bro_ssh.conf
+#/usr/share/logstash/pipeline.so/1116_preprocess_bro_ssl.conf
+#/usr/share/logstash/pipeline.so/1117_preprocess_bro_syslog.conf
+#/usr/share/logstash/pipeline.so/1118_preprocess_bro_tunnel.conf
+#/usr/share/logstash/pipeline.so/1119_preprocess_bro_weird.conf
+#/usr/share/logstash/pipeline.so/1121_preprocess_bro_mysql.conf
+#/usr/share/logstash/pipeline.so/1122_preprocess_bro_socks.conf
+#/usr/share/logstash/pipeline.so/1123_preprocess_bro_x509.conf
+#/usr/share/logstash/pipeline.so/1124_preprocess_bro_intel.conf
+#/usr/share/logstash/pipeline.so/1125_preprocess_bro_modbus.conf
+#/usr/share/logstash/pipeline.so/1126_preprocess_bro_sip.conf
+#/usr/share/logstash/pipeline.so/1127_preprocess_bro_radius.conf
+#/usr/share/logstash/pipeline.so/1128_preprocess_bro_pe.conf
+#/usr/share/logstash/pipeline.so/1129_preprocess_bro_rfb.conf
+#/usr/share/logstash/pipeline.so/1130_preprocess_bro_dnp3.conf
+#/usr/share/logstash/pipeline.so/1131_preprocess_bro_smb_files.conf
+#/usr/share/logstash/pipeline.so/1132_preprocess_bro_smb_mapping.conf
+#/usr/share/logstash/pipeline.so/1133_preprocess_bro_ntlm.conf
+#/usr/share/logstash/pipeline.so/1134_preprocess_bro_dce_rpc.conf
 /usr/share/logstash/pipeline.so/1998_test_data.conf
 /usr/share/logstash/pipeline.so/2000_network_flow.conf
-/usr/share/logstash/pipeline.so/6000_bro.conf
-/usr/share/logstash/pipeline.so/6001_bro_import.conf
+#/usr/share/logstash/pipeline.so/6000_bro.conf
+#/usr/share/logstash/pipeline.so/6001_bro_import.conf
 /usr/share/logstash/pipeline.so/6002_syslog.conf
 /usr/share/logstash/pipeline.so/6101_switch_brocade.conf
 /usr/share/logstash/pipeline.so/6200_firewall_fortinet.conf
@@ -70,7 +71,7 @@
 /usr/share/logstash/pipeline.so/6502_ossec_autoruns.conf
 /usr/share/logstash/pipeline.so/6600_winlogbeat_sysmon.conf
 /usr/share/logstash/pipeline.so/6700_winlogbeat.conf
-/usr/share/logstash/pipeline.so/8000_postprocess_bro_cleanup.conf
+#/usr/share/logstash/pipeline.so/8000_postprocess_bro_cleanup.conf
 /usr/share/logstash/pipeline.so/8001_postprocess_common_ip_augmentation.conf
 #/usr/share/logstash/pipeline.so/8006_postprocess_dns.conf
 #/usr/share/logstash/pipeline.so/8007_postprocess_dns_top1m_tagging.conf