CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 18:52:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12037 from Security-Onion-Solutions/fix/receiver

Browse Source 
Fix receivers
https://github.com/Security-Onion-Solutions/securityonion/issues/12038
This commit is contained in:
Josh Patterson
2023-12-18 13:56:33 -05:00
committed by GitHub
parent 88684a6c19 f032ff40a2
commit 866c9988a0
2 changed files with 7 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
salt/logstash/enabled.sls
View File

@@ -8,12 +8,7 @@
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
{% from 'docker/docker.map.jinja' import DOCKER %} {% from 'docker/docker.map.jinja' import DOCKER %}
{% from 'logstash/map.jinja' import LOGSTASH_MERGED %} {% from 'logstash/map.jinja' import LOGSTASH_MERGED %}
{% from 'logstash/map.jinja' import REDIS_NODES %} {% from 'logstash/map.jinja' import LOGSTASH_NODES %}
{# we append the manager here so that it is added to extra_hosts so the heavynode can resolve it #}
{# we cannont append in the logstash/map.jinja because then it would be added to the 0900_input_redis.conf #}
{% if GLOBALS.role == 'so-heavynode' %}
{% do REDIS_NODES.append({GLOBALS.manager:GLOBALS.manager_ip}) %}
{% endif %}
{% set lsheap = LOGSTASH_MERGED.settings.lsheap %} {% set lsheap = LOGSTASH_MERGED.settings.lsheap %}
include: include:
@@ -34,7 +29,7 @@ so-logstash:
- ipv4_address: {{ DOCKER.containers['so-logstash'].ip }} - ipv4_address: {{ DOCKER.containers['so-logstash'].ip }}
- user: logstash - user: logstash
- extra_hosts: - extra_hosts:
{% for node in REDIS_NODES %} {% for node in LOGSTASH_NODES %}
{% for hostname, ip in node.items() %} {% for hostname, ip in node.items() %}
- {{hostname}}:{{ip}} - {{hostname}}:{{ip}}
{% endfor %} {% endfor %}
@@ -47,9 +42,9 @@ so-logstash:
- environment: - environment:
- LS_JAVA_OPTS=-Xms{{ lsheap }} -Xmx{{ lsheap }} - LS_JAVA_OPTS=-Xms{{ lsheap }} -Xmx{{ lsheap }}
{% if DOCKER.containers['so-logstash'].extra_env %} {% if DOCKER.containers['so-logstash'].extra_env %}
{% for XTRAENV in DOCKER.containers['so-logstash'].extra_env %} {% for XTRAENV in DOCKER.containers['so-logstash'].extra_env %}
- {{ XTRAENV }} - {{ XTRAENV }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
- port_bindings: - port_bindings:
{% for BINDING in DOCKER.containers['so-logstash'].port_bindings %} {% for BINDING in DOCKER.containers['so-logstash'].port_bindings %}

6
salt/logstash/pipelines/config/so/9805_output_elastic_agent.conf.jinja
View File

@@ -3,7 +3,7 @@ output {
if [metadata][pipeline] { if [metadata][pipeline] {
if [metadata][_id] { if [metadata][_id] {
elasticsearch { elasticsearch {
hosts => "{{ GLOBALS.manager }}" hosts => "{{ GLOBALS.hostname }}"
ecs_compatibility => v8 ecs_compatibility => v8
data_stream => true data_stream => true
user => "{{ ES_USER }}" user => "{{ ES_USER }}"
@@ -17,7 +17,7 @@ output {
} }
else { else {
elasticsearch { elasticsearch {
hosts => "{{ GLOBALS.manager }}" hosts => "{{ GLOBALS.hostname }}"
ecs_compatibility => v8 ecs_compatibility => v8
data_stream => true data_stream => true
user => "{{ ES_USER }}" user => "{{ ES_USER }}"
@@ -30,7 +30,7 @@ output {
} }
else { else {
elasticsearch { elasticsearch {
hosts => "{{ GLOBALS.manager }}" hosts => "{{ GLOBALS.hostname }}"
ecs_compatibility => v8 ecs_compatibility => v8
data_stream => true data_stream => true
user => "{{ ES_USER }}" user => "{{ ES_USER }}"