diff --git a/salt/kibana/etc/config.json b/salt/kibana/etc/config.json index 89cb1dcf5..c6e127437 100644 --- a/salt/kibana/etc/config.json +++ b/salt/kibana/etc/config.json @@ -1,8 +1,9 @@ { "attributes": { - "defaultIndex": "*:logstash-*", - "discover:sampleSize":"10", + "defaultIndex": "*:so-*", + "discover:sampleSize":"100", "dashboard:defaultDarkTheme":true, + "theme:darkMode":true, "timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\",\n \"mode\": \"quick\"\n}" } } diff --git a/salt/kibana/etc/kibana.yml b/salt/kibana/etc/kibana.yml index cdf102d12..b6b87dc2d 100644 --- a/salt/kibana/etc/kibana.yml +++ b/salt/kibana/etc/kibana.yml @@ -4,7 +4,7 @@ server.name: kibana server.host: "0" server.basePath: /kibana -elasticsearch.url: http://{{ ES }}:9200 +elasticsearch.hosts: [ "http://{{ ES }}:9200" ] #kibana.index: ".kibana" #elasticsearch.username: elastic #elasticsearch.password: changeme diff --git a/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja b/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja index 28391b29a..b32cb44df 100644 --- a/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja +++ b/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja @@ -21,9 +21,9 @@ output { elasticsearch { pipeline => "%{event_type}" hosts => "{{ ES }}" - index => "so-ossec-%{+YYYY.MM.dd}" - template_name => "so-ossec" - template => "/so-ossec-template.json" + index => "so-common-%{+YYYY.MM.dd}" + template_name => "so-common" + template => "/so-common-template.json" template_overwrite => true } } diff --git a/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja b/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja index 48ed75f72..6c498c2bb 100644 --- a/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja +++ b/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja @@ -20,9 +20,9 @@ output { if [event_type] =~ "strelka" { elasticsearch { hosts => "{{ ES }}" - index => "so-strelka-%{+YYYY.MM.dd}" - template_name => "so-strelka" - template => "/so-strelka-template.json" + index => "so-common-%{+YYYY.MM.dd}" + template_name => "so-common" + template => "/so-common-template.json" template_overwrite => true } } diff --git a/salt/logstash/pipelines/templates/so/so-common-template.json b/salt/logstash/pipelines/templates/so/so-common-template.json index 06ac47f66..90241924f 100644 --- a/salt/logstash/pipelines/templates/so/so-common-template.json +++ b/salt/logstash/pipelines/templates/so/so-common-template.json @@ -1,5 +1,5 @@ { - "index_patterns": ["so-ids-*", "so-firewall-*", "so-syslog-*", "so-zeek-*", "so-import-*", "so-ossec-*", "so-strelka", "so-beats-*"], + "index_patterns": ["so-ids-*", "so-firewall-*", "so-syslog-*", "so-zeek-*", "so-import-*", "so-ossec-*", "so-strelka-*", "so-beats-*"], "version":50001, "order" : 10, "settings":{ diff --git a/setup/so-functions b/setup/so-functions index 7a516f95f..bebac46c6 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -460,7 +460,7 @@ docker_registry() { } docker_seed_registry() { - VERSION="HH1.1.4" + VERSION="HH1.2.1" if [ $INSTALLTYPE != 'HELIXSENSOR' ]; then TRUSTED_CONTAINERS=( \ "so-acng:$VERSION" \ @@ -743,7 +743,7 @@ master_static() { touch /opt/so/saltstack/pillar/static.sls echo "static:" > /opt/so/saltstack/pillar/static.sls - echo " soversion: HH1.1.4" >> /opt/so/saltstack/pillar/static.sls + echo " soversion: HH1.2.1" >> /opt/so/saltstack/pillar/static.sls echo " hnmaster: $HNMASTER" >> /opt/so/saltstack/pillar/static.sls echo " ntpserver: $NTPSERVER" >> /opt/so/saltstack/pillar/static.sls echo " proxy: $PROXY" >> /opt/so/saltstack/pillar/static.sls