CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix pfsense firewall udp parsing

Browse Source
This commit is contained in:
Doug Burks
2020-10-10 07:38:47 -04:00
committed by GitHub
parent 8cfabf101c
commit 8d1ba1f4db
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/elasticsearch/files/ingest/filterlog
View File

@@ -34,7 +34,7 @@
},
{
"dissect": {
"if": "ctx.protocol == 'udp'",
"if": "ctx.network?.transport == 'udp'",
"field": "ip_sub_msg",
"pattern" : "%{source.port},%{destination.port},%{data.length}",
"on_failure" : [ {"set" : {"field" : "error.message","value" : "{{ _ingest.on_failure_message }}"}}]