CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix pfsense firewall udp parsing

Browse Source
This commit is contained in:
Doug Burks
2020-10-10 07:38:47 -04:00
committed by GitHub
parent 8cfabf101c
commit 8d1ba1f4db
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/elasticsearch/files/ingest/filterlog
View File

@@ -34,7 +34,7 @@
}, },
{ {
"dissect": { "dissect": {
"if": "ctx.protocol == 'udp'", "if": "ctx.network?.transport == 'udp'",
"field": "ip_sub_msg", "field": "ip_sub_msg",
"pattern" : "%{source.port},%{destination.port},%{data.length}", "pattern" : "%{source.port},%{destination.port},%{data.length}",
"on_failure" : [ {"set" : {"field" : "error.message","value" : "{{ _ingest.on_failure_message }}"}}] "on_failure" : [ {"set" : {"field" : "error.message","value" : "{{ _ingest.on_failure_message }}"}}]