Merge pull request #4620 from Security-Onion-Solutions/modulefix

Fix filebeat modules
2025-12-07 17:52:46 +01:00 · 2021-06-24 15:59:16 -04:00
parent 143f2eb1a8 ea50023ca5
commit 8eb163532d
2 changed files with 2 additions and 8 deletions
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -129,7 +129,8 @@ so-filebeat:
 {% for module in THIRDPARTY.modules.keys() %}
  {% for submodule in THIRDPARTY.modules[module] %}
    {% if THIRDPARTY.modules[module][submodule].enabled and THIRDPARTY.modules[module][submodule]["var.syslog_port"] is defined %}
-        - {{ THIRDPARTY.modules[module][submodule].get("var.syslog_host", "0.0.0.0") }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}/{{ THIRDPARTY.modules[module][submodule]["var.input"] }}
+        - {{ THIRDPARTY.modules[module][submodule].get("var.syslog_host", "0.0.0.0") }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}/tcp
+        - {{ THIRDPARTY.modules[module][submodule].get("var.syslog_host", "0.0.0.0") }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}/udp
    {% endif %}
  {% endfor %}
 {% endfor %}
--- a/salt/filebeat/thirdpartydefaults.yaml
+++ b/salt/filebeat/thirdpartydefaults.yaml
@@ -42,39 +42,32 @@ third_party_filebeat:
    cef:
      log:
        enabled: false
-        var.input: udp
        var.syslog_host: 0.0.0.0
        var.syslog_port: 9003
    checkpoint:
      firewall:
        enabled: false
-        var.input: udp
        var.syslog_host: 0.0.0.0
        var.syslog_port: 9505
    cisco:
      asa:
        enabled: false
-        var.input: udp
        var.syslog_host: 0.0.0.0
        var.syslog_port: 9001
      ftd:
        enabled: false
-        var.input: udp
        var.syslog_host: 0.0.0.0
        var.syslog_port: 9003
      ios:
        enabled: false
-        var.input: udp
        var.syslog_host: 0.0.0.0
        var.syslog_port: 9002
      nexus:
        enabled: false
-        var.input: udp
        var.syslog_host: 0.0.0.0
        var.syslog_port: 9506
      meraki:
        enabled: false
-        var.input: udp
        var.syslog_host: 0.0.0.0
        var.syslog_port: 9525
      umbrella: