CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-19 15:33:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Filebeat Module - Fix bro logs to make them work

Browse Source
This commit is contained in:
Mike Reeves
2018-10-25 22:43:19 -04:00
parent 84703eaa4d
commit 90d55104c6
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/filebeat/etc/filebeat.yml
View File

@@ -14,7 +14,7 @@ filebeat.prospectors:
{%- for LOGNAME in salt['pillar.get']('brologs:enabled', '') %} {%- for LOGNAME in salt['pillar.get']('brologs:enabled', '') %}
- type: log - type: log
paths: paths:
- /nsm/bro/spool/{{ LOGNAME }}.log - /nsm/bro/logs/current/{{ LOGNAME }}.log
fields: fields:
type: bro_{{ LOGNAME }} type: bro_{{ LOGNAME }}
fields_under_root: true fields_under_root: true

2
salt/filebeat/init.sls
View File

@@ -59,7 +59,7 @@ so-filebeat:
- binds: - binds:
- /opt/so/log/filebeat:/var/log/filebeat:rw - /opt/so/log/filebeat:/var/log/filebeat:rw
- /opt/so/conf/filebeat/etc/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro - /opt/so/conf/filebeat/etc/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
- /nsm/bro/spool/manager:/nsm/bro/spool:ro - /nsm/bro:/nsm/bro:ro
- /opt/so/log/suricata:/suricata:ro - /opt/so/log/suricata:/suricata:ro
- /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro - /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro
- /opt/so/conf/filebeat/etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro - /opt/so/conf/filebeat/etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro