CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Logstash Module - Add redis output

Browse Source
This commit is contained in:
Mike Reeves
2018-04-19 13:30:31 -04:00
parent 656423cee9
commit a57f44a022
4 changed files with 29 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/logstash/files/conf.enabled.txt → salt/logstash/files/conf.enabled.txt.eval
View File

@@ -5,7 +5,7 @@
# #
# To enable a custom configuration see the following example and uncomment: # To enable a custom configuration see the following example and uncomment:
# /usr/share/logstash/pipeline.custom/1234_input_custom.conf # /usr/share/logstash/pipeline.custom/1234_input_custom.conf
# ##
# All of the defaults are loaded. # All of the defaults are loaded.
/usr/share/logstash/pipeline.so/0000_input_syslogng.conf /usr/share/logstash/pipeline.so/0000_input_syslogng.conf
/usr/share/logstash/pipeline.so/0001_input_json.conf /usr/share/logstash/pipeline.so/0001_input_json.conf

17
salt/logstash/files/conf.enabled.txt.master Normal file
View File

@@ -0,0 +1,17 @@
# This is where can specify which LogStash configs get loaded.
#
# The custom folder on the master gets automatically synced to each logstash
# node.
#
# To enable a custom configuration see the following example and uncomment:
# /usr/share/logstash/pipeline.custom/1234_input_custom.conf
##
# All of the defaults are loaded.
/usr/share/logstash/pipeline.so/0000_input_syslogng.conf
/usr/share/logstash/pipeline.so/0001_input_json.conf
/usr/share/logstash/pipeline.so/0002_input_windows_json.conf
/usr/share/logstash/pipeline.so/0003_input_syslog.conf
/usr/share/logstash/pipeline.so/0005_input_suricata.conf
/usr/share/logstash/pipeline.so/0006_input_beats.conf
/usr/share/logstash/pipeline.so/0007_input_import.conf
/usr/share/logstash/pipeline.dynamic/9999_output_redis.conf

10
salt/logstash/files/dynamic/9999_output_redis.conf Normal file
View File

@@ -0,0 +1,10 @@
output {
redis {
host => 'redis'
data_type => 'list'
key => 'logstash:redis'
congestion_interval => 1
congestion_threshold => 50000000
# batch_events => 500
}
}

1
salt/logstash/init.sls
View File

@@ -106,6 +106,7 @@ so-logstash:
- /opt/so/conf/logstash/beats-template.json:/beats-template.json:ro - /opt/so/conf/logstash/beats-template.json:/beats-template.json:ro
- /opt/so/conf/logstash/custom:/usr/share/logstash/pipeline.custom:ro - /opt/so/conf/logstash/custom:/usr/share/logstash/pipeline.custom:ro
- /opt/so/conf/logstash/rulesets:/usr/share/logstash/rulesets:ro - /opt/so/conf/logstash/rulesets:/usr/share/logstash/rulesets:ro
- /opt/so/conf/logstash/dynamic:/usr/share/logstash/pipeline.dynamic
- /opt/so/conf/logstash/conf.enabled.txt:/usr/share/logstash/conf.enabled.txt:ro - /opt/so/conf/logstash/conf.enabled.txt:/usr/share/logstash/conf.enabled.txt:ro
- /opt/so/rules:/etc/nsm/rules:ro - /opt/so/rules:/etc/nsm/rules:ro
- /nsm/import:/nsm/import:ro - /nsm/import:/nsm/import:ro