From 4a4c3783275074d4bde80bfa6f131073edf3674f Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Mon, 9 Mar 2020 09:18:14 -0400
Subject: [PATCH 1/2] Add bro template

---
 pillar/logstash/eval.sls | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pillar/logstash/eval.sls b/pillar/logstash/eval.sls
index 7f817ed39..f6cf222b3 100644
--- a/pillar/logstash/eval.sls
+++ b/pillar/logstash/eval.sls
@@ -25,3 +25,4 @@ logstash:
     - so/logstash-ossec-template.json
     - so/logstash-strelka-template.json
     - so/logstash-template.json
+    - so/logstash-bro-template.json

From 14dfec5365a9e6aacc82f7848f69504e2837cfc3 Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Mon, 9 Mar 2020 09:18:57 -0400
Subject: [PATCH 2/2] Change to bro template

---
 salt/logstash/pipelines/config/so/9000_output_bro.conf.jinja | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/logstash/pipelines/config/so/9000_output_bro.conf.jinja b/salt/logstash/pipelines/config/so/9000_output_bro.conf.jinja
index 553500281..acc31ae00 100644
--- a/salt/logstash/pipelines/config/so/9000_output_bro.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9000_output_bro.conf.jinja
@@ -23,8 +23,8 @@ output {
       pipeline => "%{event_type}"
       hosts => "{{ ES }}"
       index => "logstash-bro-%{+YYYY.MM.dd}"
-      template_name => "logstash"
-      template => "/logstash-template.json"
+      template_name => "logstash-bro"
+      template => "/logstash-bro-template.json"
       template_overwrite => true
     }
   }