Merge pull request #407 from Security-Onion-Solutions/fix/bro_template

Fix/bro template
2025-12-10 03:02:58 +01:00 · 2020-03-09 09:19:37 -04:00
parent e3916e5de2 14dfec5365
commit aff51b6bb9
2 changed files with 3 additions and 2 deletions
--- a/pillar/logstash/eval.sls
+++ b/pillar/logstash/eval.sls
@@ -25,3 +25,4 @@ logstash:
    - so/logstash-ossec-template.json
    - so/logstash-strelka-template.json
    - so/logstash-template.json
+    - so/logstash-bro-template.json
--- a/salt/logstash/pipelines/config/so/9000_output_bro.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9000_output_bro.conf.jinja
@@ -23,8 +23,8 @@ output {
      pipeline => "%{event_type}"
      hosts => "{{ ES }}"
      index => "logstash-bro-%{+YYYY.MM.dd}"
-      template_name => "logstash"
-      template => "/logstash-template.json"
+      template_name => "logstash-bro"
+      template => "/logstash-bro-template.json"
      template_overwrite => true
    }
  }