CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Logstash Module - Wes Mods

Browse Source
This commit is contained in:
Mike Reeves
2018-11-13 14:41:07 -05:00
parent 7853a6dfeb
commit b88a9b5769
4 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/logstash/conf/conf.enabled.txt.parser
View File

@@ -81,4 +81,4 @@
/usr/share/logstash/pipeline.so/8505_postprocess_freq_analysis_bro_x509.conf
/usr/share/logstash/pipeline.so/8998_postprocess_log_elapsed.conf
/usr/share/logstash/pipeline.so/8999_postprocess_rename_type.conf
/usr/share/logstash/pipeline.dynamic/9999_output_redis.conf
/usr/share/logstash/pipeline.dynamic/9999_output_redis.conf

0
salt/logstash/files/custom/Drop.Your.Custom.Parsers.Here.conf → salt/logstash/files/custom/parsers/Drop.Your.Custom.Parsers.Here.conf
View File

2
salt/logstash/files/custom/templates/Drop.Your.Custom.Templates.Here.conf Normal file
View File

@@ -0,0 +1,2 @@
# Reference /usr/share/logstash/pipeline.custom/templates/YOURTEMPLATE.json
#

16
salt/logstash/init.sls
View File

@@ -63,6 +63,20 @@ lscustdir:
- group: 939
- makedirs: True
lscustparserdir:
file.directory:
- name: /opt/so/conf/logstash/custom/parsers
- user: 931
- group: 939
- makedirs: True
lscusttemplatedir:
file.directory:
- name: /opt/so/conf/logstash/custom/templates
- user: 931
- group: 939
- makedirs: True
# Copy down all the configs including custom - TODO add watch restart
lssync:
file.recurse:
@@ -145,3 +159,5 @@ so-logstash:
- /nsm/bro:/nsm/bro:ro
- /opt/so/log/suricata:/suricata:ro
{%- endif %}
- watch:
- file: /opt/so/conf/logstash