From b88a9b57692e3209f632323f6e121ac2e233a751 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Tue, 13 Nov 2018 14:41:07 -0500
Subject: [PATCH] Logstash Module - Wes Mods

---
 salt/logstash/conf/conf.enabled.txt.parser       |  2 +-
 .../Drop.Your.Custom.Parsers.Here.conf           |  0
 .../Drop.Your.Custom.Templates.Here.conf         |  2 ++
 salt/logstash/init.sls                           | 16 ++++++++++++++++
 4 files changed, 19 insertions(+), 1 deletion(-)
 rename salt/logstash/files/custom/{ => parsers}/Drop.Your.Custom.Parsers.Here.conf (100%)
 create mode 100644 salt/logstash/files/custom/templates/Drop.Your.Custom.Templates.Here.conf

diff --git a/salt/logstash/conf/conf.enabled.txt.parser b/salt/logstash/conf/conf.enabled.txt.parser
index d71f4d651..a34b39c5f 100644
--- a/salt/logstash/conf/conf.enabled.txt.parser
+++ b/salt/logstash/conf/conf.enabled.txt.parser
@@ -81,4 +81,4 @@
 /usr/share/logstash/pipeline.so/8505_postprocess_freq_analysis_bro_x509.conf
 /usr/share/logstash/pipeline.so/8998_postprocess_log_elapsed.conf
 /usr/share/logstash/pipeline.so/8999_postprocess_rename_type.conf
-/usr/share/logstash/pipeline.dynamic/9999_output_redis.conf
\ No newline at end of file
+/usr/share/logstash/pipeline.dynamic/9999_output_redis.conf
diff --git a/salt/logstash/files/custom/Drop.Your.Custom.Parsers.Here.conf b/salt/logstash/files/custom/parsers/Drop.Your.Custom.Parsers.Here.conf
similarity index 100%
rename from salt/logstash/files/custom/Drop.Your.Custom.Parsers.Here.conf
rename to salt/logstash/files/custom/parsers/Drop.Your.Custom.Parsers.Here.conf
diff --git a/salt/logstash/files/custom/templates/Drop.Your.Custom.Templates.Here.conf b/salt/logstash/files/custom/templates/Drop.Your.Custom.Templates.Here.conf
new file mode 100644
index 000000000..9ee9e27b5
--- /dev/null
+++ b/salt/logstash/files/custom/templates/Drop.Your.Custom.Templates.Here.conf
@@ -0,0 +1,2 @@
+# Reference /usr/share/logstash/pipeline.custom/templates/YOURTEMPLATE.json
+#
diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls
index 5b78fec4f..ee8aa8c62 100644
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -63,6 +63,20 @@ lscustdir:
     - group: 939
     - makedirs: True
 
+lscustparserdir:
+  file.directory:
+    - name: /opt/so/conf/logstash/custom/parsers
+    - user: 931
+    - group: 939
+    - makedirs: True
+
+lscusttemplatedir:
+  file.directory:
+    - name: /opt/so/conf/logstash/custom/templates
+    - user: 931
+    - group: 939
+    - makedirs: True
+
 # Copy down all the configs including custom - TODO add watch restart
 lssync:
   file.recurse:
@@ -145,3 +159,5 @@ so-logstash:
       - /nsm/bro:/nsm/bro:ro
       - /opt/so/log/suricata:/suricata:ro
       {%- endif %}
+      - watch:
+        - file: /opt/so/conf/logstash