mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Merge pull request #1554 from Security-Onion-Solutions/issue/1551
Issue/1551
This commit is contained in:
Josh Patterson
GitHub
@@ -74,7 +74,6 @@ filebeat.modules:
|
|||||||
# List of prospectors to fetch data.
|
# List of prospectors to fetch data.
|
||||||
filebeat.inputs:
|
filebeat.inputs:
|
||||||
#------------------------------ Log prospector --------------------------------
|
#------------------------------ Log prospector --------------------------------
|
||||||
{%- if grains['role'] in ['so-sensor', "so-eval", "so-helix", "so-heavynode", "so-standalone", "so-import"] %}
|
|
||||||
- type: udp
|
- type: udp
|
||||||
enabled: true
|
enabled: true
|
||||||
host: "0.0.0.0:514"
|
host: "0.0.0.0:514"
|
||||||
@@ -100,6 +99,8 @@ filebeat.inputs:
|
|||||||
- drop_fields:
|
- drop_fields:
|
||||||
fields: ["source", "prospector", "input", "offset", "beat"]
|
fields: ["source", "prospector", "input", "offset", "beat"]
|
||||||
fields_under_root: true
|
fields_under_root: true
|
||||||
|
|
||||||
|
{%- if grains['role'] in ['so-eval', 'so-standalone', 'so-sensor', 'so-helix', 'so-heavynode', 'so-import'] %}
|
||||||
{%- if ZEEKVER != 'SURICATA' %}
|
{%- if ZEEKVER != 'SURICATA' %}
|
||||||
{%- for LOGNAME in salt['pillar.get']('zeeklogs:enabled', '') %}
|
{%- for LOGNAME in salt['pillar.get']('zeeklogs:enabled', '') %}
|
||||||
- type: log
|
- type: log
|
||||||
|
|||||||
@@ -82,6 +82,7 @@ so-filebeat:
|
|||||||
- /etc/ssl/certs/intca.crt:/usr/share/filebeat/intraca.crt:ro
|
- /etc/ssl/certs/intca.crt:/usr/share/filebeat/intraca.crt:ro
|
||||||
- port_bindings:
|
- port_bindings:
|
||||||
- 0.0.0.0:514:514/udp
|
- 0.0.0.0:514:514/udp
|
||||||
|
- 0.0.0.0:514:514/tcp
|
||||||
- watch:
|
- watch:
|
||||||
- file: /opt/so/conf/filebeat/etc/filebeat.yml
|
- file: /opt/so/conf/filebeat/etc/filebeat.yml
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user