mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Merge pull request #11212 from Security-Onion-Solutions/fix/elastic_heavynode_syslog
Add syslog to heavynode
This commit is contained in:
weslambert
GitHub
@@ -178,6 +178,9 @@ docker:
|
|||||||
extra_env: []
|
extra_env: []
|
||||||
'so-elastic-agent':
|
'so-elastic-agent':
|
||||||
final_octet: 46
|
final_octet: 46
|
||||||
|
port_bindings:
|
||||||
|
- 0.0.0.0:514:514/tcp
|
||||||
|
- 0.0.0.0:514:514/udp
|
||||||
custom_bind_mounts: []
|
custom_bind_mounts: []
|
||||||
extra_hosts: []
|
extra_hosts: []
|
||||||
extra_env: []
|
extra_env: []
|
||||||
|
|||||||
@@ -31,6 +31,10 @@ so-elastic-agent:
|
|||||||
- {{ XTRAHOST }}
|
- {{ XTRAHOST }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
- port_bindings:
|
||||||
|
{% for BINDING in DOCKER.containers['so-elastic-agent'].port_bindings %}
|
||||||
|
- {{ BINDING }}
|
||||||
|
{% endfor %}
|
||||||
- binds:
|
- binds:
|
||||||
- /opt/so/conf/elastic-agent/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml:ro
|
- /opt/so/conf/elastic-agent/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml:ro
|
||||||
- /opt/so/log/elasticagent:/usr/share/elastic-agent/logs
|
- /opt/so/log/elasticagent:/usr/share/elastic-agent/logs
|
||||||
|
|||||||
@@ -430,3 +430,54 @@ inputs:
|
|||||||
exclude_files:
|
exclude_files:
|
||||||
- >-
|
- >-
|
||||||
broker|capture_loss|cluster|ecat_arp_info|known_hosts|known_services|loaded_scripts|ntp|ocsp|packet_filter|reporter|stats|stderr|stdout.log$
|
broker|capture_loss|cluster|ecat_arp_info|known_hosts|known_services|loaded_scripts|ntp|ocsp|packet_filter|reporter|stats|stderr|stdout.log$
|
||||||
|
- id: udp-udp-35051de0-46a5-11ee-8d5d-9f98c8182f60
|
||||||
|
name: syslog-udp-514
|
||||||
|
revision: 3
|
||||||
|
type: udp
|
||||||
|
use_output: default
|
||||||
|
meta:
|
||||||
|
package:
|
||||||
|
name: udp
|
||||||
|
version: 1.10.0
|
||||||
|
data_stream:
|
||||||
|
namespace: so
|
||||||
|
package_policy_id: 35051de0-46a5-11ee-8d5d-9f98c8182f60
|
||||||
|
streams:
|
||||||
|
- id: udp-udp.generic-35051de0-46a5-11ee-8d5d-9f98c8182f60
|
||||||
|
data_stream:
|
||||||
|
dataset: syslog
|
||||||
|
pipeline: syslog
|
||||||
|
host: '0.0.0.0:514'
|
||||||
|
max_message_size: 10KiB
|
||||||
|
processors:
|
||||||
|
- add_fields:
|
||||||
|
fields:
|
||||||
|
module: syslog
|
||||||
|
target: event
|
||||||
|
tags:
|
||||||
|
- syslog
|
||||||
|
- id: tcp-tcp-33d37bb0-46a5-11ee-8d5d-9f98c8182f60
|
||||||
|
name: syslog-tcp-514
|
||||||
|
revision: 3
|
||||||
|
type: tcp
|
||||||
|
use_output: default
|
||||||
|
meta:
|
||||||
|
package:
|
||||||
|
name: tcp
|
||||||
|
version: 1.10.0
|
||||||
|
data_stream:
|
||||||
|
namespace: so
|
||||||
|
package_policy_id: 33d37bb0-46a5-11ee-8d5d-9f98c8182f60
|
||||||
|
streams:
|
||||||
|
- id: tcp-tcp.generic-33d37bb0-46a5-11ee-8d5d-9f98c8182f60
|
||||||
|
data_stream:
|
||||||
|
dataset: syslog
|
||||||
|
pipeline: syslog
|
||||||
|
host: '0.0.0.0:514'
|
||||||
|
processors:
|
||||||
|
- add_fields:
|
||||||
|
fields:
|
||||||
|
module: syslog
|
||||||
|
target: event
|
||||||
|
tags:
|
||||||
|
- syslog
|
||||||
|
|||||||
@@ -1141,6 +1141,12 @@ firewall:
|
|||||||
localhost:
|
localhost:
|
||||||
portgroups:
|
portgroups:
|
||||||
- all
|
- all
|
||||||
|
self:
|
||||||
|
portgroups:
|
||||||
|
- syslog
|
||||||
|
syslog:
|
||||||
|
portgroups:
|
||||||
|
- syslog
|
||||||
customhostgroup0:
|
customhostgroup0:
|
||||||
portgroups: []
|
portgroups: []
|
||||||
customhostgroup1:
|
customhostgroup1:
|
||||||
|
|||||||
Reference in New Issue
Block a user