CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11212 from Security-Onion-Solutions/fix/elastic_heavynode_syslog

Browse Source 
Add syslog to heavynode
This commit is contained in:
weslambert
2023-08-30 10:48:03 -04:00
committed by GitHub
parent 7e12167b52 60b0af5ab7
commit bee83a320b
4 changed files with 64 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
salt/docker/defaults.yaml
View File

@@ -178,6 +178,9 @@ docker:
extra_env: []
'so-elastic-agent':
final_octet: 46
port_bindings:
- 0.0.0.0:514:514/tcp
- 0.0.0.0:514:514/udp
custom_bind_mounts: []
extra_hosts: []
extra_env: []

4
salt/elasticagent/enabled.sls
View File

@@ -31,6 +31,10 @@ so-elastic-agent:
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
- port_bindings:
{% for BINDING in DOCKER.containers['so-elastic-agent'].port_bindings %}
- {{ BINDING }}
{% endfor %}
- binds:
- /opt/so/conf/elastic-agent/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml:ro
- /opt/so/log/elasticagent:/usr/share/elastic-agent/logs

51
salt/elasticagent/files/elastic-agent.yml.jinja
View File

@@ -430,3 +430,54 @@ inputs:
exclude_files:
- >-
broker|capture_loss|cluster|ecat_arp_info|known_hosts|known_services|loaded_scripts|ntp|ocsp|packet_filter|reporter|stats|stderr|stdout.log$
- id: udp-udp-35051de0-46a5-11ee-8d5d-9f98c8182f60
name: syslog-udp-514
revision: 3
type: udp
use_output: default
meta:
package:
name: udp
version: 1.10.0
data_stream:
namespace: so
package_policy_id: 35051de0-46a5-11ee-8d5d-9f98c8182f60
streams:
- id: udp-udp.generic-35051de0-46a5-11ee-8d5d-9f98c8182f60
data_stream:
dataset: syslog
pipeline: syslog
host: '0.0.0.0:514'
max_message_size: 10KiB
processors:
- add_fields:
fields:
module: syslog
target: event
tags:
- syslog
- id: tcp-tcp-33d37bb0-46a5-11ee-8d5d-9f98c8182f60
name: syslog-tcp-514
revision: 3
type: tcp
use_output: default
meta:
package:
name: tcp
version: 1.10.0
data_stream:
namespace: so
package_policy_id: 33d37bb0-46a5-11ee-8d5d-9f98c8182f60
streams:
- id: tcp-tcp.generic-33d37bb0-46a5-11ee-8d5d-9f98c8182f60
data_stream:
dataset: syslog
pipeline: syslog
host: '0.0.0.0:514'
processors:
- add_fields:
fields:
module: syslog
target: event
tags:
- syslog

6
salt/firewall/defaults.yaml
View File

@@ -1141,6 +1141,12 @@ firewall:
localhost:
portgroups:
- all
self:
portgroups:
- syslog
syslog:
portgroups:
- syslog
customhostgroup0:
portgroups: []
customhostgroup1: