From c32b2726fa23586cac880650defd35094d134bed Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 30 Jan 2020 16:10:59 -0500
Subject: [PATCH] Fix Eval Event Pickup

---
 salt/logstash/files/dynamic/0008_input_eval.conf | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/salt/logstash/files/dynamic/0008_input_eval.conf b/salt/logstash/files/dynamic/0008_input_eval.conf
index b2850a984..b02f9d516 100644
--- a/salt/logstash/files/dynamic/0008_input_eval.conf
+++ b/salt/logstash/files/dynamic/0008_input_eval.conf
@@ -177,6 +177,22 @@ input {
 		type => "bro_x509"
 	    	tags => ["bro"]
 	}
+  file {
+    path => "/wazuh/alerts/alerts.json"
+    type => "ossec"
+  }
+  file {
+    path => "/wazuh/archives/archive.json"
+    type => "ossec_archive"
+  }
+  file {
+    path => "/osquery/logs/result.log"
+    type => "osquery"
+  }
+  file {
+    path => "/strelka/strelka.log"
+    type => "strelka"
+  }
 }
 filter {
   if "import" in [tags] {