CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-28 20:03:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Setup - Add sensor pillar to Helix

Browse Source
This commit is contained in:
Mike Reeves
2019-12-13 11:46:30 -05:00
parent b61d022254
commit e263d72813
2 changed files with 7 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/logstash/files/dynamic/9997_output_helix.conf
View File

@@ -15,10 +15,6 @@ filter {
]
}
grok {
match => [ "syslog-tags", "^.source.s_%{DATA:class}$" ]
}
geoip {
source => "[source_ip]"
target => "source_geo"
@@ -30,10 +26,10 @@ filter {
mutate {
#rename => { "%{[source_geo][country_code]}" => "srccountrycode" }
#rename => { "%{[destination_geo][country_code]}" => "dstcountrycode" }
rename => { "syslog-host_from" => "sensor" }
rename => { "[beat_host][name]" => "sensor" }
rename => { "message" => "rawmsg" }
#rename => { "event_type" => "program" }
#copy => { "program" => "class" }
copy => { "type" => "class" }
rename => { "source_port" => "srcport" }
rename => { "destination_port" => "dstport" }
remove_field => ["source_ip", "destination_ip"]

7
setup/functions.sh
View File

@@ -1101,8 +1101,11 @@ salt_install_mysql_deps() {
}
sensor_pillar() {
SENSORPILLARPATH=$TMP/pillar/sensors
if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
SENSORPILLARPATH=/opt/so/saltstack
else
SENSORPILLARPATH=$TMP/pillar/sensors
fi
if [ ! -d $SENSORPILLARPATH ]; then
mkdir -p $SENSORPILLARPATH
fi