CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-02-25 00:15:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Append '-securityonion' to all Security Onion related Kafka topics. Adjust logstash to ingest all topics ending in '-securityonion' to avoid having to manually list topic names

Browse Source 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
This commit is contained in:
reyesj2
2024-06-12 12:05:16 -04:00
parent 83412b813f
commit e8106befe9
2 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
salt/logstash/pipelines/config/so/0800_input_kafka.conf.jinja
View File

@@ -1,17 +1,17 @@
{% set kafka_brokers = salt['pillar.get']('kafka:nodes', {}) %}
{% set brokers = [] %}
{%- set kafka_brokers = salt['pillar.get']('kafka:nodes', {}) %}
{%- set brokers = [] %}
{% for key, values in kafka_brokers.items() %}
{% if 'broker' in values['role'] %}
{% do brokers.append(key ~ ':9092') %}
{% endif %}
{% endfor %}
{% set bootstrap_servers = ','.join(brokers) %}
{%- for key, values in kafka_brokers.items() %}
{%- if 'broker' in values['role'] %}
{%- do brokers.append(key ~ ':9092') %}
{%- endif %}
{%- endfor %}
{%- set bootstrap_servers = ','.join(brokers) %}
input {
kafka {
codec => json
topics => ['default-topic', 'kratos-topic', 'soc-topic', 'strelka-topic', 'suricata-topic', 'zeek-topic', 'rita-topic', 'opencanary-topic', 'syslog-topic']
topics_pattern => '.*-securityonion$'
group_id => 'searchnodes'
consumer_threads => 3
client_id => '{{ GLOBALS.hostname }}'