CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix filebeat modules

Browse Source
This commit is contained in:
Mike Reeves
2021-06-24 15:53:14 -04:00
parent 143f2eb1a8
commit ea50023ca5
2 changed files with 2 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
salt/filebeat/init.sls
View File

@@ -129,7 +129,8 @@ so-filebeat:
{% for module in THIRDPARTY.modules.keys() %} {% for module in THIRDPARTY.modules.keys() %}
{% for submodule in THIRDPARTY.modules[module] %} {% for submodule in THIRDPARTY.modules[module] %}
{% if THIRDPARTY.modules[module][submodule].enabled and THIRDPARTY.modules[module][submodule]["var.syslog_port"] is defined %} {% if THIRDPARTY.modules[module][submodule].enabled and THIRDPARTY.modules[module][submodule]["var.syslog_port"] is defined %}
- {{ THIRDPARTY.modules[module][submodule].get("var.syslog_host", "0.0.0.0") }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}/{{ THIRDPARTY.modules[module][submodule]["var.input"] }} - {{ THIRDPARTY.modules[module][submodule].get("var.syslog_host", "0.0.0.0") }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}/tcp
- {{ THIRDPARTY.modules[module][submodule].get("var.syslog_host", "0.0.0.0") }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}:{{ THIRDPARTY.modules[module][submodule]["var.syslog_port"] }}/udp
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}

7
salt/filebeat/thirdpartydefaults.yaml
View File

@@ -42,39 +42,32 @@ third_party_filebeat:
cef: cef:
log: log:
enabled: false enabled: false
var.input: udp
var.syslog_host: 0.0.0.0 var.syslog_host: 0.0.0.0
var.syslog_port: 9003 var.syslog_port: 9003
checkpoint: checkpoint:
firewall: firewall:
enabled: false enabled: false
var.input: udp
var.syslog_host: 0.0.0.0 var.syslog_host: 0.0.0.0
var.syslog_port: 9505 var.syslog_port: 9505
cisco: cisco:
asa: asa:
enabled: false enabled: false
var.input: udp
var.syslog_host: 0.0.0.0 var.syslog_host: 0.0.0.0
var.syslog_port: 9001 var.syslog_port: 9001
ftd: ftd:
enabled: false enabled: false
var.input: udp
var.syslog_host: 0.0.0.0 var.syslog_host: 0.0.0.0
var.syslog_port: 9003 var.syslog_port: 9003
ios: ios:
enabled: false enabled: false
var.input: udp
var.syslog_host: 0.0.0.0 var.syslog_host: 0.0.0.0
var.syslog_port: 9002 var.syslog_port: 9002
nexus: nexus:
enabled: false enabled: false
var.input: udp
var.syslog_host: 0.0.0.0 var.syslog_host: 0.0.0.0
var.syslog_port: 9506 var.syslog_port: 9506
meraki: meraki:
enabled: false enabled: false
var.input: udp
var.syslog_host: 0.0.0.0 var.syslog_host: 0.0.0.0
var.syslog_port: 9525 var.syslog_port: 9525
umbrella: umbrella: