From f27b1de04824a6282a42986b70a152d11d776fde Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Fri, 18 May 2018 11:23:41 -0400
Subject: [PATCH] Logstash Module - Add plugin config for parser node

---
 ...onf.enabled.node => conf.enabled.txt.node} |   0
 salt/logstash/conf/conf.enabled.txt.parser    | 106 ++++++++++++++++++
 salt/top.sls                                  |   2 +-
 3 files changed, 107 insertions(+), 1 deletion(-)
 rename salt/logstash/conf/{conf.enabled.node => conf.enabled.txt.node} (100%)
 create mode 100644 salt/logstash/conf/conf.enabled.txt.parser

diff --git a/salt/logstash/conf/conf.enabled.node b/salt/logstash/conf/conf.enabled.txt.node
similarity index 100%
rename from salt/logstash/conf/conf.enabled.node
rename to salt/logstash/conf/conf.enabled.txt.node
diff --git a/salt/logstash/conf/conf.enabled.txt.parser b/salt/logstash/conf/conf.enabled.txt.parser
new file mode 100644
index 000000000..dee55a935
--- /dev/null
+++ b/salt/logstash/conf/conf.enabled.txt.parser
@@ -0,0 +1,106 @@
+# This is where can specify which LogStash configs get loaded.
+#
+# The custom folder on the master gets automatically synced to each logstash
+# node.
+#
+# To enable a custom configuration see the following example and uncomment:
+# /usr/share/logstash/pipeline.custom/1234_input_custom.conf
+##
+# All of the defaults are loaded.
+/usr/share/logstash/pipeline.so/0000_input_syslogng.conf
+/usr/share/logstash/pipeline.so/0001_input_json.conf
+/usr/share/logstash/pipeline.so/0002_input_windows_json.conf
+/usr/share/logstash/pipeline.so/0003_input_syslog.conf
+/usr/share/logstash/pipeline.so/0005_input_suricata.conf
+/usr/share/logstash/pipeline.so/0006_input_beats.conf
+/usr/share/logstash/pipeline.so/0007_input_import.conf
+/usr/share/logstash/pipeline.so/1000_preprocess_log_elapsed.conf
+/usr/share/logstash/pipeline.so/1001_preprocess_syslogng.conf
+/usr/share/logstash/pipeline.so/1002_preprocess_json.conf
+/usr/share/logstash/pipeline.so/1003_preprocess_bro.conf
+/usr/share/logstash/pipeline.so/1004_preprocess_syslog_types.conf
+/usr/share/logstash/pipeline.so/1026_preprocess_dhcp.conf
+/usr/share/logstash/pipeline.so/1029_preprocess_esxi.conf
+/usr/share/logstash/pipeline.so/1030_preprocess_greensql.conf
+/usr/share/logstash/pipeline.so/1031_preprocess_iis.conf
+/usr/share/logstash/pipeline.so/1032_preprocess_mcafee.conf
+/usr/share/logstash/pipeline.so/1033_preprocess_snort.conf
+/usr/share/logstash/pipeline.so/1034_preprocess_syslog.conf
+/usr/share/logstash/pipeline.so/1100_preprocess_bro_conn.conf
+/usr/share/logstash/pipeline.so/1101_preprocess_bro_dhcp.conf
+/usr/share/logstash/pipeline.so/1102_preprocess_bro_dns.conf
+/usr/share/logstash/pipeline.so/1103_preprocess_bro_dpd.conf
+/usr/share/logstash/pipeline.so/1104_preprocess_bro_files.conf
+/usr/share/logstash/pipeline.so/1105_preprocess_bro_ftp.conf
+/usr/share/logstash/pipeline.so/1106_preprocess_bro_http.conf
+/usr/share/logstash/pipeline.so/1107_preprocess_bro_irc.conf
+/usr/share/logstash/pipeline.so/1108_preprocess_bro_kerberos.conf
+/usr/share/logstash/pipeline.so/1109_preprocess_bro_notice.conf
+/usr/share/logstash/pipeline.so/1110_preprocess_bro_rdp.conf
+/usr/share/logstash/pipeline.so/1111_preprocess_bro_signatures.conf
+/usr/share/logstash/pipeline.so/1112_preprocess_bro_smtp.conf
+/usr/share/logstash/pipeline.so/1113_preprocess_bro_snmp.conf
+/usr/share/logstash/pipeline.so/1114_preprocess_bro_software.conf
+/usr/share/logstash/pipeline.so/1115_preprocess_bro_ssh.conf
+/usr/share/logstash/pipeline.so/1116_preprocess_bro_ssl.conf
+/usr/share/logstash/pipeline.so/1117_preprocess_bro_syslog.conf
+/usr/share/logstash/pipeline.so/1118_preprocess_bro_tunnel.conf
+/usr/share/logstash/pipeline.so/1119_preprocess_bro_weird.conf
+/usr/share/logstash/pipeline.so/1121_preprocess_bro_mysql.conf
+/usr/share/logstash/pipeline.so/1122_preprocess_bro_socks.conf
+/usr/share/logstash/pipeline.so/1123_preprocess_bro_x509.conf
+/usr/share/logstash/pipeline.so/1124_preprocess_bro_intel.conf
+/usr/share/logstash/pipeline.so/1125_preprocess_bro_modbus.conf
+/usr/share/logstash/pipeline.so/1126_preprocess_bro_sip.conf
+/usr/share/logstash/pipeline.so/1127_preprocess_bro_radius.conf
+/usr/share/logstash/pipeline.so/1128_preprocess_bro_pe.conf
+/usr/share/logstash/pipeline.so/1129_preprocess_bro_rfb.conf
+/usr/share/logstash/pipeline.so/1130_preprocess_bro_dnp3.conf
+/usr/share/logstash/pipeline.so/1131_preprocess_bro_smb_files.conf
+/usr/share/logstash/pipeline.so/1132_preprocess_bro_smb_mapping.conf
+/usr/share/logstash/pipeline.so/1133_preprocess_bro_ntlm.conf
+/usr/share/logstash/pipeline.so/1134_preprocess_bro_dce_rpc.conf
+/usr/share/logstash/pipeline.so/1998_test_data.conf
+/usr/share/logstash/pipeline.so/2000_network_flow.conf
+/usr/share/logstash/pipeline.so/6000_bro.conf
+/usr/share/logstash/pipeline.so/6001_bro_import.conf
+/usr/share/logstash/pipeline.so/6002_syslog.conf
+/usr/share/logstash/pipeline.so/6101_switch_brocade.conf
+/usr/share/logstash/pipeline.so/6200_firewall_fortinet.conf
+/usr/share/logstash/pipeline.so/6201_firewall_pfsense.conf
+/usr/share/logstash/pipeline.so/6300_windows.conf
+/usr/share/logstash/pipeline.so/6301_dns_windows.conf
+/usr/share/logstash/pipeline.so/6400_suricata.conf
+/usr/share/logstash/pipeline.so/6500_ossec.conf
+/usr/share/logstash/pipeline.so/6501_ossec_sysmon.conf
+/usr/share/logstash/pipeline.so/6502_ossec_autoruns.conf
+/usr/share/logstash/pipeline.so/8000_postprocess_bro_cleanup.conf
+/usr/share/logstash/pipeline.so/8001_postprocess_common_ip_augmentation.conf
+/usr/share/logstash/pipeline.so/8006_postprocess_dns.conf
+/usr/share/logstash/pipeline.so/8007_postprocess_dns_top1m_tagging.conf
+/usr/share/logstash/pipeline.so/8007_postprocess_http.conf
+/usr/share/logstash/pipeline.so/8008_postprocess_dns_whois_age.conf
+/usr/share/logstash/pipeline.so/8200_postprocess_tagging.conf
+/usr/share/logstash/pipeline.so/8502_postprocess_freq_analysis_bro_dns.conf
+/usr/share/logstash/pipeline.so/8503_postprocess_freq_analysis_bro_http.conf
+/usr/share/logstash/pipeline.so/8504_postprocess_freq_analysis_bro_ssl.conf
+/usr/share/logstash/pipeline.so/8505_postprocess_freq_analysis_bro_x509.conf
+/usr/share/logstash/pipeline.so/8998_postprocess_log_elapsed.conf
+/usr/share/logstash/pipeline.so/8999_postprocess_rename_type.conf
+/usr/share/logstash/pipeline.so/9000_output_bro.conf
+/usr/share/logstash/pipeline.so/9001_output_switch.conf
+/usr/share/logstash/pipeline.so/9002_output_import.conf
+/usr/share/logstash/pipeline.so/9004_output_flow.conf
+/usr/share/logstash/pipeline.so/9026_output_dhcp.conf
+/usr/share/logstash/pipeline.so/9029_output_esxi.conf
+/usr/share/logstash/pipeline.so/9030_output_greensql.conf
+/usr/share/logstash/pipeline.so/9031_output_iis.conf
+/usr/share/logstash/pipeline.so/9032_output_mcafee.conf
+/usr/share/logstash/pipeline.so/9033_output_snort.conf
+/usr/share/logstash/pipeline.so/9034_output_syslog.conf
+/usr/share/logstash/pipeline.so/9200_output_firewall.conf
+/usr/share/logstash/pipeline.so/9300_output_windows.conf
+/usr/share/logstash/pipeline.so/9301_output_dns_windows.conf
+/usr/share/logstash/pipeline.so/9400_output_suricata.conf
+/usr/share/logstash/pipeline.so/9500_output_beats.conf
+/usr/share/logstash/pipeline.so/9998_output_test_data.conf
\ No newline at end of file
diff --git a/salt/top.sls b/salt/top.sls
index 4a6e8c9d0..7a734d97d 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -1,4 +1,4 @@
-{% set nodetype = salt['pillar_get']('node:node_type', 'master') %}
+{% set nodetype = salt['pillar_get']('node:node_type', 'storage') %}
 
 base:
   'G@role:so-sensor':