Logstash Module - Fix ES output logic

salt/logstash/files/dynamic/9000_output_bro.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -27,4 +28,3 @@ output {
     }
   }
 }
-{%- endif %}

salt/logstash/files/dynamic/9001_output_switch.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -24,4 +25,3 @@ output {
     }
   }
 }
-{%- endif %}

salt/logstash/files/dynamic/9002_output_import.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Updated by: Doug Burks
 # Last Update: 5/16/2017
 
@@ -24,4 +25,3 @@ output {
     }
   }
 }
-{%- endif %}

salt/logstash/files/dynamic/9004_output_flow.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -24,4 +25,3 @@ output {
     }
   }
 }
-{%- endif %}

salt/logstash/files/dynamic/9026_output_dhcp.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -23,4 +24,3 @@ output {
     }
   }
 }
-{%- endif %}

salt/logstash/files/dynamic/9029_output_esxi.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -22,4 +23,3 @@ output {
     }
   }
 }
-{%- endif %}

salt/logstash/files/dynamic/9030_output_greensql.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -22,4 +23,3 @@ output {
     }
   }
 }
-{%- endif %}

salt/logstash/files/dynamic/9031_output_iis.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -23,4 +24,3 @@ output {
     }
   }
 }
-{%- endif %}

salt/logstash/files/dynamic/9032_output_mcafee.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -23,4 +24,3 @@ output {
     }
   }
 }
-{%- endif %}

salt/logstash/files/dynamic/9033_output_snort.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -26,4 +27,3 @@ output {
     }
   }
 }
-{%- endif %}

salt/logstash/files/dynamic/9034_output_syslog.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Updated by: Doug Burks
@@ -25,4 +26,3 @@ output {
     }
   }
 }
-{%- endif %}

salt/logstash/files/dynamic/9200_output_firewall.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -26,4 +27,3 @@ output {
     }
   }
 }
-{%- endif %}

salt/logstash/files/dynamic/9300_output_windows.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -24,4 +25,3 @@ output {
     }
   }
 }
-{%- endif %}

salt/logstash/files/dynamic/9301_output_dns_windows.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -24,4 +25,3 @@ output {
     }
   }
 }
-{%- endif %}

salt/logstash/files/dynamic/9400_output_suricata.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -24,4 +25,3 @@ output {
     }
   }
 }
-{%- endif %}

salt/logstash/files/dynamic/9500_output_beats.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Author: Wes Lambert
 # Last Update: 09/14/2018
 filter {
@@ -22,4 +23,3 @@ output {
     }
   }
 }
-{%- endif %}

salt/logstash/files/dynamic/9600_output_ossec.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Updated by: Doug Burks
@@ -26,4 +27,3 @@ output {
     }
   }
 }
-{%- endif %}

salt/logstash/files/dynamic/9998_output_test_data.conf

@@ -2,6 +2,7 @@
 {%- set ES = salt['pillar.get']('master:mainip', '') -%}
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
+{%- endif %}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
 # Email: justin@hasecuritysolution.com
@@ -23,4 +24,3 @@ output {
     }
   }
 }
-{%- endif %}