CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Change to label fields to comply with what's defined in Filebeat template

Browse Source
This commit is contained in:
weslambert
2022-03-04 16:29:01 -05:00
committed by GitHub
parent 3148fa0e06
commit fc3273fa49
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/elasticsearch/files/ingest/zeek.syslog
View File

@@ -4,8 +4,8 @@
{ "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.proto", "target_field": "network.protocol", "ignore_missing": true } },
{ "rename": { "field": "message2.facility", "target_field": "syslog.facility", "ignore_missing": true } },
{ "rename": { "field": "message2.severity", "target_field": "syslog.severity", "ignore_missing": true } },
{ "rename": { "field": "message2.facility", "target_field": "syslog.facility_label", "ignore_missing": true } },
{ "rename": { "field": "message2.severity", "target_field": "syslog.severity_label", "ignore_missing": true } },
{ "remove": { "field": "message", "ignore_failure": true } },
{ "rename": { "field": "message2.message", "target_field": "message", "ignore_missing": true } },
{ "pipeline": { "name": "zeek.common" } }