# Updated by: Mike Reeves # Last Update: 11/1/2018 input { file { path => "/suricata/eve.json" type => "ids" add_field => { "engine" => "suricata" } } file { path => "/nsm/bro/logs/current/conn*.log" type => "bro_conn" tags => ["bro"] } file { path => "/nsm/bro/logs/current/dce_rpc*.log" type => "bro_dce_rpc" tags => ["bro"] } file { path => "/nsm/bro/logs/current/dhcp*.log" type => "bro_dhcp" tags => ["bro"] } file { path => "/nsm/bro/logs/current/dnp3*.log" type => "bro_dnp3" tags => ["bro"] } file { path => "/nsm/bro/logs/current/dns*.log" type => "bro_dns" tags => ["bro"] } file { path => "/nsm/bro/logs/current/dpd*.log" type => "bro_dpd" tags => ["bro"] } file { path => "/nsm/bro/logs/current/files*.log" type => "bro_files" tags => ["bro"] } file { path => "/nsm/bro/logs/current/ftp*.log" type => "bro_ftp" tags => ["bro"] } file { path => "/nsm/bro/logs/current/http*.log" type => "bro_http" tags => ["bro"] } file { path => "/nsm/bro/logs/current/intel*.log" type => "bro_intel" tags => ["bro"] } file { path => "/nsm/bro/logs/current/irc*.log" type => "bro_irc" tags => ["bro"] } file { path => "/nsm/bro/logs/current/kerberos*.log" type => "bro_kerberos" tags => ["bro"] } file { path => "/nsm/bro/logs/current/modbus*.log" type => "bro_modbus" tags => ["bro"] } file { path => "/nsm/bro/logs/current/mysql*.log" type => "bro_mysql" tags => ["bro"] } file { path => "/nsm/bro/logs/current/notice*.log" type => "bro_notice" tags => ["bro"] } file { path => "/nsm/bro/logs/current/ntlm*.log" type => "bro_ntlm" tags => ["bro"] } file { path => "/nsm/bro/logs/current/pe*.log" type => "bro_pe" tags => ["bro"] } file { path => "/nsm/bro/logs/current/radius*.log" type => "bro_radius" tags => ["bro"] } file { path => "/nsm/bro/logs/current/rdp*.log" type => "bro_rdp" tags => ["bro"] } file { path => "/nsm/bro/logs/current/rfb*.log" type => "bro_rfb" tags => ["bro"] } file { path => "/nsm/bro/logs/current/signatures*.log" type => "bro_signatures" tags => ["bro"] } file { path => "/nsm/bro/logs/current/sip*.log" type => "bro_sip" tags => ["bro"] } file { path => "/nsm/bro/logs/current/smb_files*.log" type => "bro_smb_files" tags => ["bro"] } file { path => "/nsm/bro/logs/current/smb_mapping*.log" type => "bro_smb_mapping" tags => ["bro"] } file { path => "/nsm/bro/logs/current/smtp*.log" type => "bro_smtp" tags => ["bro"] } file { path => "/nsm/bro/logs/current/snmp*.log" type => "bro_snmp" tags => ["bro"] } file { path => "/nsm/bro/logs/current/socks*.log" type => "bro_socks" tags => ["bro"] } file { path => "/nsm/bro/logs/current/software*.log" type => "bro_software" tags => ["bro"] } file { path => "/nsm/bro/logs/current/ssh*.log" type => "bro_ssh" tags => ["bro"] } file { path => "/nsm/bro/logs/current/ssl*.log" type => "bro_ssl" tags => ["bro"] } file { path => "/nsm/bro/logs/current/syslog*.log" type => "bro_syslog" tags => ["bro"] } file { path => "/nsm/bro/logs/current/tunnel*.log" type => "bro_tunnels" tags => ["bro"] } file { path => "/nsm/bro/logs/current/weird*.log" type => "bro_weird" tags => ["bro"] } file { path => "/nsm/bro/logs/current/x509*.log" type => "bro_x509" tags => ["bro"] } file { path => "/wazuh/alerts/alerts.json" type => "ossec" } file { path => "/wazuh/archives/archive.json" type => "ossec_archive" } file { path => "/osquery/logs/result.log" type => "osquery" } file { path => "/strelka/strelka.log" type => "strelka" } } filter { if "import" in [tags] { mutate { #add_tag => [ "conf_file_0007"] } } }