mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
49 lines
1.2 KiB
JSON
49 lines
1.2 KiB
JSON
{
|
|
"policy_id": "so-grid-nodes_general",
|
|
"package": {
|
|
"name": "system",
|
|
"version": ""
|
|
},
|
|
"name": "system-grid-nodes",
|
|
"namespace": "default",
|
|
"inputs": {
|
|
"system-logfile": {
|
|
"enabled": true,
|
|
"streams": {
|
|
"system.auth": {
|
|
"enabled": true,
|
|
"vars": {
|
|
"paths": [
|
|
"/var/log/auth.log*",
|
|
"/var/log/secure*"
|
|
],
|
|
"tags": [
|
|
"so-grid-node"
|
|
]
|
|
}
|
|
},
|
|
"system.syslog": {
|
|
"enabled": true,
|
|
"vars": {
|
|
"paths": [
|
|
"/var/log/messages*",
|
|
"/var/log/syslog*"
|
|
],
|
|
"tags": [
|
|
"so-grid-node"
|
|
],
|
|
"processors": "- if:\n contains:\n message: \"salt-minion\"\n then: \n - dissect:\n tokenizer: \"%{} %{} %{} %{} %{} %{}: [%{log.level}] %{*}\"\n field: \"message\"\n trim_values: \"all\"\n target_prefix: \"\"\n - drop_event:\n when:\n equals:\n log.level: \"INFO\""
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"system-winlog": {
|
|
"enabled": false
|
|
},
|
|
"system-system/metrics": {
|
|
"enabled": false
|
|
}
|
|
},
|
|
"force": true
|
|
}
|