mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-01-01 13:53:18 +01:00
25 lines
620 B
Plaintext
25 lines
620 B
Plaintext
# Author: Justin Henderson
|
|
# SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
|
|
# Updated by: Doug Burks
|
|
# Last Update: 5/15/2017
|
|
|
|
filter {
|
|
if "bro" in [tags] {
|
|
# If a log comes in with a message starting with # then drop it as it doesn'then
|
|
# contain anything and is the header of a rotated bro log
|
|
if [message] =~ /^#/ {
|
|
drop { }
|
|
} else {
|
|
# Replace the host field with the host found in the bro log
|
|
if [bro_host] {
|
|
# mutate {
|
|
# replace => [ "host", "%{bro_host}" ]
|
|
# }
|
|
}
|
|
}
|
|
mutate {
|
|
#add_tag => [ "conf_file_1002"]
|
|
}
|
|
}
|
|
}
|