mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
15 lines
316 B
Plaintext
15 lines
316 B
Plaintext
# Updated by: Doug Burks
|
|
# Last Update: 5/16/2017
|
|
#
|
|
# If we're importing old Bro logs, let's use the original Bro timestamp instead of the time of import
|
|
filter {
|
|
if "import" in [tags] and "bro" in [tags] {
|
|
date {
|
|
match => [ "timestamp", "UNIX" ]
|
|
}
|
|
mutate {
|
|
#add_tag => [ "conf_file_6001"]
|
|
}
|
|
}
|
|
}
|