mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
77 lines
1.7 KiB
JSON
77 lines
1.7 KiB
JSON
{
|
|
"package": {
|
|
"name": "system",
|
|
"version": "1.25.2"
|
|
},
|
|
"name": "system-endpoints",
|
|
"namespace": "default",
|
|
"policy_id": "endpoints-initial",
|
|
"inputs": {
|
|
"system-logfile": {
|
|
"enabled": true,
|
|
"streams": {
|
|
"system.auth": {
|
|
"enabled": true,
|
|
"vars": {
|
|
"ignore_older": "72h",
|
|
"paths": [
|
|
"/var/log/auth.log*",
|
|
"/var/log/secure*"
|
|
],
|
|
"preserve_original_event": false,
|
|
"tags": [
|
|
"system-auth"
|
|
]
|
|
}
|
|
},
|
|
"system.syslog": {
|
|
"enabled": true,
|
|
"vars": {
|
|
"paths": [
|
|
"/var/log/messages*",
|
|
"/var/log/syslog*"
|
|
],
|
|
"tags": [],
|
|
"ignore_older": "72h"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"system-winlog": {
|
|
"enabled": true,
|
|
"streams": {
|
|
"system.application": {
|
|
"enabled": true,
|
|
"vars": {
|
|
"preserve_original_event": false,
|
|
"ignore_older": "72h",
|
|
"language": 0,
|
|
"tags": []
|
|
}
|
|
},
|
|
"system.security": {
|
|
"enabled": true,
|
|
"vars": {
|
|
"preserve_original_event": false,
|
|
"ignore_older": "72h",
|
|
"language": 0,
|
|
"tags": []
|
|
}
|
|
},
|
|
"system.system": {
|
|
"enabled": true,
|
|
"vars": {
|
|
"preserve_original_event": false,
|
|
"ignore_older": "72h",
|
|
"language": 0,
|
|
"tags": []
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"system-system/metrics": {
|
|
"enabled": false
|
|
}
|
|
}
|
|
}
|