mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
71 lines
1.6 KiB
YAML
71 lines
1.6 KiB
YAML
logstash:
|
|
enabled: False
|
|
assigned_pipelines:
|
|
roles:
|
|
standalone:
|
|
- manager
|
|
- search
|
|
receiver:
|
|
- receiver
|
|
heavynode: []
|
|
searchnode:
|
|
- search
|
|
manager:
|
|
- manager
|
|
managersearch:
|
|
- manager
|
|
- search
|
|
fleet:
|
|
- fleet
|
|
defined_pipelines:
|
|
fleet:
|
|
- so/0012_input_elastic_agent.conf.jinja
|
|
- so/9806_output_lumberjack_fleet.conf.jinja
|
|
manager:
|
|
- so/0011_input_endgame.conf
|
|
- so/0012_input_elastic_agent.conf.jinja
|
|
- so/0013_input_lumberjack_fleet.conf
|
|
- so/9999_output_redis.conf.jinja
|
|
receiver:
|
|
- so/0011_input_endgame.conf
|
|
- so/0012_input_elastic_agent.conf.jinja
|
|
- so/0013_input_lumberjack_fleet.conf
|
|
- so/9999_output_redis.conf.jinja
|
|
search:
|
|
- so/0900_input_redis.conf.jinja
|
|
- so/9805_output_elastic_agent.conf.jinja
|
|
- so/9900_output_endgame.conf.jinja
|
|
custom0: []
|
|
custom1: []
|
|
custom2: []
|
|
custom3: []
|
|
custom4: []
|
|
pipeline_config:
|
|
custom001: |-
|
|
filter {
|
|
if [event][module] =~ "zeek" {
|
|
mutate {
|
|
add_tag => ["network_stuff"]
|
|
}
|
|
}
|
|
}
|
|
custom002: PLACEHOLDER
|
|
custom003: PLACEHOLDER
|
|
custom004: PLACEHOLDER
|
|
custom005: PLACEHOLDER
|
|
custom006: PLACEHOLDER
|
|
custom007: PLACEHOLDER
|
|
custom008: PLACEHOLDER
|
|
custom009: PLACEHOLDER
|
|
custom010: PLACEHOLDER
|
|
settings:
|
|
lsheap: 500m
|
|
config:
|
|
http_x_host: 0.0.0.0
|
|
path_x_logs: /var/log/logstash
|
|
pipeline_x_workers: 1
|
|
pipeline_x_batch_x_size: 125
|
|
pipeline_x_ecs_compatibility: disabled
|
|
dmz_nodes: []
|
|
|