mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-16 05:53:09 +01:00
88 lines
2.9 KiB
YAML
88 lines
2.9 KiB
YAML
logstash:
|
|
enabled:
|
|
description: Enables or disables the Logstash log event forwarding process. On most grid installations, when this process is disabled log events are unable to be ingested into the SOC backend.
|
|
helpLink: logstash.html
|
|
assigned_pipelines:
|
|
roles:
|
|
standalone: &assigned_pipelines
|
|
description: List of defined pipelines to add to this role.
|
|
advanced: True
|
|
helpLink: logstash.html
|
|
multiline: True
|
|
forcedType: "[]string"
|
|
duplicates: True
|
|
receiver: *assigned_pipelines
|
|
heavynode: *assigned_pipelines
|
|
searchnode: *assigned_pipelines
|
|
manager: *assigned_pipelines
|
|
managersearch: *assigned_pipelines
|
|
fleet: *assigned_pipelines
|
|
defined_pipelines:
|
|
receiver: &defined_pipelines
|
|
description: List of pipeline configurations assign to this group.
|
|
advanced: True
|
|
helpLink: logstash.html
|
|
multiline: True
|
|
forcedType: "[]string"
|
|
duplicates: True
|
|
fleet: *defined_pipelines
|
|
manager: *defined_pipelines
|
|
search: *defined_pipelines
|
|
custom0: *defined_pipelines
|
|
custom1: *defined_pipelines
|
|
custom2: *defined_pipelines
|
|
custom3: *defined_pipelines
|
|
custom4: *defined_pipelines
|
|
pipeline_config:
|
|
custom001: &pipeline_config
|
|
description: Pipeline configuration for Logstash
|
|
advanced: True
|
|
multiline: True
|
|
forcedType: string
|
|
helpLink: logstash.html
|
|
duplicates: True
|
|
custom002: *pipeline_config
|
|
custom003: *pipeline_config
|
|
custom004: *pipeline_config
|
|
custom005: *pipeline_config
|
|
custom006: *pipeline_config
|
|
custom007: *pipeline_config
|
|
custom008: *pipeline_config
|
|
custom009: *pipeline_config
|
|
custom010: *pipeline_config
|
|
settings:
|
|
lsheap:
|
|
description: Heap size to use for logstash
|
|
helpLink: logstash.html
|
|
global: False
|
|
config:
|
|
http_x_host:
|
|
description: Host interface to listen to connections.
|
|
helpLink: logstash.html
|
|
readonly: True
|
|
advanced: True
|
|
path_x_logs:
|
|
description: Path inside the container to wrote logs.
|
|
helpLink: logstash.html
|
|
readonly: True
|
|
advanced: True
|
|
pipeline_x_workers:
|
|
description: Number of worker threads to process events in logstash.
|
|
helpLink: logstash.html
|
|
global: False
|
|
pipeline_x_batch_x_size:
|
|
description: Logstash batch size.
|
|
helpLink: logstash.html
|
|
global: False
|
|
pipeline_x_ecs_compatibility:
|
|
description: Sets ECS compatibility. This is set per pipeline so you should never need to change this.
|
|
helpLink: logstash.html
|
|
readonly: True
|
|
advanced: True
|
|
dmz_nodes:
|
|
description: "List of receiver nodes in DMZs. Prevents sensors from sending to these receivers. Primarily used for external Elastic agents."
|
|
helpLink: logstash.html
|
|
multiline: True
|
|
advanced: True
|
|
forcedType: "[]string"
|