mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
28 lines
900 B
Django/Jinja
28 lines
900 B
Django/Jinja
{%- if grains['role'] == 'so-eval' -%}
|
|
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
|
{%- else %}
|
|
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
|
{%- endif %}
|
|
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
|
|
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
|
|
|
|
output {
|
|
if [module] =~ "logscan" {
|
|
elasticsearch {
|
|
id => "logscan_pipeline"
|
|
pipeline => "%{module}"
|
|
hosts => "{{ ES }}"
|
|
{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
|
|
user => "{{ ES_USER }}"
|
|
password => "{{ ES_PASS }}"
|
|
{% endif %}
|
|
index => "so-logscan"
|
|
template_name => "so-common"
|
|
template => "/templates/so-common-template.json"
|
|
template_overwrite => true
|
|
ssl => true
|
|
ssl_certificate_verification => false
|
|
}
|
|
}
|
|
}
|