mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-05-06 03:17:53 +02:00
Josh Brower
44 lines
1.5 KiB
Django/Jinja
44 lines
1.5 KiB
Django/Jinja
{%- if grains['role'] == 'so-eval' -%}
|
|
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
|
{%- else %}
|
|
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
|
{%- endif %}
|
|
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
|
|
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
|
|
output {
|
|
if "beat-ext" in [tags] and "import" not in [tags] and "filebeat" not in [metadata][pipeline] {
|
|
if [metadata][_id] {
|
|
elasticsearch {
|
|
pipeline => "beats.common"
|
|
hosts => "{{ ES }}"
|
|
{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
|
|
user => "{{ ES_USER }}"
|
|
password => "{{ ES_PASS }}"
|
|
{% endif %}
|
|
index => "so-beats"
|
|
template_name => "so-beats"
|
|
template => "/templates/so-beats-template.json"
|
|
template_overwrite => true
|
|
ssl => true
|
|
ssl_certificate_verification => false
|
|
document_id => "%{[metadata][_id]}"
|
|
}
|
|
} else {
|
|
elasticsearch {
|
|
pipeline => "beats.common"
|
|
hosts => "{{ ES }}"
|
|
{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
|
|
user => "{{ ES_USER }}"
|
|
password => "{{ ES_PASS }}"
|
|
{% endif %}
|
|
index => "so-beats"
|
|
template_name => "so-beats"
|
|
template => "/templates/so-beats-template.json"
|
|
template_overwrite => true
|
|
ssl => true
|
|
ssl_certificate_verification => false
|
|
}
|
|
}
|
|
}
|
|
}
|