mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-14 13:12:49 +01:00
31 lines
733 B
Django/Jinja
31 lines
733 B
Django/Jinja
{%- if grains['role'] == 'so-eval' -%}
|
|
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
|
{%- else %}
|
|
{%- set ES = salt['pillar.get']('node:mainip', '') -%}
|
|
{%- endif %}
|
|
# Author: Justin Henderson
|
|
# SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
|
|
# Updated by: Doug Burks
|
|
# Last Update: 9/19/2018
|
|
|
|
filter {
|
|
if [module] =~ "ossec" {
|
|
mutate {
|
|
##add_tag => [ "conf_file_9600"]
|
|
}
|
|
}
|
|
}
|
|
|
|
output {
|
|
if [module] =~ "ossec" {
|
|
elasticsearch {
|
|
pipeline => "%{module}.%{dataset}"
|
|
hosts => "{{ ES }}"
|
|
index => "so-ossec-%{+YYYY.MM.dd}"
|
|
template_name => "so-common"
|
|
template => "/so-common-template.json"
|
|
template_overwrite => true
|
|
}
|
|
}
|
|
}
|