From 81a0780b55732b833817dedb48bc71834512bc5d Mon Sep 17 00:00:00 2001 From: Andrew <a@3ilson.com> Date: Mon, 30 Sep 2019 22:48:27 -0400 Subject: [PATCH] Update 12-suricata.conf --- conf.d/12-suricata.conf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/conf.d/12-suricata.conf b/conf.d/12-suricata.conf index e7ee141..1e6ea37 100644 --- a/conf.d/12-suricata.conf +++ b/conf.d/12-suricata.conf @@ -6,13 +6,13 @@ filter { } if [message] =~ /^{.*}$/ { json { - source => "message" + source => "syslog_message" target => "[suricata][eve]" } } else { grok { patterns_dir => ["/etc/logstash/conf.d/patterns"] - match => [ "message", "%{SURICATA}"] + match => [ "syslog_message", "%{SURICATA}"] } } if [suricata][eve][src_ip] and ![source][ip] { @@ -92,7 +92,6 @@ filter { mutate { add_field => { "[event][module]" => "suricata"} add_field => { "[event][dataset]" => "suricata"} - rename => { "[message]" => "[event][original]"} } } } -- GitLab