Private GIT

Skip to content
Snippets Groups Projects
Unverified Commit 81a0780b authored by Andrew's avatar Andrew Committed by GitHub
Browse files

Update 12-suricata.conf

parent 6a0c4cc2
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 2 additions and 3 deletions
conf.d/12-suricata.conf
+ 2
3
View file @ 81a0780b
...@@ -6,13 +6,13 @@ filter { ...@@ -6,13 +6,13 @@ filter {
} }
if [message] =~ /^{.*}$/ { if [message] =~ /^{.*}$/ {
json { json {
source => "message" source => "syslog_message"
target => "[suricata][eve]" target => "[suricata][eve]"
} }
} else { } else {
grok { grok {
patterns_dir => ["/etc/logstash/conf.d/patterns"] patterns_dir => ["/etc/logstash/conf.d/patterns"]
match => [ "message", "%{SURICATA}"] match => [ "syslog_message", "%{SURICATA}"]
} }
} }
if [suricata][eve][src_ip] and ![source][ip] { if [suricata][eve][src_ip] and ![source][ip] {
...@@ -92,7 +92,6 @@ filter { ...@@ -92,7 +92,6 @@ filter {
mutate { mutate {
add_field => { "[event][module]" => "suricata"} add_field => { "[event][module]" => "suricata"}
add_field => { "[event][dataset]" => "suricata"} add_field => { "[event][dataset]" => "suricata"}
rename => { "[message]" => "[event][original]"}
} }
} }
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Another place to be (or not)