Add a new elasticsearch honeypot

adjust installer adjust elasticpot configs to T-Pot's environment create Dockerfile adjust logstash config update Readme
2025-07-02 01:27:27 -04:00 · 2020-06-17 18:09:59 +00:00
parent 739c7c1154
commit 2882668826
16 changed files with 425 additions and 28 deletions
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@ -64,9 +64,9 @@ input {
    type => "Dionaea"
  }

-# Elasticpot
+# ElasticPot
  file {
-    path => ["/data/elasticpot/log/elasticpot.log"]
+    path => ["/data/elasticpot/log/elasticpot.json"]
    codec => json
    type => "ElasticPot"
  }
@ -296,6 +296,17 @@ filter {
    date {
      match => [ "timestamp", "ISO8601" ]
    }
+    mutate {
+      rename => {
+        "content_type" => "http.http_content_type"
+        "dst_port" => "dest_port"
+        "dst_ip" => "dest_ip"
+        "message" => "event_type"
+        "request" => "request_method"
+        "user_agent" => "http_user_agent"
+	"url" => "http.url"
+      }
+    }
  }

 # Glutton