telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

bump elastic stack to 8.0.0

Browse Source
This commit is contained in:
t3chn0m4g3
2022-02-16 02:55:20 +00:00
parent 17a1cbdf40
commit 7ee263e8e8
13 changed files with 128 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docker/elk/logstash/dist/http_input.conf vendored
View File

@ -13,7 +13,7 @@ output {
hosts => ["elasticsearch:9200"]
# With templates now being legacy we need to set the daily index with its template manually. Otherwise a new index might be created with differents settings configured through Kibana.
index => "logstash-%{+YYYY.MM.dd}"
template => "/etc/logstash/tpot_es_template.json"
template => "/etc/logstash/tpot-template.json"
template_overwrite => "true"
}

3
docker/elk/logstash/dist/logstash.conf vendored
View File

@ -725,9 +725,8 @@ output {
hosts => ["elasticsearch:9200"]
# With templates now being legacy we need to set the daily index with its template manually. Otherwise a new index might be created with differents settings configured through Kibana.
index => "logstash-%{+YYYY.MM.dd}"
template => "/etc/logstash/tpot_es_template.json"
template => "/etc/logstash/tpot-template.json"
template_overwrite => "true"
#document_type => "doc"
}
#if [type] == "Suricata" {

1
docker/elk/logstash/dist/logstash.yml vendored Normal file
View File

@ -0,0 +1 @@
path.config: "/usr/sahre/logstash/config/pipelines.yml"

94
docker/elk/logstash/dist/tpot-template.json vendored Normal file
View File

@ -0,0 +1,94 @@
{
"template": {
"settings": {
"index": {
"lifecycle": {
"name": "tpot"
},
"mapping": {
"total_fields": {
"limit": "2000"
}
},
"refresh_interval": "5s",
"number_of_shards": "1",
"number_of_replicas": "0",
"query": {
"default_field": "*"
}
}
},
"mappings": {
"dynamic": "true",
"dynamic_date_formats": [
"strict_date_optional_time",
"yyyy/MM/dd HH:mm:ss Z||yyyy/MM/dd Z"
],
"dynamic_templates": [
{
"message_field": {
"path_match": "message",
"match_mapping_type": "string",
"mapping": {
"norms": false,
"type": "text"
}
}
},
{
"string_fields": {
"match": "*",
"match_mapping_type": "string",
"mapping": {
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
},
"norms": false,
"type": "text"
}
}
}
],
"date_detection": true,
"numeric_detection": false,
"properties": {
"geoip": {
"properties": {
"ip": {
"type": "ip"
},
"latitude": {
"type": "half_float"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "half_float"
}
}
},
"geoip_ext": {
"properties": {
"ip": {
"type": "ip"
},
"latitude": {
"type": "half_float"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "half_float"
}
}
}
}
},
"aliases": {}
}
}

59
docker/elk/logstash/dist/tpot_es_template.json vendored
View File

@ -1,59 +0,0 @@
{
"index_patterns" : "logstash-*",
"version" : 60001,
"settings" : {
"index.lifecycle.name": "tpot",
"index.refresh_interval" : "5s",
"number_of_shards" : 1,
"index.number_of_replicas" : "0",
"index.mapping.total_fields.limit" : "2000",
"index.query": {
"default_field": "*"
}
},
"mappings" : {
"dynamic_templates" : [ {
"message_field" : {
"path_match" : "message",
"match_mapping_type" : "string",
"mapping" : {
"type" : "text",
"norms" : false
}
}
}, {
"string_fields" : {
"match" : "*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "text", "norms" : false,
"fields" : {
"keyword" : { "type": "keyword", "ignore_above": 256 }
}
}
}
} ],
"properties" : {
"@timestamp": { "type": "date"},
"@version": { "type": "keyword"},
"geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
},
"geoip_ext" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
}
}
}
}