telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

logstash cleanup, prep for multiarch, move to ubuntu

Browse Source 
log4pot tweaking
This commit is contained in:
t3chn0m4g3
2022-01-23 14:49:07 +00:00
parent ae18cb592e
commit a507bc5f39
6 changed files with 33 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docker/elk/logstash/dist/update.sh → docker/elk/logstash/dist/entrypoint.sh vendored
View File

@ -46,7 +46,7 @@ if [ "$MY_TPOT_TYPE" == "SENSOR" ];
echo "Hive username: $MY_HIVE_USERNAME"
echo "Hive IP: $MY_HIVE_IP"
echo
cp /usr/share/logstash/config/pipelines_pot.yml /usr/share/logstash/config/pipelines.yml
cp /usr/share/logstash/config/pipelines_sensor.yml /usr/share/logstash/config/pipelines.yml
autossh -f -M 0 -4 -l $MY_HIVE_USERNAME -i $MY_SENSOR_PRIVATEKEYFILE -p 64295 -N -L64305:127.0.0.1:64305 $MY_HIVE_IP -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "StrictHostKeyChecking=no" -o "UserKnownHostsFile=/dev/null"
exit 0
fi

2
docker/elk/logstash/dist/pipelines.yml vendored
View File

@ -1,4 +1,6 @@
- pipeline.id: logstash
path.config: "/etc/logstash/conf.d/logstash.conf"
pipeline.ecs_compatibility: disabled
- pipeline.id: http_input
path.config: "/etc/logstash/conf.d/http_input.conf"
pipeline.ecs_compatibility: disabled

1
docker/elk/logstash/dist/pipelines_pot.yml → docker/elk/logstash/dist/pipelines_sensor.yml vendored
View File

@ -1,2 +1,3 @@
- pipeline.id: http_output
path.config: "/etc/logstash/conf.d/http_output.conf"
pipeline.ecs_compatibility: disabled