prep for 18.04

2025-07-02 01:27:27 -04:00 · 2018-03-25 18:35:32 +00:00
parent 60cb42b34d
commit c9a33870ff
57 changed files with 2268 additions and 178 deletions
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@ -17,7 +17,7 @@ input {

 # Conpot 
  file {
-    path => ["/data/conpot/log/conpot.json"]
+    path => ["/data/conpot/log/*.json"]
    codec => json
    type => "ConPot"
  }
@ -55,6 +55,12 @@ input {
    type => "Glastopf"
  }

+# Heralding
+  file {
+    path => ["/data/heralding/log/auth.csv"]
+    type => "Heralding"
+  }
+
 # Honeytrap
  file {
    path => ["/data/honeytrap/log/attackers.json"]
@ -201,6 +207,17 @@ filter {
    }
  }

+# Heralding
+  if [type] == "Heralding" {
+    csv { 
+      columns => ["timestamp","auth_id","session_id","src_ip","src_port","dest_ip","dest_port","proto","username","password"] separator => "," 
+    }
+    date {
+      match => [ "timestamp", "yyyy-MM-dd HH:mm:ss.SSSSSS" ]
+      remove_field => ["timestamp"]
+    }
+  }
+
 # Honeytrap
  if [type] == "Honeytrap" {
    date {