From ce39e1bd4f7c05619adacdb6aa31d306e0b50911 Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Fri, 19 Nov 2021 23:20:13 +0000
Subject: [PATCH] logstash logging for honeypots

---
 docker/elk/logstash/dist/logstash.conf | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf
index ae937fdf..3e356430 100644
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@@ -112,6 +112,13 @@ input {
     type => "Heralding"
   }
 
+# Honeypots
+  file {
+    path => ["/data/honeypots/log/*.log"]
+    codec => json
+    type => "Honeypots"
+  }
+
 # Honeypy
   file {
     path => ["/data/honeypy/log/json.log"]
@@ -491,6 +498,13 @@ filter {
     }
   }
 
+# Honeypots
+  if [type] == "Honeypots" {
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+  }
+
 # Honeysap
   if [type] == "Honeysap" {
     date {