cleaning up

docker/elk/logstash/dist/logstash.conf

@@ -109,11 +109,6 @@ input {
     type => "Tanner"
   }
 
-# Vnclowpot
-  file {
-    path => ["/data/vnclowpot/log/vnclowpot.log"]
-    type => "Vnclowpot"
-  }
 }
 
 # Filter Section
@@ -336,22 +331,6 @@ filter {
     }
   }
 
-# Vnclowpot
-  if [type] == "Vnclowpot" {
-    grok {
-      match => [ "message", "\A%{NOTSPACE}%{SPACE}%{TIME}%{SPACE}%{IPV4:src_ip}:%{INT:src_port}%{SPACE}%{NOTSPACE:vnc_handshake}" ]
-    }
-    date {
-      match => [ "timestamp", "yyyy/MM/dd HH:mm:ss" ]
-      remove_field => ["timestamp"]
-    }
-    mutate {
-      add_field => {
-        "dest_port" => "5900"
-      }
-    }
-  }
-
 # Drop if parse fails
 if "_grokparsefailure" in [tags] { drop {} }
 
@@ -393,7 +372,7 @@ if "_grokparsefailure" in [tags] { drop {} }
   }
 
 # Add T-Pot hostname and external IP
-  if [type] == "Ciscoasa" or [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "eMobility" or [type] == "Glastopf" or [type] == "Honeytrap" or [type] == "Heralding" or [type] == "Mailoney" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Tanner" or [type] == "Vnclowpot" {
+  if [type] == "Ciscoasa" or [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "Glastopf" or [type] == "Glutton" or [type] == "Honeytrap" or [type] == "Heralding" or [type] == "Mailoney" or [type] == "Medpot" or [type] == "P0f" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Tanner" {
     mutate {
       add_field => {
         "t-pot_ip_ext" => "${MY_EXTIP}"