Removed logs, .env, updated snort conf

.env.example

@@ -38,4 +38,4 @@ LS_MEM_LIMIT=1073741824
 
 
 # SAMPLE Predefined Key only to be used in POC environments
-ENCRYPTION_KEY=c34d38b3a14956121ff2170e5030b471551370178f43e5626eec58b04a30fae2
+ENCRYPTION_KEY=

.gitignore

@@ -1,2 +1,3 @@
 ./logs/*.txt
-./logs/*.log
+./logs/*.log
+.env

configs/logstash.conf

@@ -13,6 +13,28 @@ input {
 
 
 filter {
+  if [type] == "snort-json" {
+    if [message] =~ /^{.*}$/ {
+      json {
+        source => "message"
+      }
+    }
+  }
+  if [type] == "snort-appid" {
+    csv {
+      source => "message"
+      separator => ","
+      skip_header => "false"
+      columns => ["timestamp","app","bytesToClient","bytesToServer"]
+    }
+    mutate {
+      convert => {
+        timestamp => "date"
+        bytesToClient => "integer"
+        bytesToServer => "integer"
+      }
+    }
+  }
 }
 
 

configs/snort-conf/snort.lua

@@ -258,14 +258,15 @@ rate_filter =
 -- event logging
 -- you can enable with defaults from the command line with -A <alert_type>
 -- uncomment below to set non-default configs
-alert_csv = {
-  file = true,
-}
-alert_fast = { 
-  file = true,
-  packet = false,
-  limit = 10,
-}
+-- alert_csv = {
+--   fields = 'timestamp pkt_num proto pkt_gen pkt_len dir src_addr src_port dst_addr dst_port service rule priority class action b64_data',
+--   file = true,
+-- }
+-- alert_fast = { 
+--   file = true,
+--   packet = false,
+--   limit = 10,
+-- }
 alert_json = {
     fields = 'timestamp pkt_num proto pkt_gen pkt_len dir src_addr src_port dst_addr dst_port service rule priority class action b64_data',
     file = true