mirror of
https://github.com/Lanakod-Networks/snort-docker.git
synced 2025-07-05 13:46:38 +03:00
Removed logs, .env, updated snort conf
This commit is contained in:
parent
c0a3afaed4
commit
f905b8b862
@ -38,4 +38,4 @@ LS_MEM_LIMIT=1073741824
|
|||||||
|
|
||||||
|
|
||||||
# SAMPLE Predefined Key only to be used in POC environments
|
# SAMPLE Predefined Key only to be used in POC environments
|
||||||
ENCRYPTION_KEY=c34d38b3a14956121ff2170e5030b471551370178f43e5626eec58b04a30fae2
|
ENCRYPTION_KEY=
|
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,2 +1,3 @@
|
|||||||
./logs/*.txt
|
./logs/*.txt
|
||||||
./logs/*.log
|
./logs/*.log
|
||||||
|
.env
|
@ -13,6 +13,28 @@ input {
|
|||||||
|
|
||||||
|
|
||||||
filter {
|
filter {
|
||||||
|
if [type] == "snort-json" {
|
||||||
|
if [message] =~ /^{.*}$/ {
|
||||||
|
json {
|
||||||
|
source => "message"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if [type] == "snort-appid" {
|
||||||
|
csv {
|
||||||
|
source => "message"
|
||||||
|
separator => ","
|
||||||
|
skip_header => "false"
|
||||||
|
columns => ["timestamp","app","bytesToClient","bytesToServer"]
|
||||||
|
}
|
||||||
|
mutate {
|
||||||
|
convert => {
|
||||||
|
timestamp => "date"
|
||||||
|
bytesToClient => "integer"
|
||||||
|
bytesToServer => "integer"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -258,14 +258,15 @@ rate_filter =
|
|||||||
-- event logging
|
-- event logging
|
||||||
-- you can enable with defaults from the command line with -A <alert_type>
|
-- you can enable with defaults from the command line with -A <alert_type>
|
||||||
-- uncomment below to set non-default configs
|
-- uncomment below to set non-default configs
|
||||||
alert_csv = {
|
-- alert_csv = {
|
||||||
file = true,
|
-- fields = 'timestamp pkt_num proto pkt_gen pkt_len dir src_addr src_port dst_addr dst_port service rule priority class action b64_data',
|
||||||
}
|
-- file = true,
|
||||||
alert_fast = {
|
-- }
|
||||||
file = true,
|
-- alert_fast = {
|
||||||
packet = false,
|
-- file = true,
|
||||||
limit = 10,
|
-- packet = false,
|
||||||
}
|
-- limit = 10,
|
||||||
|
-- }
|
||||||
alert_json = {
|
alert_json = {
|
||||||
fields = 'timestamp pkt_num proto pkt_gen pkt_len dir src_addr src_port dst_addr dst_port service rule priority class action b64_data',
|
fields = 'timestamp pkt_num proto pkt_gen pkt_len dir src_addr src_port dst_addr dst_port service rule priority class action b64_data',
|
||||||
file = true
|
file = true
|
||||||
|
6144
logs/alert_csv.txt
6144
logs/alert_csv.txt
File diff suppressed because it is too large
Load Diff
6144
logs/alert_fast.txt
6144
logs/alert_fast.txt
File diff suppressed because it is too large
Load Diff
72503
logs/alert_full.txt
72503
logs/alert_full.txt
File diff suppressed because it is too large
Load Diff
2426
logs/alert_json.txt
2426
logs/alert_json.txt
File diff suppressed because it is too large
Load Diff
66398
logs/appid_stats.log
66398
logs/appid_stats.log
File diff suppressed because it is too large
Load Diff
4442
logs/supervisor.log
4442
logs/supervisor.log
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user