mirror of
https://github.com/Lanakod-Networks/snort-docker.git
synced 2025-07-04 21:36:37 +03:00
39 lines
744 B
Plaintext
39 lines
744 B
Plaintext
input {
|
|
file {
|
|
mode => "tail"
|
|
type => "snort-json"
|
|
path => "/usr/share/logstash/ingest_data/alert_json.txt"
|
|
}
|
|
file {
|
|
mode => "tail"
|
|
type => "snort-appid"
|
|
path => "/usr/share/logstash/ingest_data/appid_stats.log"
|
|
}
|
|
}
|
|
|
|
|
|
filter {
|
|
}
|
|
|
|
|
|
output {
|
|
if [type] == "snort-json" {
|
|
elasticsearch {
|
|
index => "snort-json-%{+YYYY.MM.dd}"
|
|
hosts=> "${ELASTIC_HOSTS}"
|
|
user=> "${ELASTIC_USER}"
|
|
password=> "${ELASTIC_PASSWORD}"
|
|
cacert=> "certs/ca/ca.crt"
|
|
}
|
|
}
|
|
if [type] == "snort-appid" {
|
|
elasticsearch {
|
|
index => "snort-appid-%{+YYYY.MM.dd}"
|
|
hosts=> "${ELASTIC_HOSTS}"
|
|
user=> "${ELASTIC_USER}"
|
|
password=> "${ELASTIC_PASSWORD}"
|
|
cacert=> "certs/ca/ca.crt"
|
|
}
|
|
}
|
|
|
|
} |