tweaking

Update logstash config for new Dicompot fields
Revert Dionaea back to 0.8.0, latest master was unstable

docker/dionaea/Dockerfile

@@ -35,9 +35,10 @@ RUN apt-get update -y && \
 	fonts-liberation && \
 #
 # Get and install dionaea
-    git clone --depth=1 https://github.com/dinotools/dionaea /root/dionaea/ && \
+    # Latest master is unstable, SIP causes crashing
+    git clone --depth=1 https://github.com/dinotools/dionaea -b 0.8.0 /root/dionaea/ && \
     cd /root/dionaea && \
-    git checkout 1426750b9fd09c5bfeae74d506237333cd8505e2 && \
+    #git checkout 1426750b9fd09c5bfeae74d506237333cd8505e2 && \
     mkdir build && \
     cd build && \
     cmake -DCMAKE_INSTALL_PREFIX:PATH=/opt/dionaea .. && \

docker/dionaea/docker-compose.yml

@@ -1,5 +1,8 @@
 version: '2.3'
 
+networks:
+  dionaea_local:
+
 services:
 
 # Dionaea service
@@ -9,7 +12,8 @@ services:
     stdin_open: true
     tty: true
     restart: always
-    network_mode: "host"
+    networks:
+     - dionaea_local
     ports:
      - "20:20"
      - "21:21"
@@ -38,3 +42,4 @@ services:
      - /data/dionaea/binaries:/opt/dionaea/var/dionaea/binaries
      - /data/dionaea/log:/opt/dionaea/var/log
      - /data/dionaea/rtp:/opt/dionaea/var/dionaea/rtp
+

docker/elk/logstash/dist/logstash.conf

@@ -314,9 +314,8 @@ filter {
     }
     mutate {
       rename => {
-        "[Address][IP]" => "src_ip"
+        "IP" => "src_ip"
-        "[Address][Port]" => "src_port"
+        "Port" => "src_port"
-        "[Address][Zone]" => "zone"
         "AETitle" => "aetitle"
         "Command" => "input"
         "Files" => "files"
@@ -326,11 +325,6 @@ filter {
         "Version" => "version"
       }
     }
-    if [Address] {
-      mutate {
-        remove_field => "[Address]"
-      }
-    }
   }
 
 # ElasticPot