diff --git a/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md b/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md index e2eb2e88..4e120f93 100644 --- a/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md +++ b/.github/ISSUE_TEMPLATE/bug-report-for-t-pot.md @@ -10,10 +10,10 @@ assignees: '' # Successfully raise an issue Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue. -- 🔍 Use the [search function](https://github.com/dtag-dev-sec/tpotce/issues?utf8=%E2%9C%93&q=) first -- 🧐 Check our [Wiki](https://github.com/dtag-dev-sec/tpotce/wiki) and the [discussions](https://github.com/telekom-security/tpotce/discussions) -- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md). -- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own. +- 🔍 Use the [search function](https://github.com/telekom-security/tpotce/issues?utf8=%E2%9C%93&q=) first +- 🧐 Check our [Config Examples & Tutorials](https://github.com/telekom-security/tpotce/discussions/categories/config-examples-tutorials) and the [discussions](https://github.com/telekom-security/tpotce/discussions) in general. +- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md). +- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own. - **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.
# ⚠️ Basic support information (commands are expected to run as `root`) diff --git a/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md b/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md index 45ca029d..fb65f588 100644 --- a/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md +++ b/.github/ISSUE_TEMPLATE/general-issue-for-t-pot.md @@ -10,10 +10,10 @@ assignees: '' # Successfully raise an issue Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue. -- 🔍 Use the [search function](https://github.com/dtag-dev-sec/tpotce/issues?utf8=%E2%9C%93&q=) first -- 🧐 Check our [Wiki](https://github.com/dtag-dev-sec/tpotce/wiki) and the [discussions](https://github.com/telekom-security/tpotce/discussions) -- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md). -- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own. +- 🔍 Use the [search function](https://github.com/telekom-security/tpotce/issues?utf8=%E2%9C%93&q=) first +- 🧐 Check our [Config Examples & Tutorials](https://github.com/telekom-security/tpotce/discussions/categories/config-examples-tutorials) and the [discussions](https://github.com/telekom-security/tpotce/discussions) in general. +- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md). +- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own. - **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.
# ⚠️ Basic support information (commands are expected to run as `root`) diff --git a/docker/elk/logstash/dist/http_output.conf b/docker/elk/logstash/dist/http_output.conf index d3dd5716..9c1932a1 100644 --- a/docker/elk/logstash/dist/http_output.conf +++ b/docker/elk/logstash/dist/http_output.conf @@ -698,12 +698,15 @@ filter { remove_field => ["event_timestamp"] } mutate { - rename => { - "source_ip" => "src_ip" - "destination_ip" => "dest_ip" - } + split => ["source_ip", ":"] + rename => { "destination_ip" => "dest_ip" } add_field => { "dest_port" => "5060" } } + mutate { + add_field => { "src_ip" => "%{[source_ip][0]}" } + add_field => { "src_port" => "%{[source_ip][1]}" } + remove_field => ["source_ip"] + } } # Tanner diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf index fd797ba1..ad23f165 100644 --- a/docker/elk/logstash/dist/logstash.conf +++ b/docker/elk/logstash/dist/logstash.conf @@ -698,12 +698,15 @@ filter { remove_field => ["event_timestamp"] } mutate { - rename => { - "source_ip" => "src_ip" - "destination_ip" => "dest_ip" - } + split => ["source_ip", ":"] + rename => { "destination_ip" => "dest_ip" } add_field => { "dest_port" => "5060" } } + mutate { + add_field => { "src_ip" => "%{[source_ip][0]}" } + add_field => { "src_port" => "%{[source_ip][1]}" } + remove_field => ["source_ip"] + } } # Tanner diff --git a/update.sh b/update.sh index 3f54a207..f8fa4304 100755 --- a/update.sh +++ b/update.sh @@ -188,6 +188,10 @@ function fuRESTORE () { fi echo "### Restoring T-Pot config file .env" tar xvf $myARCHIVE .env -C $HOME/tpotce >/dev/null 2>&1 + # Backup file (.env) contains a record of the TPOT_VERSION that is used in docker-compose commmands. + # We should upgrade the version in this file after restoring the backup. + newVERSION=$(cat version) + sed -i "s/^TPOT_VERSION=.*/TPOT_VERSION=${newVERSION}/" $HOME/tpotce/.env } ################