tweaking

cleanup index-pattern add dicompot log to logstash
2025-07-01 12:32:12 +00:00 · 2020-06-24 13:21:29 +00:00 · 2020-06-24 13:21:29 +00:00 · 238a08b055
commit 238a08b055
parent 99d8cf9b32
3 changed files with 35 additions and 0 deletions
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@ -64,6 +64,13 @@ input {
    type => "Dionaea"
  }

+# Dicompot
+  file {
+    path => ["/data/dicompot/log/dicompot.log"]
+    codec => json
+    type => "Dicompot"
+  }
+
 # ElasticPot
  file {
    path => ["/data/elasticpot/log/elasticpot.json"]
@ -298,6 +305,34 @@ filter {
    }
  }

+# Dicompot
+  if [type] == "Dicompot" {
+    date {
+      match => [ "time", "yyyy-MM-dd HH:mm:ss" ]
+      remove_field => ["time"]
+      remove_field => ["timestamp"]
+    }
+    mutate {
+      rename => {
+        "[Address][IP]" => "src_ip"
+        "[Address][Port]" => "src_port"
+        "[Address][Zone]" => "zone"
+        "AETitle" => "aetitle"
+        "Command" => "input"
+        "Files" => "files"
+        "Identifier" => "identifier"
+        "Matches" => "matches"
+        "Status" => "session"
+        "Version" => "version"
+      }
+    }
+    if [Address] {
+      mutate {
+        remove_field => "[Address]"
+      }
+    }
+  }
+
 # ElasticPot
  if [type] == "ElasticPot" {
    date {
--- a/etc/objects/elkbase.tgz
+++ b/etc/objects/elkbase.tgz
--- a/etc/objects/kibana-objects.tgz
+++ b/etc/objects/kibana-objects.tgz