Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 12:32:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

prep for ipphoney

Browse source
This commit is contained in:
t3chn0m4g3 2020-08-25 12:25:59 +00:00
parent b86d2c715b
commit 54a6a944aa
2 changed files with 38 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
docker/elk/logstash/dist/logstash.conf vendored
View file

@ -429,6 +429,7 @@ filter {
} }
mutate { mutate {
rename => { rename => {
"query" => "ipp_query"
"content_type" => "http.http_content_type" "content_type" => "http.http_content_type"
"dst_port" => "dest_port" "dst_port" => "dest_port"
"dst_ip" => "dest_ip" "dst_ip" => "dest_ip"

36
docker/elk/logstash/dist/update.sh vendored
View file

@ -56,6 +56,42 @@ curl -s -XPUT "http://elasticsearch:9200/_template/logstash" -H 'Content-Type: a
"index.query": { "index.query": {
"default_field": "*" "default_field": "*"
} }
},
"mappings" : {
"dynamic_templates" : [ {
"message_field" : {
"path_match" : "message",
"match_mapping_type" : "string",
"mapping" : {
"type" : "text",
"norms" : false
}
}
}, {
"string_fields" : {
"match" : "*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "text", "norms" : false,
"fields" : {
"keyword" : { "type": "keyword", "ignore_above": 256 }
}
}
}
} ],
"properties" : {
"@timestamp": { "type": "date"},
"@version": { "type": "keyword"},
"geoip" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
}
}
} }
}' }'
echo echo