Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-08-31 15:26:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

clean up log sources

Browse source
This commit is contained in:
t3chn0m4g3 2018-11-13 15:46:57 +00:00
parent 106193fac5
commit 5754c79086
1 changed files with 0 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
docker/elk/logstash/dist/logstash.conf vendored
View file

@ -50,12 +50,6 @@ input {
type => "ElasticPot"
}
# eMobility
file {
path => ["/data/emobility/log/centralsystemEWS.log"]
type => "eMobility"
}
# Glastopf
file {
path => ["/data/glastopf/log/glastopf.log"]
@ -231,16 +225,6 @@ filter {
}
}
# eMobility
if [type] == "eMobility" {
grok {
match => [ "message", "\A%{IP:src_ip}\.%{POSINT:src_port:integer}\|%{IP:dest_ip}\.%{POSINT:dest_port:integer}:%{SPACE}%{SYSLOG5424PRINTASCII}%{SPACE}%{SYSLOG5424PRINTASCII}%{SPACE}%{SYSLOG5424PRINTASCII}%{SPACE}%{SYSLOG5424PRINTASCII}%{SPACE}%{SYSLOG5424PRINTASCII}%{SPACE}%{SYSLOG5424PRINTASCII}%{SPACE}%{SYSLOG5424PRINTASCII}%{SPACE}%{SYSLOG5424PRINTASCII}%{SPACE}%{SYSLOG5424PRINTASCII}%{SPACE}%{SYSLOG5424SD}%{SYSLOG5424PRINTASCII}%{SPACE}%{SYSLOG5424PRINTASCII}%{SPACE}%{SYSLOG5424PRINTASCII}%{SPACE}%{URIPROTO:http_method}\|%{URIPATH:http_uri}\|%{TIMESTAMP_ISO8601:timestamp}" ]
}
date {
match => [ "timestamp", "ISO8601" ]
}
}
# Glastopf
if [type] == "Glastopf" {
grok {