From 6faf600d401ce44f4568d35dc38b46dcf29acae9 Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Thu, 3 Jul 2025 10:48:18 +0200
Subject: [PATCH] Fix logstash logging issue, introduced with Sentrypeer 4.0.4
 Similar to #1807

---
 docker/elk/logstash/dist/http_output.conf | 11 +++++++----
 docker/elk/logstash/dist/logstash.conf    | 11 +++++++----
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/docker/elk/logstash/dist/http_output.conf b/docker/elk/logstash/dist/http_output.conf
index d3dd5716..9c1932a1 100644
--- a/docker/elk/logstash/dist/http_output.conf
+++ b/docker/elk/logstash/dist/http_output.conf
@@ -698,12 +698,15 @@ filter {
       remove_field => ["event_timestamp"]
     }
     mutate {
-      rename => {
-        "source_ip" => "src_ip"
-        "destination_ip" => "dest_ip"
-      }
+      split => ["source_ip", ":"]
+      rename => { "destination_ip" => "dest_ip" }
       add_field => { "dest_port" => "5060" }
     }
+    mutate {
+      add_field => { "src_ip" => "%{[source_ip][0]}" }
+      add_field => { "src_port" => "%{[source_ip][1]}" }
+      remove_field => ["source_ip"]
+    }
   }
 
 # Tanner
diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf
index fd797ba1..ad23f165 100644
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@@ -698,12 +698,15 @@ filter {
       remove_field => ["event_timestamp"]
     }
     mutate {
-      rename => {
-        "source_ip" => "src_ip"
-        "destination_ip" => "dest_ip"
-      }
+      split => ["source_ip", ":"]
+      rename => { "destination_ip" => "dest_ip" }
       add_field => { "dest_port" => "5060" }
     }
+    mutate {
+      add_field => { "src_ip" => "%{[source_ip][0]}" }
+      add_field => { "src_port" => "%{[source_ip][1]}" }
+      remove_field => ["source_ip"]
+    }
   }
 
 # Tanner