diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf
index 46ea5e4e..2c51078a 100644
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@@ -320,6 +320,38 @@ filter {
       match => [ "time", "yyyy-MM-dd HH:mm:ss.SSSSSS" ]
       remove_field => ["time"]
     }
+    if [path] == "/data/ddospot/log/chargenpot.log" {
+      mutate {
+        add_field => {
+	  "dest_port" => "19"
+          "dest_ip" => "${MY_EXTIP}"
+	}
+      }
+    }
+    if [path] == "/data/ddospot/log/dnspot.log" {
+      mutate {
+        add_field => {
+          "dest_port" => "53"
+          "dest_ip" => "${MY_EXTIP}"
+        }
+      }
+    }
+    if [path] == "/data/ddospot/log/ntpot.log" {
+      mutate {
+        add_field => {
+          "dest_port" => "123"
+          "dest_ip" => "${MY_EXTIP}"
+        }
+      }
+    }
+    if [path] == "/data/ddospot/log/ssdpot.log" {
+      mutate {
+        add_field => {
+          "dest_port" => "1900"
+          "dest_ip" => "${MY_EXTIP}"
+        }
+      }
+    }
   }
 
 # Dionaea
@@ -397,6 +429,21 @@ filter {
     }
   }
 
+# Hellpot
+  if [type] == "Hellpot" {
+    date {
+      match => [ "time", "ISO8601" ]
+      remove_field => ["time"]
+      remove_field => ["timestamp"]
+    }
+    mutate {
+      add_field => {
+        "dest_port" => "80"
+        "dest_ip" => "${MY_EXTIP}"
+      }
+    }
+  }
+
 # Heralding
   if [type] == "Heralding" {
     csv {