mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-01 20:42:11 +00:00
logstash logging for honeypots
This commit is contained in:
t3chn0m4g3
parent
6c155ad87f
commit
ce39e1bd4f
1 changed files with 14 additions and 0 deletions
14
docker/elk/logstash/dist/logstash.conf
vendored
14
docker/elk/logstash/dist/logstash.conf
vendored
|
|
@ -112,6 +112,13 @@ input {
|
|||
type => "Heralding"
|
||||
}
|
||||
|
||||
# Honeypots
|
||||
file {
|
||||
path => ["/data/honeypots/log/*.log"]
|
||||
codec => json
|
||||
type => "Honeypots"
|
||||
}
|
||||
|
||||
# Honeypy
|
||||
file {
|
||||
path => ["/data/honeypy/log/json.log"]
|
||||
|
|
@ -491,6 +498,13 @@ filter {
|
|||
}
|
||||
}
|
||||
|
||||
# Honeypots
|
||||
if [type] == "Honeypots" {
|
||||
date {
|
||||
match => [ "timestamp", "ISO8601" ]
|
||||
}
|
||||
}
|
||||
|
||||
# Honeysap
|
||||
if [type] == "Honeysap" {
|
||||
date {
|
||||
|
|
|
|||
Loading…
Reference in a new issue