Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 20:42:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

prevent status field from being indexed as string

Browse source
This commit is contained in:
Marco Ochse 2018-08-28 12:41:11 +02:00 committed by GitHub
parent 7255a3dbe0
commit d19d3823f6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
docker/elk/logstash/dist/logstash.conf vendored
View file

@ -365,7 +365,7 @@ if "_grokparsefailure" in [tags] { drop {} }
}
}
# In some rare conditions dest_port, src_port is indexed as string, forcing integer for now
# In some rare conditions dest_port, src_port, status are indexed as string, forcing integer for now
if [dest_port] {
mutate {
convert => { "dest_port" => "integer" }
@ -376,6 +376,11 @@ if "_grokparsefailure" in [tags] { drop {} }
convert => { "src_port" => "integer" }
}
}
if [status] {
mutate {
convert => { "status" => "integer" }
}
}
# Add T-Pot hostname and external IP
if [type] == "Ciscoasa" or [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "eMobility" or [type] == "Glastopf" or [type] == "Honeytrap" or [type] == "Heralding" or [type] == "Mailoney" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Tanner" or [type] == "Vnclowpot" {