tweaking

docker/elk/logstash/dist/logstash.conf

@@ -425,12 +425,12 @@ output {
 #    document_type => "doc"
   }
 
-  if [type] == "Suricata" {
-      file {
-        file_mode => 0760
-        path => "/data/suricata/log/suricata_ews.log"
-      }
-  }
+  #if [type] == "Suricata" {
+  #    file {
+  #      file_mode => 0760
+  #      path => "/data/suricata/log/suricata_ews.log"
+  #    }
+  #}
   # Debug output
   #if [type] == "XYZ" {
   #  stdout {

docker/ews/dist/ews.cfg

@@ -99,7 +99,7 @@ logfile = /data/elasticpot/log/elasticpot.log
 [SURICATA]
 suricata = true
 nodeid = suricata-community-01
-logfile = /data/suricata/log/suricata_ews.log
+logfile = /data/suricata/log/eve.json
 
 [MAILONEY]
 mailoney = true

docker/suricata/dist/capture-filter.bpf

@@ -1,3 +1,4 @@
 not (host sicherheitstacho.eu or community.sicherheitstacho.eu) and
 not (host archive.ubuntu.com or security.ubuntu.com) and
-not (host index.docker.io or docker.io)
+not (host index.docker.io or docker.io) and
+not (host hpfeeds.sissden.eu)