From f870c8e88525cdbcc07c619763e2531d7465409f Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Mon, 3 Jun 2019 10:22:07 +0000
Subject: [PATCH] continue working on fatt

---
 docker/elk/logstash/dist/logstash.conf | 23 +++++++++++++++++++++++
 update.sh                              |  1 +
 2 files changed, 24 insertions(+)

diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf
index 71ab322a..b0cf4003 100644
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@@ -1,6 +1,13 @@
 # Input section
 input {
 
+# Fatt                                 
+  file {                                   
+    path => ["/data/fatt/log/fatt.log"]
+    codec => json     
+    type => "Fatt"
+  }  
+
 # Suricata
   file {
     path => ["/data/suricata/log/eve.json"]
@@ -128,6 +135,22 @@ input {
 # Filter Section
 filter {
 
+
+# Fatt
+  if [type] == "Fatt" {
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+    mutate {
+      rename => {
+        "sourceIp" => "src_ip"
+	"destinationIp" => "dest_ip"
+	"sourcePort" => "src_port"
+	"destinationPort" => "dest_port"
+      }
+    }
+  }
+
 # Suricata
   if [type] == "Suricata" {
     date {
diff --git a/update.sh b/update.sh
index 0bfa5408..b7f3b094 100755
--- a/update.sh
+++ b/update.sh
@@ -218,6 +218,7 @@ mkdir -p /data/adbhoney/downloads /data/adbhoney/log \
          /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp \
          /data/elasticpot/log \
          /data/elk/data /data/elk/log \
+	 /data/fatt/log \
          /data/glastopf/log /data/glastopf/db \
          /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \
          /data/glutton/log \