continue working on fatt

docker/elk/logstash/dist/logstash.conf

@@ -1,6 +1,13 @@
 # Input section
 input {
 
+# Fatt                                 
+  file {                                   
+    path => ["/data/fatt/log/fatt.log"]
+    codec => json     
+    type => "Fatt"
+  }  
+
 # Suricata
   file {
     path => ["/data/suricata/log/eve.json"]
@@ -128,6 +135,22 @@ input {
 # Filter Section
 filter {
 
+
+# Fatt
+  if [type] == "Fatt" {
+    date {
+      match => [ "timestamp", "ISO8601" ]
+    }
+    mutate {
+      rename => {
+        "sourceIp" => "src_ip"
+	"destinationIp" => "dest_ip"
+	"sourcePort" => "src_port"
+	"destinationPort" => "dest_port"
+      }
+    }
+  }
+
 # Suricata
   if [type] == "Suricata" {
     date {

update.sh

@@ -218,6 +218,7 @@ mkdir -p /data/adbhoney/downloads /data/adbhoney/log \
          /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp \
          /data/elasticpot/log \
          /data/elk/data /data/elk/log \
+	 /data/fatt/log \
          /data/glastopf/log /data/glastopf/db \
          /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \
          /data/glutton/log \