Merge bec64f2306 into 6faf600d40

Similar to #1807

docker/elk/logstash/dist/http_output.conf

@@ -698,12 +698,15 @@ filter {
       remove_field => ["event_timestamp"]
     }
     mutate {
-      rename => {
-        "source_ip" => "src_ip"
-        "destination_ip" => "dest_ip"
-      }
+      split => ["source_ip", ":"]
+      rename => { "destination_ip" => "dest_ip" }
       add_field => { "dest_port" => "5060" }
     }
+    mutate {
+      add_field => { "src_ip" => "%{[source_ip][0]}" }
+      add_field => { "src_port" => "%{[source_ip][1]}" }
+      remove_field => ["source_ip"]
+    }
   }
 
 # Tanner

docker/elk/logstash/dist/logstash.conf

@@ -698,12 +698,15 @@ filter {
       remove_field => ["event_timestamp"]
     }
     mutate {
-      rename => {
-        "source_ip" => "src_ip"
-        "destination_ip" => "dest_ip"
-      }
+      split => ["source_ip", ":"]
+      rename => { "destination_ip" => "dest_ip" }
       add_field => { "dest_port" => "5060" }
     }
+    mutate {
+      add_field => { "src_ip" => "%{[source_ip][0]}" }
+      add_field => { "src_port" => "%{[source_ip][1]}" }
+      remove_field => ["source_ip"]
+    }
   }
 
 # Tanner

update.sh

@@ -188,6 +188,10 @@ function fuRESTORE () {
 	fi
 	echo "### Restoring T-Pot config file .env"
 	tar xvf $myARCHIVE .env -C $HOME/tpotce >/dev/null 2>&1
+	# Backup file (.env) contains a record of the TPOT_VERSION that is used in docker-compose commmands. 
+	# We should upgrade the version in this file after restoring the backup.
+	newVERSION=$(cat version)
+	sed -i 's/^TPOT_VERSION=.*/TPOT_VERSION=${newVERSION}/' $HOME/tpotce/.env
 }
 
 ################