49 lines
1.1 KiB
Plaintext
49 lines
1.1 KiB
Plaintext
# Copyright (c) 2018-2020, diyIT.org
|
|
# All rights reserved.
|
|
#
|
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
|
# https://diyit.org/license/
|
|
#
|
|
#
|
|
|
|
input {
|
|
beats {
|
|
port => 5044
|
|
ssl => false
|
|
#https://discuss.elastic.co/t/problem-with-cipher-in-beat-input/67841
|
|
ssl_key => '/mnt/certs/diyprivkeyr.pem'
|
|
ssl_certificate => '/mnt/certs/diyfullchain.pem'
|
|
ssl_certificate_authorities => ["/mnt/certs/cacert.pem"]
|
|
ssl_verify_mode => "force_peer"
|
|
}
|
|
}
|
|
|
|
filter {
|
|
if "suricata" in [tags] {
|
|
json {
|
|
source => "message"
|
|
}
|
|
date {
|
|
match => [ "timestamp", "ISO8601" ]
|
|
}
|
|
if ![geoip] and [src_ip] !~ /^(10\.|192\.168\.)/ {
|
|
geoip {
|
|
add_tag => [ "GeoIP" ]
|
|
source => "src_ip"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
output {
|
|
elasticsearch {
|
|
ssl => true
|
|
ssl_certificate_verification => true
|
|
cacert => '/mnt/certs/cacert.pem'
|
|
hosts => ["https://elk.diyit.org:9200"]
|
|
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
|
|
user => "elastic"
|
|
password => "${es_pwd}"
|
|
}
|
|
}
|