unify case among config
This commit is contained in:
@ -7,14 +7,14 @@
|
||||
|
||||
input {
|
||||
file {
|
||||
path => "/opt/vulnwhisperer/data/nessus/**/*"
|
||||
path => "/opt/VulnWhisperer/data/nessus/**/*"
|
||||
mode => "read"
|
||||
start_position => "beginning"
|
||||
file_completed_action => "delete"
|
||||
tags => "nessus"
|
||||
}
|
||||
file {
|
||||
path => "/opt/vulnwhisperer/data/tenable/*.csv"
|
||||
path => "/opt/VulnWhisperer/data/tenable/*.csv"
|
||||
mode => "read"
|
||||
start_position => "beginning"
|
||||
file_completed_action => "delete"
|
||||
@ -53,11 +53,13 @@ filter {
|
||||
}
|
||||
|
||||
#If using filebeats as your source, you will need to replace the "path" field to "source"
|
||||
# Remove when scan name is included in event (current method is error prone)
|
||||
grok {
|
||||
match => { "path" => "(?<scan_name>[a-zA-Z0-9_.\-]+)_%{INT:scan_id}_%{INT:history_id}_%{INT:last_updated}.csv$" }
|
||||
tag_on_failure => []
|
||||
}
|
||||
|
||||
# TODO remove when @timestamp is included in event
|
||||
date {
|
||||
match => [ "last_updated", "UNIX" ]
|
||||
target => "@timestamp"
|
||||
@ -169,6 +171,9 @@ filter {
|
||||
|
||||
output {
|
||||
if "nessus" in [tags] or "tenable" in [tags]{
|
||||
stdout {
|
||||
codec => dots
|
||||
}
|
||||
elasticsearch {
|
||||
hosts => [ "elasticsearch:9200" ]
|
||||
index => "logstash-vulnwhisperer-%{+YYYY.MM}"
|
||||
|
@ -6,7 +6,7 @@
|
||||
|
||||
input {
|
||||
file {
|
||||
path => [ "/opt/vulnwhisperer/data/qualys/*.json" , "/opt/vulnwhisperer/data/qualys_web/*.json", "/opt/vulnwhisperer/data/qualys_vuln/*.json"]
|
||||
path => [ "/opt/VulnWhisperer/data/qualys/*.json" , "/opt/VulnWhisperer/data/qualys_web/*.json", "/opt/VulnWhisperer/data/qualys_vuln/*.json"]
|
||||
type => json
|
||||
codec => json
|
||||
start_position => "beginning"
|
||||
@ -98,6 +98,8 @@ filter {
|
||||
target => "last_time_tested"
|
||||
}
|
||||
}
|
||||
|
||||
# TODO remove when @timestamp is included in event
|
||||
date {
|
||||
match => [ "last_updated", "UNIX" ]
|
||||
target => "@timestamp"
|
||||
@ -147,6 +149,9 @@ filter {
|
||||
}
|
||||
output {
|
||||
if "qualys" in [tags] {
|
||||
stdout {
|
||||
codec => dots
|
||||
}
|
||||
elasticsearch {
|
||||
hosts => [ "elasticsearch:9200" ]
|
||||
index => "logstash-vulnwhisperer-%{+YYYY.MM}"
|
||||
|
@ -6,7 +6,7 @@
|
||||
|
||||
input {
|
||||
file {
|
||||
path => "/opt/vulnwhisperer/data/openvas/*.json"
|
||||
path => "/opt/VulnWhisperer/data/openvas/*.json"
|
||||
type => json
|
||||
codec => json
|
||||
start_position => "beginning"
|
||||
@ -92,6 +92,8 @@ filter {
|
||||
target => "last_time_tested"
|
||||
}
|
||||
}
|
||||
|
||||
# TODO remove when @timestamp is included in event
|
||||
date {
|
||||
match => [ "last_updated", "UNIX" ]
|
||||
target => "@timestamp"
|
||||
@ -141,6 +143,9 @@ filter {
|
||||
}
|
||||
output {
|
||||
if "openvas" in [tags] {
|
||||
stdout {
|
||||
codec => dots
|
||||
}
|
||||
elasticsearch {
|
||||
hosts => [ "elasticsearch:9200" ]
|
||||
index => "logstash-vulnwhisperer-%{+YYYY.MM}"
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
input {
|
||||
file {
|
||||
path => "/opt/vulnwhisperer/data/jira/*.json"
|
||||
path => "/opt/VulnWhisperer/data/jira/*.json"
|
||||
type => json
|
||||
codec => json
|
||||
start_position => "beginning"
|
||||
|
Reference in New Issue
Block a user