From 91a8b3c4ea0b0702c948bdfa111c8566862dae23 Mon Sep 17 00:00:00 2001 From: Mikhail Fedorov Date: Mon, 14 Dec 2020 15:40:02 -0800 Subject: [PATCH 1/2] add new fields to fluentd --- fluentd/config/fluentd.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fluentd/config/fluentd.conf b/fluentd/config/fluentd.conf index ca6c842..feffbba 100644 --- a/fluentd/config/fluentd.conf +++ b/fluentd/config/fluentd.conf @@ -18,7 +18,7 @@ @type grok grok_failure_key grokfailure - pattern attack_type="%{DATA:attack_type}",blocking_exception_reason="%{DATA:blocking_exception_reason}",date_time="%{DATA:date_time}",dest_port="%{DATA:dest_port}",ip_client="%{DATA:ip_client}",is_truncated="%{DATA:is_truncated}",method="%{DATA:method}",policy_name="%{DATA:policy_name}",protocol="%{DATA:protocol}",request_status="%{DATA:request_status}",response_code="%{DATA:response_code}",severity="%{DATA:severity}",sig_cves="%{DATA:sig_cves}",sig_ids="%{DATA:sig_ids}",sig_names="%{DATA:sig_names}",sig_set_names="%{DATA:sig_set_names}",src_port="%{DATA:src_port}",sub_violations="%{DATA:sub_violations}",support_id="%{DATA:support_id}",threat_campaign_names="%{DATA:threat_campaign_names}",unit_hostname="%{DATA:unit_hostname}",uri="%{DATA:uri}",violation_rating="%{DATA:violation_rating}",vs_name="%{DATA:vs_name}",x_forwarded_for_header_value="%{DATA:x_forwarded_for_header_value}",outcome="%{DATA:outcome}",outcome_reason="%{DATA:outcome_reason}",violations="%{DATA:violations}",violation_details="%{DATA:violation_details}",request="%{DATA:request}" + pattern attack_type="%{DATA:attack_type}",blocking_exception_reason="%{DATA:blocking_exception_reason}",date_time="%{DATA:date_time}",dest_port="%{DATA:dest_port}",ip_client="%{DATA:ip_client}",is_truncated="%{DATA:is_truncated}",method="%{DATA:method}",policy_name="%{DATA:policy_name}",protocol="%{DATA:protocol}",request_status="%{DATA:request_status}",response_code="%{DATA:response_code}",severity="%{DATA:severity}",sig_cves="%{DATA:sig_cves}",sig_ids="%{DATA:sig_ids}",sig_names="%{DATA:sig_names}",sig_set_names="%{DATA:sig_set_names}",src_port="%{DATA:src_port}",sub_violations="%{DATA:sub_violations}",support_id="%{DATA:support_id}",threat_campaign_names="%{DATA:threat_campaign_names}",unit_hostname="%{DATA:unit_hostname}",uri="%{DATA:uri}",violation_rating="%{DATA:violation_rating}",vs_name="%{DATA:vs_name}",x_forwarded_for_header_value="%{DATA:x_forwarded_for_header_value}",outcome="%{DATA:outcome}",outcome_reason="%{DATA:outcome_reason}",violations="%{DATA:violations}",violation_details="%{DATA:violation_details}",bot_signature_name="%{DATA:bot_signature_name}",bot_category="%{DATA:bot_category}",bot_anomalies="%{DATA:bot_anomalies}",enforced_bot_anomalies="%{DATA:enforced_bot_anomalies}",client_class="%{DATA:client_class}",request="%{DATA:request}" From 8804e41275e3a5ed02a56ecdb76acc3e2c9e7ee7 Mon Sep 17 00:00:00 2001 From: Mikhail Fedorov Date: Mon, 14 Dec 2020 15:42:50 -0800 Subject: [PATCH 2/2] adjust fluentd output hostname --- fluentd/config/fluentd.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fluentd/config/fluentd.conf b/fluentd/config/fluentd.conf index ca6c842..d074c42 100644 --- a/fluentd/config/fluentd.conf +++ b/fluentd/config/fluentd.conf @@ -80,7 +80,7 @@ flush_mode immediate scheme https - host kibana.f5-demo.com + host kibana.example.org port 443 ssl_verify false max_retry_get_es_version 3