config/logstash.env.example

# Parameters for tuning Logstash pipelines (see
#   https://www.elastic.co/guide/en/logstash/current/logstash-settings-file.html)
pipeline.workers=3
pipeline.batch.size=75
pipeline.batch.delay=50
# Whether or not Logstash will map MAC addresses to vendors for MAC addresses
LOGSTASH_OUI_LOOKUP=true
# Whether or not Logstash will perform severity scoring on network traffic metadata
LOGSTASH_SEVERITY_SCORING=true
# Whether or not Logstash will perform a reverse DNS lookup for external IP addresses
LOGSTASH_REVERSE_DNS=false
# Whether or not Logstash will enrich network traffic metadata via NetBox API calls
LOGSTASH_NETBOX_ENRICHMENT=false
# Which types of logs will be enriched via NetBox (comma-separated list of provider.dataset, or the string all to enrich all logs)
LOGSTASH_NETBOX_ENRICHMENT_DATASETS=suricata.alert,zeek.conn,zeek.known_hosts,zeek.known_services,zeek.notice,zeek.signatures,zeek.software,zeek.weird
# Whether or not unobserved network entities in Logstash data will be used to populate NetBox
LOGSTASH_NETBOX_AUTO_POPULATE=false
# Caching parameters for NetBox's LogStash lookups
LOGSTASH_NETBOX_CACHE_SIZE=1000
LOGSTASH_NETBOX_CACHE_TTL=30
# Zeek log types that will be ignored (dropped) by LogStash
LOGSTASH_ZEEK_IGNORED_LOGS=analyzer,broker,capture_loss,cluster,config,loaded_scripts,packet_filter,png,print,prof,reporter,stats,stderr,stdout
# Logstash memory allowance and other Java options
LS_JAVA_OPTS=-server -Xmx2500m -Xms2500m -Xss1536k -XX:-HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/./urandom -Dlog4j.formatMsgNoLookups=true