From b74b89fdbfb0375749dc4fd0b36723d1fee4dfd0 Mon Sep 17 00:00:00 2001 From: Julio Reyes Date: Mon, 7 Feb 2022 18:17:38 +0100 Subject: [PATCH] Delete filebeat_to_elasticsearch.yml --- wazuh/config/filebeat_to_elasticsearch.yml | 55 ---------------------- 1 file changed, 55 deletions(-) delete mode 100644 wazuh/config/filebeat_to_elasticsearch.yml diff --git a/wazuh/config/filebeat_to_elasticsearch.yml b/wazuh/config/filebeat_to_elasticsearch.yml deleted file mode 100644 index 3b7819b7..00000000 --- a/wazuh/config/filebeat_to_elasticsearch.yml +++ /dev/null @@ -1,55 +0,0 @@ -# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2) - -# Wazuh - Filebeat configuration file -filebeat.inputs: - - type: log - paths: - - '/var/ossec/logs/alerts/alerts.json' - -setup.template.json.enabled: true -setup.template.json.path: "/etc/filebeat/wazuh-template.json" -setup.template.json.name: "wazuh" -setup.template.overwrite: true - -processors: - - decode_json_fields: - fields: ['message'] - process_array: true - max_depth: 200 - target: '' - overwrite_keys: true - - drop_fields: - fields: ['message', 'ecs', 'beat', 'input_type', 'tags', 'count', '@version', 'log', 'offset', 'type', 'host'] - - rename: - fields: - - from: "data.aws.sourceIPAddress" - to: "@src_ip" - ignore_missing: true - fail_on_error: false - when: - regexp: - data.aws.sourceIPAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b - - rename: - fields: - - from: "data.srcip" - to: "@src_ip" - ignore_missing: true - fail_on_error: false - when: - regexp: - data.srcip: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b - - rename: - fields: - - from: "data.win.eventdata.ipAddress" - to: "@src_ip" - ignore_missing: true - fail_on_error: false - when: - regexp: - data.win.eventdata.ipAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b - -output.elasticsearch: - hosts: ['http://elasticsearch:9200'] - #pipeline: geoip - indices: - - index: 'wazuh-alerts-4.x-%{+yyyy.MM.dd}' \ No newline at end of file