зеркало из https://github.com/mozilla/MozDef.git
31 строка
651 B
TOML
31 строка
651 B
TOML
[brointel]
|
|
type = "LogstreamerInput"
|
|
log_directory = "/nsm/bro/spool/manager"
|
|
file_match = 'intel\.log'
|
|
decoder = "brointel_transform_decoder"
|
|
|
|
[brointel_transform_decoder]
|
|
type = "SandboxDecoder"
|
|
script_type = "lua"
|
|
filename = "brointel.lua"
|
|
|
|
# Start commenting here if you don't want any stdout
|
|
[stdout]
|
|
type = "LogOutput"
|
|
message_matcher = "TRUE"
|
|
#payload_only = true
|
|
# Finish commenting here
|
|
|
|
[ESJsonEncoder]
|
|
index = "events"
|
|
es_index_from_timestamp = false
|
|
type_name = "event"
|
|
|
|
[ElasticSearchOutput]
|
|
message_matcher = "Type =='brointel'"
|
|
encoder = "ESJsonEncoder"
|
|
server = "http://mozdef.example.com:8080"
|
|
flush_interval = 1000
|
|
flush_count = 10
|
|
|