Giters

bortok / bro-s3-elastic

Elastic Stack for BRO input via S3 (based on Security Onion Elastic stack)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Security Onion + Elastic

This repo contains files which will configure the Elastic Stack on Security Onion:

  • Elasticsearch
  • Logstash
  • Kibana

For more information, please see the Elastic pages on our Wiki: https://securityonion.net/wiki/elastic

Logstash initialization requirements /etc/default/logstash

LS_PIPELINE_BRO_S3_ACCESS_KEY_ID=""
LS_PIPELINE_BRO_S3_SECRET_ACCESS_KEY=""
LS_PIPELINE_BRO_S3_BUCKET=""
LS_PIPELINE_BRO_S3_REGION=""
LS_PIPELINE_BRO_S3_PREFIX=""
LS_PIPELINE_BACKUP_S3_BUCKET=""
LS_PIPELINE_BACKUP_ADD_S3_PREFIX="processed/"

LS_PIPELINE_BRO_ELASTIC_HOST=""
LS_PIPELINE_BRO_ELASTIC_USER=""
LS_PIPELINE_BRO_ELASTIC_PASSWORD=""

/etc/systemd/system/logstash.service

ExecStart=/bin/bash -c 'LS_PIPELINE_BRO_S3_PREFIX_DATE=`/etc/logstash/s3-prefix-date.sh` exec /usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"'

/etc/logstash/s3-prefix-date.sh - as is

Install rvm gem install bundler

cd ~/bro-s3-elastic bundle install cd bro-s3-pipeline mustache 0097_input_bro_s3.yaml 0097_input_bro_s3.template > 0097_input_bro_s3.conf

About

Elastic Stack for BRO input via S3 (based on Security Onion Elastic stack)

Languages

Language:Shell 85.5%Language:Python 9.6%Language:PowerShell 3.8%Language:PHP 0.9%Language:Ruby 0.1%Language:Zeek 0.0%