Elastic search show only suricata and p0f data. #808
Unanswered
TanveerAhmad2017
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi there
I have 20.6.2 Tpot version installed in VM.8Gb RAM ,140SSD and 2 cores.
*Note: /data folder is not empty i.e every honeypot have their respective logs inside.
Basically what I want is the whole data present in the "/data" folder to seen by the Elastic search but the problem is that it only shows p0f and suricata data. I tried to look for the logstash.config and found the input and output sections which show which data to take as input and which as output(elasticsearch) but when we visit elastic search web interface why it does not show the logs or data of other folders lets say cowrie etc. Am I missing something or I have to do something to achieve the required behaviour.
Below code is not complete and just for reference
input {
Cowrie
file {
path => ["/data/cowrie/log/cowrie.json"]
codec => json
type => "Cowrie"
}
_output {
elasticsearch {
hosts => ["elasticsearch:9200"]
# With templates now being legacy and ILM in place we need to set the daily index with its template manually. Otherwise a new index might be created with differents settings configured through Kibana.
index => "logstash-%{+YYYY.MM.dd}"
template => "/etc/logstash/tpot_es_template.json"
document_type => "doc"
}_
Beta Was this translation helpful? Give feedback.
All reactions