From 6c2ad76668752c8ecd1fed88e2a58f87fa149f1b Mon Sep 17 00:00:00 2001 From: Ray Qiu Date: Tue, 26 Feb 2019 11:47:31 -0800 Subject: [PATCH] Fix copy/paste errors --- testing/environments/snapshot.yml | 6 +++--- .../zeek/connection/ingest/pipeline.json | 4 ++-- .../module/zeek/dns/ingest/pipeline.json | 4 ++-- .../module/zeek/files/ingest/pipeline.json | 4 ++-- .../module/zeek/http/ingest/pipeline.json | 4 ++-- .../module/zeek/notice/ingest/pipeline.json | 12 +++++------ .../module/zeek/ssl/ingest/pipeline.json | 4 ++-- x-pack/filebeat/modules.d/zeek.yml.disabled | 21 ------------------- 8 files changed, 19 insertions(+), 40 deletions(-) delete mode 100644 x-pack/filebeat/modules.d/zeek.yml.disabled diff --git a/testing/environments/snapshot.yml b/testing/environments/snapshot.yml index 0d0fd4fbc2a2..a119227ca519 100644 --- a/testing/environments/snapshot.yml +++ b/testing/environments/snapshot.yml @@ -3,7 +3,7 @@ version: '2.3' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:7.0.0-SNAPSHOT + image: docker.elastic.co/elasticsearch/elasticsearch:7.1.0-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9200"] retries: 300 @@ -16,7 +16,7 @@ services: - "xpack.security.enabled=false" logstash: - image: docker.elastic.co/logstash/logstash:7.0.0-SNAPSHOT + image: docker.elastic.co/logstash/logstash:7.1.0-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] retries: 600 @@ -26,7 +26,7 @@ services: - ./docker/logstash/pki:/etc/pki:ro kibana: - image: docker.elastic.co/kibana/kibana:7.0.0-SNAPSHOT + image: docker.elastic.co/kibana/kibana:7.1.0-SNAPSHOT healthcheck: test: ["CMD-SHELL", 'python -c ''import urllib, json; response = urllib.urlopen("http://localhost:5601/api/status"); data = json.loads(response.read()); exit(1) if data["status"]["overall"]["state"] != "green" else exit(0);'''] retries: 600 diff --git a/x-pack/filebeat/module/zeek/connection/ingest/pipeline.json b/x-pack/filebeat/module/zeek/connection/ingest/pipeline.json index 8057a09c0672..1ca5eadc4099 100644 --- a/x-pack/filebeat/module/zeek/connection/ingest/pipeline.json +++ b/x-pack/filebeat/module/zeek/connection/ingest/pipeline.json @@ -25,8 +25,8 @@ }, { "set": { - "field": "ctx.event.id", - "value": "{{ctx.zeek.session_id}}", + "field": "event.id", + "value": "{{zeek.session_id}}", "if": "ctx.zeek.session_id != null" } }, diff --git a/x-pack/filebeat/module/zeek/dns/ingest/pipeline.json b/x-pack/filebeat/module/zeek/dns/ingest/pipeline.json index ea6b17b44c16..bea3798a7bbd 100644 --- a/x-pack/filebeat/module/zeek/dns/ingest/pipeline.json +++ b/x-pack/filebeat/module/zeek/dns/ingest/pipeline.json @@ -9,8 +9,8 @@ }, { "set": { - "field": "ctx.event.id", - "value": "{{ctx.zeek.session_id}}", + "field": "event.id", + "value": "{{zeek.session_id}}", "if": "ctx.zeek.session_id != null" } }, diff --git a/x-pack/filebeat/module/zeek/files/ingest/pipeline.json b/x-pack/filebeat/module/zeek/files/ingest/pipeline.json index 45877fcbebb6..84e96dbd912e 100644 --- a/x-pack/filebeat/module/zeek/files/ingest/pipeline.json +++ b/x-pack/filebeat/module/zeek/files/ingest/pipeline.json @@ -31,8 +31,8 @@ }, { "set": { - "field": "ctx.event.id", - "value": "{{ctx.zeek.session_id}}", + "field": "event.id", + "value": "{{zeek.session_id}}", "if": "ctx.zeek.session_id != null" } } diff --git a/x-pack/filebeat/module/zeek/http/ingest/pipeline.json b/x-pack/filebeat/module/zeek/http/ingest/pipeline.json index c124b3d2b2db..a892d959ce5a 100644 --- a/x-pack/filebeat/module/zeek/http/ingest/pipeline.json +++ b/x-pack/filebeat/module/zeek/http/ingest/pipeline.json @@ -9,8 +9,8 @@ }, { "set": { - "field": "ctx.event.id", - "value": "{{ctx.zeek.session_id}}", + "field": "event.id", + "value": "{{zeek.session_id}}", "if": "ctx.zeek.session_id != null" } }, diff --git a/x-pack/filebeat/module/zeek/notice/ingest/pipeline.json b/x-pack/filebeat/module/zeek/notice/ingest/pipeline.json index e6db4c99b908..1b1bf8b49af0 100644 --- a/x-pack/filebeat/module/zeek/notice/ingest/pipeline.json +++ b/x-pack/filebeat/module/zeek/notice/ingest/pipeline.json @@ -9,22 +9,22 @@ }, { "set": { - "field": "ctx.destination.ip", - "value": "{{ctx.destination.address}}", + "field": "destination.ip", + "value": "{{destination.address}}", "if": "ctx.destination?.address != null" } }, { "set": { - "field": "ctx.source.ip", - "value": "{{ctx.source.address}}", + "field": "source.ip", + "value": "{{source.address}}", "if": "ctx.source?.address != null" } }, { "set": { - "field": "ctx.event.id", - "value": "{{ctx.zeek.session_id}}", + "field": "event.id", + "value": "{{zeek.session_id}}", "if": "ctx.zeek.session_id != null" } }, diff --git a/x-pack/filebeat/module/zeek/ssl/ingest/pipeline.json b/x-pack/filebeat/module/zeek/ssl/ingest/pipeline.json index d41cf0fa8aa6..54d068b19f9b 100644 --- a/x-pack/filebeat/module/zeek/ssl/ingest/pipeline.json +++ b/x-pack/filebeat/module/zeek/ssl/ingest/pipeline.json @@ -9,8 +9,8 @@ }, { "set": { - "field": "ctx.event.id", - "value": "{{ctx.zeek.session_id}}", + "field": "event.id", + "value": "{{zeek.session_id}}", "if": "ctx.zeek.session_id != null" } }, diff --git a/x-pack/filebeat/modules.d/zeek.yml.disabled b/x-pack/filebeat/modules.d/zeek.yml.disabled deleted file mode 100644 index c43668021eab..000000000000 --- a/x-pack/filebeat/modules.d/zeek.yml.disabled +++ /dev/null @@ -1,21 +0,0 @@ -# Module: zeek -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-zeek.html - -- module: zeek - # All logs - connection: - enabled: true - dns: - enabled: true - http: - enabled: true - files: - enabled: true - ssl: - enabled: true - notice: - enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: