You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've recently started playing around with Security Onion and just wanted to see if anyone knew which configuration file to edit if I wanted to add a drop filter function in Logstash. The idea is there are tons of logs I do not want going in as events into ElasticSearch. In order to keep storage capacity at bay, there are some obvious logs that I'd like to have dropped before any indexing.
An example of an implementation to play around with is for instance, if I did:
If [EventID] == 1 {
drop { }
}
Not saying the above is what I will for sure implement, but just using that as an example, I'm unsure which configuration file to edit so that I can add the above function in.
The current deployment type of Sec Onion is a distributed architecture.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Good morning everyone!
I've recently started playing around with Security Onion and just wanted to see if anyone knew which configuration file to edit if I wanted to add a drop filter function in Logstash. The idea is there are tons of logs I do not want going in as events into ElasticSearch. In order to keep storage capacity at bay, there are some obvious logs that I'd like to have dropped before any indexing.
An example of an implementation to play around with is for instance, if I did:
If [EventID] == 1 {
drop { }
}
Not saying the above is what I will for sure implement, but just using that as an example, I'm unsure which configuration file to edit so that I can add the above function in.
The current deployment type of Sec Onion is a distributed architecture.
Thank you very much!
Beta Was this translation helpful? Give feedback.
All reactions