Loading docker-compose.yml +3 −3 Original line number Diff line number Diff line Loading @@ -24,9 +24,9 @@ services: container_name: logstash volumes: - ./etc/kypo-logstash.yml:/usr/share/logstash/config/logstash.yml - ./etc/kypo-logstash-bash-actions.conf:/usr/share/logstash/pipeline/kypo-logstash-bash-actions.conf - ./etc/kypo-logstash-portal-events.conf:/usr/share/logstash/pipeline/kypo-logstash-portal-events.conf - ./etc/kypo-logstash-training-definition.conf:/usr/share/logstash/pipeline/kypo-logstash-training-definition.conf - ./etc/10-kypo-logstash-bash-actions.conf:/usr/share/logstash/pipeline/10-kypo-logstash-bash-actions.conf - ./etc/20-kypo-logstash-portal-events.conf:/usr/share/logstash/pipeline/20-kypo-logstash-portal-events.conf - ./etc/30-kypo-logstash-training-definition.conf:/usr/share/logstash/pipeline/30-kypo-logstash-training-definition.conf - ./etc/kypo-logstash-pipelines.yml:/usr/share/logstash/config/pipelines.yml environment: - ELASTICSEARCH_URL='http://elasticsearch:9200' Loading etc/kypo-logstash-bash-actions.conf→etc/10-kypo-logstash-bash-actions.conf +0 −0 File moved. View file etc/kypo-logstash-portal-events.conf→etc/20-kypo-logstash-portal-events.conf +0 −0 File moved. View file etc/kypo-logstash-training-definition.conf→etc/30-kypo-logstash-training-definition.conf +0 −0 File moved. View file insert-events.sh +14 −16 Original line number Diff line number Diff line Loading @@ -9,10 +9,17 @@ TEMPLATE_PATH="template.json" #Set template curl -H 'Content-Type: application/json' -X PUT -d @${TEMPLATE_PATH} ${ELASTICSEARCH_API_ROOT}${TEMPLATE_INFO}?include_type_name=true ## POST data to Elasticsearch # KYPO portal events if [ ! -z "$1" ] then cd "$1" ## insert training definition for FILE in training_definition-id*.json do TD_FILE_CONTENT=`cat $FILE` curl -X POST -d "$TD_FILE_CONTENT" "${LOGSTASH_API_ROOT_TD}" -H 'Content-Type: application/json' done ## insert training events cd "training events" for FILE in *-events.json do while read LINE Loading @@ -21,19 +28,9 @@ then curl -X POST -d "$LINE" "${LOGSTASH_API_ROOT_EVENTS}" -H 'Content-Type: application/json' done < $FILE done for FILE in training_definition-id*.json do TD_FILE_CONTENT=`cat $FILE` curl -X POST -d "$TD_FILE_CONTENT" "${LOGSTASH_API_ROOT_TD}" -H 'Content-Type: application/json' done else echo "KYPO PORTAL EVENTS DIRECTORY WAS NOT PROVIDED." fi # bash history commands if [ ! -z "$2" ] then cd "$2" cd .. ## insert bash history commands cd "command histories" for FILE in *-useractions.json do while read -r LINE Loading @@ -43,5 +40,6 @@ then done < $FILE done else echo "KYPO BASH COMMANDS DIRECTORY WAS NOT PROVIDED." echo "KYPO PORTAL EVENTS DIRECTORY WAS NOT PROVIDED." fi Loading
docker-compose.yml +3 −3 Original line number Diff line number Diff line Loading @@ -24,9 +24,9 @@ services: container_name: logstash volumes: - ./etc/kypo-logstash.yml:/usr/share/logstash/config/logstash.yml - ./etc/kypo-logstash-bash-actions.conf:/usr/share/logstash/pipeline/kypo-logstash-bash-actions.conf - ./etc/kypo-logstash-portal-events.conf:/usr/share/logstash/pipeline/kypo-logstash-portal-events.conf - ./etc/kypo-logstash-training-definition.conf:/usr/share/logstash/pipeline/kypo-logstash-training-definition.conf - ./etc/10-kypo-logstash-bash-actions.conf:/usr/share/logstash/pipeline/10-kypo-logstash-bash-actions.conf - ./etc/20-kypo-logstash-portal-events.conf:/usr/share/logstash/pipeline/20-kypo-logstash-portal-events.conf - ./etc/30-kypo-logstash-training-definition.conf:/usr/share/logstash/pipeline/30-kypo-logstash-training-definition.conf - ./etc/kypo-logstash-pipelines.yml:/usr/share/logstash/config/pipelines.yml environment: - ELASTICSEARCH_URL='http://elasticsearch:9200' Loading
etc/kypo-logstash-bash-actions.conf→etc/10-kypo-logstash-bash-actions.conf +0 −0 File moved. View file
etc/kypo-logstash-portal-events.conf→etc/20-kypo-logstash-portal-events.conf +0 −0 File moved. View file
etc/kypo-logstash-training-definition.conf→etc/30-kypo-logstash-training-definition.conf +0 −0 File moved. View file
insert-events.sh +14 −16 Original line number Diff line number Diff line Loading @@ -9,10 +9,17 @@ TEMPLATE_PATH="template.json" #Set template curl -H 'Content-Type: application/json' -X PUT -d @${TEMPLATE_PATH} ${ELASTICSEARCH_API_ROOT}${TEMPLATE_INFO}?include_type_name=true ## POST data to Elasticsearch # KYPO portal events if [ ! -z "$1" ] then cd "$1" ## insert training definition for FILE in training_definition-id*.json do TD_FILE_CONTENT=`cat $FILE` curl -X POST -d "$TD_FILE_CONTENT" "${LOGSTASH_API_ROOT_TD}" -H 'Content-Type: application/json' done ## insert training events cd "training events" for FILE in *-events.json do while read LINE Loading @@ -21,19 +28,9 @@ then curl -X POST -d "$LINE" "${LOGSTASH_API_ROOT_EVENTS}" -H 'Content-Type: application/json' done < $FILE done for FILE in training_definition-id*.json do TD_FILE_CONTENT=`cat $FILE` curl -X POST -d "$TD_FILE_CONTENT" "${LOGSTASH_API_ROOT_TD}" -H 'Content-Type: application/json' done else echo "KYPO PORTAL EVENTS DIRECTORY WAS NOT PROVIDED." fi # bash history commands if [ ! -z "$2" ] then cd "$2" cd .. ## insert bash history commands cd "command histories" for FILE in *-useractions.json do while read -r LINE Loading @@ -43,5 +40,6 @@ then done < $FILE done else echo "KYPO BASH COMMANDS DIRECTORY WAS NOT PROVIDED." echo "KYPO PORTAL EVENTS DIRECTORY WAS NOT PROVIDED." fi
