-
Notifications
You must be signed in to change notification settings - Fork 427
Commit
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
version: '2.3' | ||
services: | ||
security: | ||
image: docker.elastic.co/observability/stream:v0.4.0 | ||
ports: | ||
- 8080 | ||
volumes: | ||
- ./sample_logs:/sample_logs:ro | ||
command: | ||
- log | ||
- --start-signal=SIGHUP | ||
- --addr=:8080 | ||
- -p=http-server | ||
- /sample_logs/security.json.log |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{"preview": false,"offset": 194,"lastrow": true,"result": {"_bkt": "main~0~1212176D-89E1-485D-89E6-3ADC276CCA38","_cd": "0:315","_indextime": "1622471463","_raw": "<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Eventlog' Guid='{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}'/><EventID>1100</EventID><Version>0</Version><Level>4</Level><Task>103</Task><Opcode>0</Opcode><Keywords>0x4020000000000000</Keywords><TimeCreated SystemTime='2019-11-07T10:37:04.226092500Z'/><EventRecordID>14257</EventRecordID><Correlation/><Execution ProcessID='1144' ThreadID='4532'/><Channel>Security</Channel><Computer>WIN-41OB2LO92CR.wlbeat.local</Computer><Security/></System><UserData><ServiceShutdown xmlns='http://manifests.microsoft.com/win/2004/08/windows/eventlog'></ServiceShutdown></UserData></Event>","_serial": "194","_si": ["69819b6ce1bd","main"],"_sourcetype": "XmlWinEventLog:Security","_time": "2021-05-25 13:11:45.000 UTC","host": "VAGRANT","index": "main","linecount": "1","max_indextime": "1622471606","source": "WinEventLog:Security","sourcetype": "XmlWinEventLog:Security","splunk_server": "69819b6ce1bd"}} |
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
dynamic_fields: | ||
event.ingested: ".*" |
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
input: httpjson | ||
service: security | ||
service_notify_signal: SIGHUP | ||
vars: | ||
url: http://{{Hostname}}:{{Port}}/api/v1/logs | ||
username: test | ||
password: test | ||
preserve_original_event: true | ||
data_stream: | ||
vars: ~ |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
- name: input.type | ||
type: keyword | ||
description: Type of Filebeat input. |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
{ | ||
"@timestamp": "2019-11-07T10:37:04.226Z", | ||
"agent": { | ||
"ephemeral_id": "a0a43394-02c9-45ec-b1be-07f107bcc5eb", | ||
"hostname": "docker-fleet-agent", | ||
"id": "ef9fa2de-d50b-435f-a12b-c84c87b1ad22", | ||
"name": "docker-fleet-agent", | ||
"type": "filebeat", | ||
"version": "7.13.0" | ||
}, | ||
"data_stream": { | ||
"dataset": "system.security", | ||
"namespace": "ep", | ||
"type": "logs" | ||
}, | ||
"ecs": { | ||
"version": "1.9.0" | ||
}, | ||
"elastic_agent": { | ||
"id": "26eba643-ca27-421e-a6d9-a843188ba452", | ||
"snapshot": true, | ||
"version": "7.13.0" | ||
}, | ||
"event": { | ||
"action": "logging-service-shutdown", | ||
"category": [ | ||
"process" | ||
], | ||
"code": "1100", | ||
"created": "2021-06-02T08:02:12.685Z", | ||
"dataset": "system.security", | ||
"ingested": "2021-06-02T08:02:13.706065692Z", | ||
"kind": "event", | ||
"original": "\u003cEvent xmlns='http://schemas.microsoft.com/win/2004/08/events/event'\u003e\u003cSystem\u003e\u003cProvider Name='Microsoft-Windows-Eventlog' Guid='{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}'/\u003e\u003cEventID\u003e1100\u003c/EventID\u003e\u003cVersion\u003e0\u003c/Version\u003e\u003cLevel\u003e4\u003c/Level\u003e\u003cTask\u003e103\u003c/Task\u003e\u003cOpcode\u003e0\u003c/Opcode\u003e\u003cKeywords\u003e0x4020000000000000\u003c/Keywords\u003e\u003cTimeCreated SystemTime='2019-11-07T10:37:04.226092500Z'/\u003e\u003cEventRecordID\u003e14257\u003c/EventRecordID\u003e\u003cCorrelation/\u003e\u003cExecution ProcessID='1144' ThreadID='4532'/\u003e\u003cChannel\u003eSecurity\u003c/Channel\u003e\u003cComputer\u003eWIN-41OB2LO92CR.wlbeat.local\u003c/Computer\u003e\u003cSecurity/\u003e\u003c/System\u003e\u003cUserData\u003e\u003cServiceShutdown xmlns='http://manifests.microsoft.com/win/2004/08/windows/eventlog'\u003e\u003c/ServiceShutdown\u003e\u003c/UserData\u003e\u003c/Event\u003e", | ||
"outcome": "success", | ||
"provider": "Microsoft-Windows-Eventlog", | ||
"type": [ | ||
"end" | ||
] | ||
}, | ||
"host": { | ||
"name": "WIN-41OB2LO92CR.wlbeat.local" | ||
}, | ||
"input": { | ||
"type": "httpjson" | ||
}, | ||
"log": { | ||
"level": "information" | ||
}, | ||
"tags": [ | ||
"forwarded", | ||
"preserve_original_event" | ||
], | ||
"winlog": { | ||
"channel": "Security", | ||
"computer_name": "WIN-41OB2LO92CR.wlbeat.local", | ||
"event_id": "1100", | ||
"keywords": [ | ||
"Audit Success" | ||
], | ||
"level": "information", | ||
"opcode": "Info", | ||
"outcome": "success", | ||
"process": { | ||
"pid": 1144, | ||
"thread": { | ||
"id": 4532 | ||
} | ||
}, | ||
"provider_guid": "{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}", | ||
"provider_name": "Microsoft-Windows-Eventlog", | ||
"record_id": "14257", | ||
"time_created": "2019-11-07T10:37:04.226Z" | ||
} | ||
} |