Skip to content
Contains Logstash related content including tons of Logstash configurations
Python PowerShell Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
configfiles-5.x final notes Jan 2, 2018
configfiles-OPTIONAL Update 8998_postprocess_log_elapsed.conf Oct 10, 2017
configfiles-setup_required Create 8008_postprocess_dns_creation_date.conf Oct 20, 2017
configfiles Update 6200_firewall_fortinet.conf May 31, 2018
dictionaries added dictionaires Mar 26, 2018
elasticsearch/index_templates Initial clone from lightforge\Logstash-configs Aug 16, 2017
grok-patterns Initial clone from lightforge\Logstash-configs Aug 16, 2017
scripts Initial clone from lightforge\Logstash-configs Aug 16, 2017
.gitattributes Initial clone from lightforge\Logstash-configs Aug 16, 2017
.gitignore Initial clone from lightforge\Logstash-configs Aug 16, 2017
Field Name Guidelines.docx Initial clone from lightforge\Logstash-configs Aug 16, 2017
LICENSE Initial commit Aug 16, 2017
README.md Update README.md Aug 16, 2017
autorun.conf Initial clone from lightforge\Logstash-configs Aug 16, 2017
bro.tar Initial clone from lightforge\Logstash-configs Aug 16, 2017
dhcp.conf Initial clone from lightforge\Logstash-configs Aug 16, 2017
dns.conf Initial clone from lightforge\Logstash-configs Aug 16, 2017
drop.conf
esxi.conf Initial clone from lightforge\Logstash-configs Aug 16, 2017
event_collector_events Update event_collector_events Feb 26, 2019
greensql.conf Initial clone from lightforge\Logstash-configs Aug 16, 2017
iis.conf Initial clone from lightforge\Logstash-configs Aug 16, 2017
lp Create lp Feb 25, 2019
mcafee.conf Initial clone from lightforge\Logstash-configs Aug 16, 2017
mcafee.sql Updated the mcafee configurations to better support EPO events Aug 26, 2017
nxlog.conf Initial clone from lightforge\Logstash-configs Aug 16, 2017
prereq_readme.txt Initial clone from lightforge\Logstash-configs Aug 16, 2017
securityonion_elk_install.txt Initial clone from lightforge\Logstash-configs Aug 16, 2017
snort.conf Initial clone from lightforge\Logstash-configs Aug 16, 2017
syslog.conf Initial clone from lightforge\Logstash-configs Aug 16, 2017
sysmonconfig.xml Add files via upload Feb 8, 2019
wec_filter_1
winlogbeat_example.yml Update winlogbeat_example.yml Mar 6, 2019
winlogbeat_wec_example.yml Create winlogbeat_wec_example.yml Mar 6, 2019

README.md

Logstash

This repository contains Logstash related content including tons of Logstash configurations. The hope is to provide these free to the security community so we all can benefit from them. Please feel free to share your Logstash configuration files and we will make sure you get credit for your contributions to the community.

Key directories and what they are can be found below:

configfiles - This directory contains the main configuration files that should be able to go directly into production without modification. configfiles-setup-required - This directory contains Logstash configuration files that require additional software or changes to be made to the configuration files. configfiles-OPTIONAL - This directory contains optional Logstash configuration files as some organizations may not want the features they introduce but are worth consideration.

Key contributors

These folks have made significant contributions to this repository. This can be in the form of contributing Logstash configuration files, testing, or providing valueable insights and ideas.

  • Justin Henderson - Co-founder and principal consultant of H & A Security Solutions, GSE, and author of SEC555: SIEM with Tactical Analytics and co-author of SEC455: SIEM Design and Architecture
  • Josh Awalt - Co-Founder of H & A Security Solutions
  • Josh Johnson - Consultant of H & A Security Solutions, GSE, and just plain awesome!
  • Austin Taylor - Consultant of H & A Security Solutions, soon to be GSE, and course author of multiple big data analytics courses!
  • John Hubbard - Co-author of SEC455: SIEM Design and Architecture
  • Shaun McCullough - Consultant of H & A Security Solution, GSE, and community enthusiast!
You can’t perform that action at this time.