Skip to content

Commit

Permalink
Added details to README and fixed props.
Browse files Browse the repository at this point in the history
  • Loading branch information
Doug Brown committed Mar 7, 2016
1 parent b8a95c3 commit 3276a99
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
2 changes: 2 additions & 0 deletions README.md
View file
Expand Up @@ -5,4 +5,6 @@ This app provides field extractions and normalisation to the Common Information

Install this app on heavy forwarders, indexers and search heads.

N.B. This app will automatically change the sourcetype of iptables events with the sourcetype of "syslog" into the "linux:netfilter" sourcetype.

Further documentation is provided in the wiki here: https://github.com/doksu/TA_netfilter/wiki
4 changes: 2 additions & 2 deletions default/props.conf
View file
Expand Up @@ -19,8 +19,8 @@ EVAL-vendor_product = "Linux Netfilter"
EVAL-src_mac = if(isnull(OUT),MAC,"unknown")
EVAL-dest_mac = if(isnull(IN),MAC,"unknown")
EVAL-transport = lower(PROTO)
EVAL src_interface = coalesce(IN,OUT)
EVAL dest_interface = coalesce(OUT,IN)
EVAL-src_interface = coalesce(IN,OUT)
EVAL-dest_interface = coalesce(OUT,IN)
EVAL-protocol = "ip"
EVAL-action = coalesce(ACTION,"dropped")
EVAL-direction = if(isnull(IN),"outbound","inbound")

0 comments on commit 3276a99

Please sign in to comment.