securityonion-elastic: change template name in 9002_output_import.conf

Security-Onion-Solutions / security-onion

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

https://securityonion.net

3.06k stars 519 forks source link

securityonion-elastic: change template name in 9002_output_import.conf #1723

Closed dougburks closed 4 years ago

dougburks commented 4 years ago

https://github.com/Security-Onion-Solutions/securityonion-elastic/pull/74

dougburks commented 4 years ago

This required some additional changes:

https://github.com/Security-Onion-Solutions/securityonion-elastic/commit/3cc5d2c1d8751170510dd1cabc48c2dff83b0973

https://github.com/Security-Onion-Solutions/securityonion-elastic/commit/c0a20d33ceac3cba337a84df21be9613a8dc46dd

dougburks commented 4 years ago

To test, please verify the change in 9002_output_import.conf in both traditional Logstash mode and when running so-import-pcap. When testing so-import-pcap, verify that the Elasticsearch initialization still works properly with the new template name.

dougburks commented 4 years ago

Published: https://blog.securityonion.net/2020/03/elastic-687-now-available-for-security.html