HEX

Warning: set_time_limit() [function.set-time-limit]: Cannot set time limit - prohibited by configuration in /home/u547966/brikov.ru/www/wp-content/plugins/admin-menu-editor/menu-editor.php on line 745
Server: Apache
System: Linux 4.19.0-0.bpo.9-amd64 x86_64 at red40
User: u547966 (5490)
PHP: 5.3.29-mh2
Disabled: syslog, dl, popen, proc_open, proc_nice, proc_get_status, proc_close, proc_terminate, posix_mkfifo, chown, chgrp, accelerator_reset, opcache_reset, accelerator_get_status, opcache_get_status, pcntl_alarm, pcntl_fork, pcntl_waitpid, pcntl_wait, pcntl_wifexited, pcntl_wifstopped, pcntl_wifsignaled, pcntl_wifcontinued, pcntl_wexitstatus, pcntl_wtermsig, pcntl_wstopsig, pcntl_signal, pcntl_signal_dispatch, pcntl_get_last_error, pcntl_strerror, pcntl_sigprocmask, pcntl_sigwaitinfo, pcntl_sigtimedwait, pcntl_exec, pcntl_getpriority, pcntl_setpriority
$ pwd: /usr/share/filebeat/module/netflow/log/ingest/
Upload Files
File: //usr/share/filebeat/module/netflow/log/ingest/pipeline.yml
---
description: Pipeline for Filebeat NetFlow

processors:
  - set:
      field: event.ingested
      value: '{{_ingest.timestamp}}'

  # IP Geolocation Lookup
  - geoip:
        if: ctx.source?.geo == null
        field: source.ip
        target_field: source.geo
        ignore_missing: true
  - geoip:
        if: ctx.destination?.geo == null
        field: destination.ip
        target_field: destination.geo
        ignore_missing: true

  # IP Autonomous System (AS) Lookup
  - geoip:
        database_file: GeoLite2-ASN.mmdb
        field: source.ip
        target_field: source.as
        properties:
            - asn
            - organization_name
        ignore_missing: true
  - geoip:
        database_file: GeoLite2-ASN.mmdb
        field: destination.ip
        target_field: destination.as
        properties:
            - asn
            - organization_name
        ignore_missing: true
  - rename:
        field: source.as.asn
        target_field: source.as.number
        ignore_missing: true
  - rename:
        field: source.as.organization_name
        target_field: source.as.organization.name
        ignore_missing: true
  - rename:
        field: destination.as.asn
        target_field: destination.as.number
        ignore_missing: true
  - rename:
        field: destination.as.organization_name
        target_field: destination.as.organization.name
        ignore_missing: true
  - set:
        field: network.direction
        value: inbound
        if: 'ctx?.source?.locality == "external" && ctx?.destination?.locality == "internal"'
  - set:
        field: network.direction
        value: outbound
        if: 'ctx?.source?.locality == "internal" && ctx?.destination?.locality == "external"'
  - set:
        field: network.direction
        value: internal
        if: 'ctx?.source?.locality == "internal" && ctx?.destination?.locality == "internal"'
  - set:
        field: network.direction
        value: external
        if: 'ctx?.source?.locality == "external" && ctx?.destination?.locality == "external"'
  - set:
        field: network.direction
        value: unknown
        if: 'ctx?.network?.direction == null'

on_failure:
  - set:
        field: error.message
        value: "{{ _ingest.on_failure_message }}"
@ Telegram