From: Simon Pasquier Date: Fri, 27 Jan 2017 12:15:53 +0000 (+0100) Subject: Add index template for CADF audit messages X-Git-Tag: mcp0.5~2 X-Git-Url: https://gerrit.mcp.mirantis.com/gitweb?p=salt-formulas%2Felasticsearch.git;a=commitdiff_plain;h=refs%2Fchanges%2F64%2F964%2F1 Add index template for CADF audit messages Change-Id: Ia4289468a6022e0bfeea166d807385aa170d3888 --- diff --git a/elasticsearch/files/es_template_audit.json b/elasticsearch/files/es_template_audit.json new file mode 100644 index 0000000..359a25f --- /dev/null +++ b/elasticsearch/files/es_template_audit.json @@ -0,0 +1,56 @@ +{ + "mappings": { + "message": { + "properties": { + "Payload": { + "type": "string" + }, + "Logger": { + "index": "not_analyzed", + "type": "string" + }, + "Hostname": { + "index": "not_analyzed", + "type": "string" + }, + "Pid": { + "index": "not_analyzed", + "type": "long" + }, + "Severity": { + "index": "not_analyzed", + "type": "long" + }, + "Type": { + "index": "not_analyzed", + "type": "string" + }, + "severity_label": { + "index": "not_analyzed", + "type": "string" + }, + "environment_label": { + "index": "not_analyzed", + "type": "string" + }, + "action": { + "index": "not_analyzed", + "type": "string" + }, + "event_type": { + "index": "not_analyzed", + "type": "string" + }, + "outcome": { + "index": "not_analyzed", + "type": "string" + }, + "notification_type": { + "index": "not_analyzed", + "type": "string" + } + } + } + }, + "template": "audit-*" +} diff --git a/metadata/service/client.yml b/metadata/service/client.yml index fc57c7c..3527091 100644 --- a/metadata/service/client.yml +++ b/metadata/service/client.yml @@ -8,6 +8,9 @@ parameters: log: enabled: true template: elasticsearch/files/es_template_log.json + audit: + enabled: true + template: elasticsearch/files/es_template_audit.json notification: enabled: true template: elasticsearch/files/es_template_notification.json