From 3cf2b20ac1ec20c3f6c78318d32d595cf294f7e4 Mon Sep 17 00:00:00 2001 From: Simon Pasquier Date: Fri, 27 Jan 2017 13:15:53 +0100 Subject: [PATCH] Add index template for CADF audit messages Change-Id: Ia4289468a6022e0bfeea166d807385aa170d3888 --- elasticsearch/files/es_template_audit.json | 56 ++++++++++++++++++++++ metadata/service/client.yml | 3 ++ 2 files changed, 59 insertions(+) create mode 100644 elasticsearch/files/es_template_audit.json diff --git a/elasticsearch/files/es_template_audit.json b/elasticsearch/files/es_template_audit.json new file mode 100644 index 0000000..359a25f --- /dev/null +++ b/elasticsearch/files/es_template_audit.json @@ -0,0 +1,56 @@ +{ + "mappings": { + "message": { + "properties": { + "Payload": { + "type": "string" + }, + "Logger": { + "index": "not_analyzed", + "type": "string" + }, + "Hostname": { + "index": "not_analyzed", + "type": "string" + }, + "Pid": { + "index": "not_analyzed", + "type": "long" + }, + "Severity": { + "index": "not_analyzed", + "type": "long" + }, + "Type": { + "index": "not_analyzed", + "type": "string" + }, + "severity_label": { + "index": "not_analyzed", + "type": "string" + }, + "environment_label": { + "index": "not_analyzed", + "type": "string" + }, + "action": { + "index": "not_analyzed", + "type": "string" + }, + "event_type": { + "index": "not_analyzed", + "type": "string" + }, + "outcome": { + "index": "not_analyzed", + "type": "string" + }, + "notification_type": { + "index": "not_analyzed", + "type": "string" + } + } + } + }, + "template": "audit-*" +} diff --git a/metadata/service/client.yml b/metadata/service/client.yml index fc57c7c..3527091 100644 --- a/metadata/service/client.yml +++ b/metadata/service/client.yml @@ -8,6 +8,9 @@ parameters: log: enabled: true template: elasticsearch/files/es_template_log.json + audit: + enabled: true + template: elasticsearch/files/es_template_audit.json notification: enabled: true template: elasticsearch/files/es_template_notification.json -- 2.32.7