change some fields

2018-07-14 21:36:03 -07:00 · 2018-07-14 21:36:03 -07:00 · 28210a9ab8
parent 68b9e3aeb0
commit 28210a9ab8
3 changed files with 7 additions and 3 deletions
--- a/src/elasticsearch-template.json
+++ b/src/elasticsearch-template.json
@ -28,10 +28,13 @@
                "dest_port": {
                    "type": "long"
                },
+                "direction": {
+                    "type": "keyword"
+                },
                "interface": {
                    "type": "keyword"
                },
-                "ipversion": {
+                "ip_version": {
                    "type": "short"
                },
                "length": {
--- a/src/pfparser.c
+++ b/src/pfparser.c
@ -327,9 +327,10 @@ int pfdata_to_json(pf_data* data, json_object* obj) {
    Populate the passed json_object obj with data from from pf_data data.
    */
    add_strfield(obj, "interface", data->iface);
-    add_intfield(obj, "ipversion", data->ipversion);
+    add_intfield(obj, "ip_version", data->ipversion);

    add_strfield(obj, "action", (char*)(pfhastr[data->action]));
+    add_strfield(obj, "direction", (char*)(pfdirstr[data->direction]));

    if(data->ipversion == 4) {
        add_intfield(obj, "ttl", data->ipv4_data.ttl);
--- a/src/put-elasticsearch-template.sh
+++ b/src/put-elasticsearch-template.sh
@ -3,4 +3,4 @@
 set -e
 set -x

-curl -X PUT "http://homeapps1:8298/_template/firewall" -H Content-Type: application/json -d @elasticsearch-template.json
+curl -X PUT "http://homeapps1:8298/_template/firewall" -H "Content-Type: application/json" -d @elasticsearch-template.json