dave
/
cpfsyslog
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

change some fields

This commit is contained in:
dave 2018-07-14 21:36:03 -07:00
parent 68b9e3aeb0
commit 28210a9ab8
3 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/elasticsearch-template.json
View File

@ -28,10 +28,13 @@
"dest_port": { "dest_port": {
"type": "long" "type": "long"
}, },
"direction": {
"type": "keyword"
},
"interface": { "interface": {
"type": "keyword" "type": "keyword"
}, },
"ipversion": { "ip_version": {
"type": "short" "type": "short"
}, },
"length": { "length": {

3
src/pfparser.c
View File

@ -327,9 +327,10 @@ int pfdata_to_json(pf_data* data, json_object* obj) {
Populate the passed json_object obj with data from from pf_data data. Populate the passed json_object obj with data from from pf_data data.
*/ */
add_strfield(obj, "interface", data->iface); add_strfield(obj, "interface", data->iface);
add_intfield(obj, "ipversion", data->ipversion); add_intfield(obj, "ip_version", data->ipversion);
add_strfield(obj, "action", (char*)(pfhastr[data->action])); add_strfield(obj, "action", (char*)(pfhastr[data->action]));
add_strfield(obj, "direction", (char*)(pfdirstr[data->direction]));
if(data->ipversion == 4) { if(data->ipversion == 4) {
add_intfield(obj, "ttl", data->ipv4_data.ttl); add_intfield(obj, "ttl", data->ipv4_data.ttl);

2
src/put-elasticsearch-template.sh
View File

@ -3,4 +3,4 @@
set -e set -e
set -x set -x
curl -X PUT "http://homeapps1:8298/_template/firewall" -H Content-Type: application/json -d @elasticsearch-template.json curl -X PUT "http://homeapps1:8298/_template/firewall" -H "Content-Type: application/json" -d @elasticsearch-template.json