metron-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ceste...@apache.org
Subject [49/66] [abbrv] incubator-metron git commit: METRON-219 Create default dashboard for Metron using Kibana 4 (nickwallen) closes apache/incubator-metron#158
Date Fri, 24 Jun 2016 20:57:47 GMT
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/ccd0f396/metron-deployment/roles/metron_elasticsearch_templates/files/es_templates/snort_index.template
----------------------------------------------------------------------
diff --git a/metron-deployment/roles/metron_elasticsearch_templates/files/es_templates/snort_index.template
b/metron-deployment/roles/metron_elasticsearch_templates/files/es_templates/snort_index.template
index 01118ba..bf943df 100644
--- a/metron-deployment/roles/metron_elasticsearch_templates/files/es_templates/snort_index.template
+++ b/metron-deployment/roles/metron_elasticsearch_templates/files/es_templates/snort_index.template
@@ -1,19 +1,183 @@
 {
-   "template": "snort_index*",
-   "mappings": {
-      "snort_doc": {
-         "_timestamp": {
-            "enabled": true
-         },
-         "properties": {
-            "timestamp": {
-               "type": "date",
-               "format": "epoch_millis"
-            },
-            "enrichments:geo:ip_dst_addr:location_point": {
-               "type": "geo_point"
-            }
-         }
+  "template": "snort_index*",
+  "mappings": {
+    "snort_doc": {
+      "_timestamp": {
+        "enabled": true
+      },
+      "dynamic_templates": [
+        {
+          "geo_location_point": {
+            "match": "enrichments:geo:*:location_point",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "geo_point"
+            }
+          }
+        },
+        {
+          "geo_country": {
+            "match": "enrichments:geo:*:country",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "string",
+              "index": "not_analyzed"
+            }
+          }
+        },
+        {
+          "geo_city": {
+            "match": "enrichments:geo:*:city",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "string",
+              "index": "not_analyzed"
+            }
+          }
+        },
+        {
+          "geo_location_id": {
+            "match": "enrichments:geo:*:locID",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "string",
+              "index": "not_analyzed"
+            }
+          }
+        },
+        {
+          "geo_dma_code": {
+            "match": "enrichments:geo:*:dmaCode",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "string",
+              "index": "not_analyzed"
+            }
+          }
+        },
+        {
+          "geo_postal_code": {
+            "match": "enrichments:geo:*:postalCode",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "string",
+              "index": "not_analyzed"
+            }
+          }
+        },
+        {
+          "geo_latitude": {
+            "match": "enrichments:geo:*:latitude",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "float"
+            }
+          }
+        },
+        {
+          "geo_longitude": {
+            "match": "enrichments:geo:*:longitude",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "float"
+            }
+          }
+        },
+        {
+          "timestamps": {
+            "match": "*:ts",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "date",
+              "format": "epoch_millis"
+            }
+          }
+        }
+      ],
+      "properties": {
+        "timestamp": {
+          "type": "date",
+          "format": "epoch_millis"
+        },
+        "source:type": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "ip_dst_addr": {
+          "type": "ip"
+        },
+        "ip_dst_port": {
+          "type": "integer"
+        },
+        "ip_src_addr": {
+          "type": "ip"
+        },
+        "ip_src_port": {
+          "type": "integer"
+        },
+        "dgmlen": {
+          "type": "integer"
+        },
+        "ethdst": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "ethlen": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "ethsrc": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "id": {
+          "type": "integer"
+        },
+        "iplen": {
+          "type": "integer"
+        },
+        "is_alert": {
+          "type": "boolean"
+        },
+        "msg": {
+          "type": "string"
+        },
+        "protocol": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "sig_generator": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "sig_id": {
+          "type": "integer"
+        },
+        "sig_rev": {
+          "type": "string"
+        },
+        "tcpack": {
+          "type": "string"
+        },
+        "tcpflags": {
+          "type": "string"
+        },
+        "tcpseq": {
+          "type": "string"
+        },
+        "tcpwindow": {
+          "type": "string"
+        },
+        "threat:triage:level": {
+          "type": "double"
+        },
+        "tos": {
+          "type": "integer"
+        },
+        "ttl": {
+          "type": "integer"
+        }
       }
-   }
+    }
+  }
 }

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/ccd0f396/metron-deployment/roles/metron_elasticsearch_templates/files/es_templates/yaf_index.template
----------------------------------------------------------------------
diff --git a/metron-deployment/roles/metron_elasticsearch_templates/files/es_templates/yaf_index.template
b/metron-deployment/roles/metron_elasticsearch_templates/files/es_templates/yaf_index.template
index 442321e..7743afc 100644
--- a/metron-deployment/roles/metron_elasticsearch_templates/files/es_templates/yaf_index.template
+++ b/metron-deployment/roles/metron_elasticsearch_templates/files/es_templates/yaf_index.template
@@ -1,85 +1,205 @@
 {
-   "template": "yaf_index*",
-   "mappings": {
-      "yaf_doc": {
-         "_timestamp": {
-            "enabled": true
-         },
-         "properties": {
-            "timestamp": {
-               "type": "date",
-               "format": "epoch_millis"
-            },
-            "enrichments:geo:ip_dst_addr:location_point": {
-               "type": "geo_point"
-            },
-            "end-time": {
-               "type": "string"
-            },
-            "duration": {
-               "type": "string"
-            },
-            "rtt": {
-               "type": "string"
-            },
-            "proto": {
-               "type": "string"
-            },
-            "sip": {
-               "type": "string"
-            },
-            "sp": {
-               "type": "string"
-            },
-            "dip": {
-               "type": "string"
-            },
-            "dp": {
-               "type": "string"
-            },
-            "iflags": {
-               "type": "string"
-            },
-            "uflags": {
-               "type": "string"
-            },
-            "riflags": {
-               "type": "string"
-            },
-            "ruflags": {
-               "type": "string"
-            },
-            "isn": {
-               "type": "string"
-            },
-            "risn": {
-               "type": "string"
-            },
-            "tag": {
-               "type": "string"
-            },
-            "rtag": {
-               "type": "string"
-            },
-            "pkt": {
-               "type": "string"
-            },
-            "oct": {
-               "type": "string"
-            },
-            "rpkt": {
-               "type": "string"
-            },
-            "roct": {
-               "type": "string"
-            },
-            "app": {
-               "type": "string"
-            },
-            "end-reason": {
-               "type": "string"
+  "template": "yaf_index*",
+  "mappings": {
+    "yaf_doc": {
+      "_timestamp": {
+        "enabled": true
+      },
+      "dynamic_templates": [
+        {
+          "geo_location_point": {
+            "match": "enrichments:geo:*:location_point",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "geo_point"
             }
-         }
+          }
+        },
+        {
+          "geo_country": {
+            "match": "enrichments:geo:*:country",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "string",
+              "index": "not_analyzed"
+            }
+          }
+        },
+        {
+          "geo_city": {
+            "match": "enrichments:geo:*:city",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "string",
+              "index": "not_analyzed"
+            }
+          }
+        },
+        {
+          "geo_location_id": {
+            "match": "enrichments:geo:*:locID",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "string",
+              "index": "not_analyzed"
+            }
+          }
+        },
+        {
+          "geo_dma_code": {
+            "match": "enrichments:geo:*:dmaCode",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "string",
+              "index": "not_analyzed"
+            }
+          }
+        },
+        {
+          "geo_postal_code": {
+            "match": "enrichments:geo:*:postalCode",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "string",
+              "index": "not_analyzed"
+            }
+          }
+        },
+        {
+          "geo_latitude": {
+            "match": "enrichments:geo:*:latitude",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "float"
+            }
+          }
+        },
+        {
+          "geo_longitude": {
+            "match": "enrichments:geo:*:longitude",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "float"
+            }
+          }
+        },
+        {
+          "timestamps": {
+            "match": "*:ts",
+            "match_mapping_type": "*",
+            "mapping": {
+              "type": "date",
+              "format": "epoch_millis"
+            }
+          }
+        }
+      ],
+      "properties": {
+        "timestamp": {
+          "type": "date",
+          "format": "epoch_millis"
+        },
+        "source:type": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "ip_dst_addr": {
+          "type": "ip"
+        },
+        "ip_dst_port": {
+          "type": "integer"
+        },
+        "ip_src_addr": {
+          "type": "ip"
+        },
+        "ip_src_port": {
+          "type": "integer"
+        },
+        "start_time": {
+          "type": "date",
+          "format": "epoch_millis"
+        },
+        "end_time": {
+          "type": "date",
+          "format": "epoch_millis"
+        },
+        "duration": {
+          "type": "double"
+        },
+        "rtt": {
+          "type": "double"
+        },
+        "proto": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "sip": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "sp": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "dip": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "dp": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "iflags": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "uflags": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "riflags": {
+          "type": "string"
+        },
+        "ruflags": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "isn": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "risn": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "tag": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "rtag": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "pkt": {
+          "type": "integer"
+        },
+        "oct": {
+          "type": "integer"
+        },
+        "rpkt": {
+          "type": "integer"
+        },
+        "roct": {
+          "type": "integer"
+        },
+        "app": {
+          "type": "string",
+          "index": "not_analyzed"
+        },
+        "end-reason": {
+          "type": "string"
+        }
       }
-   }
+    }
+  }
 }

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/ccd0f396/metron-deployment/roles/metron_elasticsearch_templates/tasks/load_templates.yml
----------------------------------------------------------------------
diff --git a/metron-deployment/roles/metron_elasticsearch_templates/tasks/load_templates.yml
b/metron-deployment/roles/metron_elasticsearch_templates/tasks/load_templates.yml
index e4192c5..6e564de 100644
--- a/metron-deployment/roles/metron_elasticsearch_templates/tasks/load_templates.yml
+++ b/metron-deployment/roles/metron_elasticsearch_templates/tasks/load_templates.yml
@@ -43,3 +43,11 @@
     body: "{{ lookup('file',item) }}"
     status_code: 200
   with_fileglob: ./files/es_templates/*.template
+
+- name: Validate Elasticsearch templates
+  uri:
+    url: "http://{{ groups.search[0] }}:{{ elasticsearch_web_port }}/_template/{{ item |
basename | replace('.template','') }}"
+    method: HEAD
+    body: "{{ lookup('file',item) }}"
+    status_code: 200
+  with_fileglob: ./files/es_templates/*.template


Mime
View raw message