switch from murmur3 to sha1, reference https://github.com/Cyb3rWard0g/HELK/issues/231

2019-04-17 15:40:09 -04:00 · 2019-04-17 15:40:09 -04:00 · c18aac2f51
parent 489adb9c57
commit c18aac2f51
1 changed files with 6 additions and 12 deletions
--- a/docker/helk-logstash/pipeline/0099-all-fingerprint-hash-filter.conf
+++ b/docker/helk-logstash/pipeline/0099-all-fingerprint-hash-filter.conf
@ -19,8 +19,7 @@ filter {
     ]
      concatenate_sources => true
      target => "[@metadata][log_hash]"
-      method => "MURMUR3"
-      key => "Logstash"
+      method => "SHA1"
      add_field => { "z_logstash_pipeline" => "fingerprint-0099-001" }
    }
  }
@ -37,8 +36,7 @@ filter {
      ]
      concatenate_sources => true
      target => "[@metadata][log_hash]"
-      method => "MURMUR3"
-      key => "Logstash"
+      method => "SHA1"
      add_field => { "z_logstash_pipeline" => "fingerprint-0099-002" }
    }
  }
@ -47,8 +45,7 @@ filter {
    fingerprint {
      source => "message"
      target => "[@metadata][log_hash]"
-      method => "MURMUR3"
-      key => "Logstash"
+      method => "SHA1"
      add_field => { "z_logstash_pipeline" => "fingerprint-0099-003" }
    }
  }
@ -57,8 +54,7 @@ filter {
    fingerprint {
      source => "Message"
      target => "[@metadata][log_hash]"
-      method => "MURMUR3"
-      key => "Logstash"
+      method => "SHA1"
      add_field => { "z_logstash_pipeline" => "fingerprint-0099-004" }
    }
  }
@ -67,8 +63,7 @@ filter {
    fingerprint {
      source => "z_original_message"
      target => "[@metadata][log_hash]"
-      method => "MURMUR3"
-      key => "Logstash"
+      method => "SHA1"
      add_field => { "z_logstash_pipeline" => "fingerprint-0099-005" }
    }
  }
@ -81,8 +76,7 @@ filter {
    fingerprint {
      concatenate_all_fields => true
      target => "[@metadata][log_hash]"
-      method => "MURMUR3"
-      key => "Logstash"
+      method => "SHA1"
      add_field => { "z_logstash_pipeline" => "fingerprint-0099-006" }
    }
  }