mirror of https://github.com/infosecn1nja/HELK.git
switch from murmur3 to sha1, reference https://github.com/Cyb3rWard0g/HELK/issues/231
parent
489adb9c57
commit
c18aac2f51
|
@ -19,8 +19,7 @@ filter {
|
||||||
]
|
]
|
||||||
concatenate_sources => true
|
concatenate_sources => true
|
||||||
target => "[@metadata][log_hash]"
|
target => "[@metadata][log_hash]"
|
||||||
method => "MURMUR3"
|
method => "SHA1"
|
||||||
key => "Logstash"
|
|
||||||
add_field => { "z_logstash_pipeline" => "fingerprint-0099-001" }
|
add_field => { "z_logstash_pipeline" => "fingerprint-0099-001" }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -37,8 +36,7 @@ filter {
|
||||||
]
|
]
|
||||||
concatenate_sources => true
|
concatenate_sources => true
|
||||||
target => "[@metadata][log_hash]"
|
target => "[@metadata][log_hash]"
|
||||||
method => "MURMUR3"
|
method => "SHA1"
|
||||||
key => "Logstash"
|
|
||||||
add_field => { "z_logstash_pipeline" => "fingerprint-0099-002" }
|
add_field => { "z_logstash_pipeline" => "fingerprint-0099-002" }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -47,8 +45,7 @@ filter {
|
||||||
fingerprint {
|
fingerprint {
|
||||||
source => "message"
|
source => "message"
|
||||||
target => "[@metadata][log_hash]"
|
target => "[@metadata][log_hash]"
|
||||||
method => "MURMUR3"
|
method => "SHA1"
|
||||||
key => "Logstash"
|
|
||||||
add_field => { "z_logstash_pipeline" => "fingerprint-0099-003" }
|
add_field => { "z_logstash_pipeline" => "fingerprint-0099-003" }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -57,8 +54,7 @@ filter {
|
||||||
fingerprint {
|
fingerprint {
|
||||||
source => "Message"
|
source => "Message"
|
||||||
target => "[@metadata][log_hash]"
|
target => "[@metadata][log_hash]"
|
||||||
method => "MURMUR3"
|
method => "SHA1"
|
||||||
key => "Logstash"
|
|
||||||
add_field => { "z_logstash_pipeline" => "fingerprint-0099-004" }
|
add_field => { "z_logstash_pipeline" => "fingerprint-0099-004" }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -67,8 +63,7 @@ filter {
|
||||||
fingerprint {
|
fingerprint {
|
||||||
source => "z_original_message"
|
source => "z_original_message"
|
||||||
target => "[@metadata][log_hash]"
|
target => "[@metadata][log_hash]"
|
||||||
method => "MURMUR3"
|
method => "SHA1"
|
||||||
key => "Logstash"
|
|
||||||
add_field => { "z_logstash_pipeline" => "fingerprint-0099-005" }
|
add_field => { "z_logstash_pipeline" => "fingerprint-0099-005" }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -81,8 +76,7 @@ filter {
|
||||||
fingerprint {
|
fingerprint {
|
||||||
concatenate_all_fields => true
|
concatenate_all_fields => true
|
||||||
target => "[@metadata][log_hash]"
|
target => "[@metadata][log_hash]"
|
||||||
method => "MURMUR3"
|
method => "SHA1"
|
||||||
key => "Logstash"
|
|
||||||
add_field => { "z_logstash_pipeline" => "fingerprint-0099-006" }
|
add_field => { "z_logstash_pipeline" => "fingerprint-0099-006" }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue