some cleanup and improvements of the zeek logstash pipeline #592

mmguero · 2024-10-11T14:59:44Z

I'm going to do a couple of things to make the zeek logstash pipeline cleaner and more maintainable:

Split the giant 11_zeek_parse.conf file up into an individual filter file for each log type
Automatically ensure that the Zeek TSV log parsing filters (dissect and split filters) in these files are looking for TAB characters (i.e., automatically replace spaces with tabs in these filter files in case the author forgot to do so)

The text was updated successfully, but these errors were encountered:

mmguero added logstash Relating to Malcolm's use of Logstash code Issues for code cleanup/refactoring/technical debt labels Oct 11, 2024

mmguero added this to the v24.10.1 milestone Oct 11, 2024

mmguero self-assigned this Oct 11, 2024

mmguero added this to Malcolm Oct 11, 2024

mmguero moved this to Testing in Malcolm Oct 11, 2024

mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Oct 11, 2024

some cleanup and improvements of the zeek logstash pipeline idaholab#592

2e2fce1

mmguero closed this as completed Oct 14, 2024

github-project-automation bot moved this from Testing to Done in Malcolm Oct 14, 2024

This was referenced Oct 23, 2024

Malcolm v24.10.1 #600

Merged

Malcolm v24.10.1 cisagov/Malcolm#344

Merged

mmguero moved this from Done to Released in Malcolm Oct 24, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

some cleanup and improvements of the zeek logstash pipeline #592

some cleanup and improvements of the zeek logstash pipeline #592

mmguero commented Oct 11, 2024 •

edited

Loading

some cleanup and improvements of the zeek logstash pipeline #592

some cleanup and improvements of the zeek logstash pipeline #592

Comments

mmguero commented Oct 11, 2024 • edited Loading

mmguero commented Oct 11, 2024 •

edited

Loading