Skip to content

Instantly share code, notes, and snippets.

@jworl

jworl/es_template_pfsense.sh

Last active September 14, 2017 16:06
Show Gist options
  • Save jworl/fc819129f049f1c10d90df827bef615c to your computer and use it in GitHub Desktop.
Save jworl/fc819129f049f1c10d90df827bef615c to your computer and use it in GitHub Desktop.
Download ZIP
create elasticsearch template used for pfsense logstash output
Raw
es_template_pfsense.sh
curl -XPUT http://localhost:9200/_template/pfsense?pretty -H 'Content-Type: application/json' -d'
{
"order" : 0,
"version" : 50002,
"template" : "pfsense-*",
"settings" : {
"index" : {
"number_of_shards": 3,
"number_of_replicas": 1,
"refresh_interval" : "30s"
}
},
"mappings" : {
"_default_" : {
"dynamic_templates" : [
{
"message_field" : {
"path_match" : "message",
"mapping" : {
"norms" : false,
"type" : "text"
},
"match_mapping_type" : "string"
}
},
{
"string_fields" : {
"mapping" : {
"norms" : false,
"type" : "text",
"fields" : {
"keyword" : {
"ignore_above" : 256,
"type" : "keyword"
}
}
},
"match_mapping_type" : "string",
"match" : "*"
}
}
],
"_all" : {
"norms" : false,
"enabled" : true
},
"properties" : {
"@timestamp" : {
"include_in_all" : false,
"type" : "date"
},
"geoip" : {
"dynamic" : true,
"properties" : {
"ip" : {
"type" : "ip"
},
"latitude" : {
"type" : "half_float"
},
"location" : {
"type" : "geo_point"
},
"longitude" : {
"type" : "half_float"
}
}
},
"@version" : {
"include_in_all" : false,
"type" : "keyword"
},
"dest_ip" : {
"type" : "ip"
},
"dest_port" : {
"type" : "integer"
},
"src_ip" : {
"type" : "ip"
},
"src_port" : {
"type" : "integer"
},
"ip_ver" : {
"type" : "byte"
},
"length" : {
"type" : "integer"
},
"offset" : {
"type" : "short"
},
"rule" : {
"type" : "short"
},
"sub_rule" : {
"type" : "long"
},
"ttl" : {
"type" : "short"
},
"data_length" : {
"type" : "integer"
},
"proto_id" : {
"type" : "short"
}
}
}
},
"aliases" : { }
}
'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment