Last active
June 16, 2019 18:45
-
-
Save PierpaoloPernici/fada20829374842d46a660dc9727a787 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"order": -1, | |
"index_patterns": [ | |
"pfsense_*" | |
], | |
"settings": { | |
"index": { | |
"analysis": { | |
"analyzer": { | |
"analyzer_keyword": { | |
"filter": "lowercase", | |
"tokenizer": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"mappings": { | |
"message": { | |
"properties": { | |
"PFSENSE_ICMP_DATA": { | |
"type": "keyword" | |
}, | |
"PFSENSE_ICMP_ECHO_REQ_REPLY": { | |
"type": "keyword" | |
}, | |
"PFSENSE_ICMP_RESPONSE": { | |
"type": "keyword" | |
}, | |
"PFSENSE_ICMP_TYPE": { | |
"type": "keyword" | |
}, | |
"PFSENSE_ICMP_UNREACHPORT": { | |
"type": "keyword" | |
}, | |
"PFSENSE_IGMP_DATA": { | |
"type": "keyword" | |
}, | |
"PFSENSE_IP_DATA": { | |
"type": "keyword" | |
}, | |
"PFSENSE_IP_SPECIFIC_DATA": { | |
"type": "keyword" | |
}, | |
"PFSENSE_IPv4_SPECIFIC_DATA": { | |
"type": "keyword" | |
}, | |
"PFSENSE_LOG_DATA": { | |
"type": "keyword" | |
}, | |
"PFSENSE_LOG_ENTRY": { | |
"type": "keyword" | |
}, | |
"PFSENSE_PROTOCOL_DATA": { | |
"type": "keyword" | |
}, | |
"PFSENSE_TCP_DATA": { | |
"type": "keyword" | |
}, | |
"PFSENSE_UDP_DATA": { | |
"type": "keyword" | |
}, | |
"ack_number": { | |
"type": "keyword" | |
}, | |
"action": { | |
"type": "keyword" | |
}, | |
"data_length": { | |
"type": "keyword" | |
}, | |
"dest_ip": { | |
"type": "keyword" | |
}, | |
"dest_ip_city_name": { | |
"type": "keyword" | |
}, | |
"dest_ip_country_code": { | |
"type": "keyword" | |
}, | |
"dest_ip_geolocation": { | |
"type": "text", | |
"copy_to": "dst_location" | |
}, | |
"dst_location": { | |
"type": "geo_point" | |
}, | |
"dest_port": { | |
"type": "keyword" | |
}, | |
"direction": { | |
"type": "keyword" | |
}, | |
"ecn": { | |
"type": "keyword" | |
}, | |
"facility": { | |
"type": "keyword" | |
}, | |
"flags": { | |
"type": "keyword" | |
}, | |
"full_message": { | |
"type": "text", | |
"analyzer": "standard" | |
}, | |
"gl2_remote_ip": { | |
"type": "keyword" | |
}, | |
"gl2_remote_port": { | |
"type": "keyword" | |
}, | |
"gl2_source_input": { | |
"type": "keyword" | |
}, | |
"gl2_source_node": { | |
"type": "keyword" | |
}, | |
"icmp_echo_id": { | |
"type": "keyword" | |
}, | |
"icmp_echo_sequence": { | |
"type": "keyword" | |
}, | |
"icmp_type": { | |
"type": "keyword" | |
}, | |
"icmp_unreachport_dest_ip": { | |
"type": "keyword" | |
}, | |
"icmp_unreachport_dest_ip_city_name": { | |
"type": "keyword" | |
}, | |
"icmp_unreachport_dest_ip_country_code": { | |
"type": "keyword" | |
}, | |
"icmp_unreachport_dest_ip_geolocation": { | |
"type": "keyword" | |
}, | |
"icmp_unreachport_port": { | |
"type": "keyword" | |
}, | |
"icmp_unreachport_protocol": { | |
"type": "keyword" | |
}, | |
"id": { | |
"type": "keyword" | |
}, | |
"iface": { | |
"type": "keyword" | |
}, | |
"ip_ver": { | |
"type": "keyword" | |
}, | |
"length": { | |
"type": "keyword" | |
}, | |
"level": { | |
"type": "long" | |
}, | |
"message": { | |
"type": "text", | |
"analyzer": "standard" | |
}, | |
"offset": { | |
"type": "keyword" | |
}, | |
"proto": { | |
"type": "keyword" | |
}, | |
"proto_id": { | |
"type": "keyword" | |
}, | |
"reason": { | |
"type": "keyword" | |
}, | |
"rule": { | |
"type": "keyword" | |
}, | |
"sequence_number": { | |
"type": "keyword" | |
}, | |
"source": { | |
"type": "text", | |
"analyzer": "analyzer_keyword", | |
"fielddata": true | |
}, | |
"src_ip": { | |
"type": "keyword" | |
}, | |
"src_ip_city_name": { | |
"type": "keyword" | |
}, | |
"src_ip_country_code": { | |
"type": "keyword" | |
}, | |
"src_ip_geolocation": { | |
"type": "string", | |
"copy_to": "src_location" | |
}, | |
"src_location": { | |
"type": "geo_point" | |
}, | |
"src_port": { | |
"type": "keyword" | |
}, | |
"streams": { | |
"type": "keyword" | |
}, | |
"tcp_flags": { | |
"type": "keyword" | |
}, | |
"tcp_options": { | |
"type": "keyword" | |
}, | |
"tcp_window": { | |
"type": "keyword" | |
}, | |
"timestamp": { | |
"type": "date", | |
"format": "yyyy-MM-dd HH:mm:ss.SSS" | |
}, | |
"real_timestamp": { | |
"type": "date", | |
"format": "yyyy-MM-dd HH:mm:ss" | |
}, | |
"tos": { | |
"type": "keyword" | |
}, | |
"tracker": { | |
"type": "keyword" | |
}, | |
"ttl": { | |
"type": "keyword" | |
} | |
}, | |
"dynamic_templates": [{ | |
"internal_fields": { | |
"match": "gl2_*", | |
"mapping": { | |
"type": "keyword" | |
} | |
} | |
}, | |
{ | |
"store_generic": { | |
"match_mapping_type": "string", | |
"mapping": { | |
"type": "keyword" | |
} | |
} | |
} | |
], | |
"_source": { | |
"enabled": true | |
} | |
} | |
}, | |
"aliases": {} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment