microsoft-sentinel-logstash-output 1.2.1 → 1.2.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +2 -2
- data/README.md +10 -10
- data/lib/logstash/outputs/{microsoft-sentinel-log-analytics-logstash-output-plugin.rb → microsoft-sentinel-logstash-output.rb} +1 -1
- data/lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb +2 -2
- data/lib/logstash/sentinel_la/version.rb +1 -1
- metadata +4 -4
- /data/{microsoft-sentinel-log-analytics-logstash-output.gemspec → microsoft-sentinel-logstash-output.gemspec} +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b08af797d0b8d401f82ed7366af91bfe29210f018b83623b7070dd55bef0b89e
|
4
|
+
data.tar.gz: 8cdf3a8deb1dbec3f3f0cf3054273f27ce33b40aa5b7cb843d9e50aa61a83c67
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0044d30269b82055ea4e3cbf089bfb143c15ae49e9fc36b0c96eb358a87d08fd4545937e8ea85cca3edd6d4fe7d57b959ed899df10bdbbb937ecdfdb1dda756d
|
7
|
+
data.tar.gz: 2897f947b6dc4c6f219dea23a5e38686b9ba6d9e17b5344e8ea5dbbc85d4d255e20b59ad29b2fc2f682907125355f8122fdca534922b6217b2397c9cce8fb937
|
data/CHANGELOG.md
CHANGED
@@ -7,7 +7,7 @@
|
|
7
7
|
* Upgrade the rest-client dependency minimum version to 2.1.0.
|
8
8
|
* Allow setting different proxy values for api connections.
|
9
9
|
* Upgrade version for ingestion api to 2023-01-01.
|
10
|
-
* Rename the plugin to microsoft-sentinel-
|
10
|
+
* Rename the plugin to microsoft-sentinel-logstash-output-plugin.
|
11
11
|
|
12
12
|
## 1.1.1
|
13
13
|
* Support China and US Government Azure sovereign clouds.
|
@@ -15,4 +15,4 @@
|
|
15
15
|
|
16
16
|
## 1.2.0
|
17
17
|
* Added support for Managed Identity authentication on both Azure VMs and Azure Arc connected machines.
|
18
|
-
* * Rename the plugin to microsoft-sentinel-
|
18
|
+
* * Rename the plugin to microsoft-sentinel-logstash-output
|
data/README.md
CHANGED
@@ -38,10 +38,10 @@ sudo apt-mark hold logstash
|
|
38
38
|
|
39
39
|
Please note that when using Logstash 8, it is recommended to disable ECS in the pipeline. For more information refer to [Logstash documentation.](<https://www.elastic.co/guide/en/logstash/8.4/ecs-ls.html>)
|
40
40
|
|
41
|
-
To install the microsoft-sentinel-
|
41
|
+
To install the microsoft-sentinel-logstash-output, you can make use of the published gem at rubygems.com:
|
42
42
|
|
43
43
|
```
|
44
|
-
sudo /usr/share/logstash/bin/logstash-plugin install microsoft-sentinel-
|
44
|
+
sudo /usr/share/logstash/bin/logstash-plugin install microsoft-sentinel-logstash-output
|
45
45
|
```
|
46
46
|
|
47
47
|
If your machine doesn't has an active Internet connection, or you want to install the plugin manually, you can download the plugin files and perform an 'offline' installation. [Logstash Offline Plugin Management instruction](<https://www.elastic.co/guide/en/logstash/current/offline-plugins.html>).
|
@@ -49,7 +49,7 @@ If your machine doesn't has an active Internet connection, or you want to instal
|
|
49
49
|
If you already have the plugin installed, you can check which version you have by running:
|
50
50
|
|
51
51
|
```
|
52
|
-
sudo /usr/share/logstash/bin/logstash-plugin list --verbose microsoft-sentinel-
|
52
|
+
sudo /usr/share/logstash/bin/logstash-plugin list --verbose microsoft-sentinel-logstash-output
|
53
53
|
```
|
54
54
|
|
55
55
|
## 2. Create a sample file
|
@@ -57,7 +57,7 @@ To create a sample file, follow the following steps:
|
|
57
57
|
1) Copy the output plugin configuration below to your Logstash configuration file:
|
58
58
|
```
|
59
59
|
output {
|
60
|
-
microsoft-sentinel-
|
60
|
+
microsoft-sentinel-logstash-output {
|
61
61
|
create_sample_file => true
|
62
62
|
sample_file_path => "<enter the path to the file in which the sample data will be written>" #for example: "c:\\temp" (for windows) or "/var/log" for Linux.
|
63
63
|
}
|
@@ -84,7 +84,7 @@ input {
|
|
84
84
|
}
|
85
85
|
|
86
86
|
output {
|
87
|
-
microsoft-sentinel-
|
87
|
+
microsoft-sentinel-logstash-output {
|
88
88
|
create_sample_file => true
|
89
89
|
sample_file_path => "<enter the path to the file in which the sample data will be written>" #for example: "c:\\temp" (for windows) or "/var/log" for Linux.
|
90
90
|
}
|
@@ -127,7 +127,7 @@ Here is an example for the output plugin configuration section:
|
|
127
127
|
|
128
128
|
```
|
129
129
|
output {
|
130
|
-
microsoft-sentinel-
|
130
|
+
microsoft-sentinel-logstash-output {
|
131
131
|
client_app_Id => "<enter your client_app_id value here>"
|
132
132
|
client_app_secret => "<enter your client_app_secret value here>"
|
133
133
|
tenant_id => "<enter your tenant id here>"
|
@@ -160,7 +160,7 @@ Here is an example for the output plugin configuration section using a Managed I
|
|
160
160
|
|
161
161
|
```
|
162
162
|
output {
|
163
|
-
microsoft-sentinel-
|
163
|
+
microsoft-sentinel-logstash-output {
|
164
164
|
managed_identity => true
|
165
165
|
data_collection_endpoint => "<enter your DCE logsIngestion URI here>"
|
166
166
|
dcr_immutable_id => "<enter your DCR immutableId here>"
|
@@ -192,7 +192,7 @@ input {
|
|
192
192
|
filter {
|
193
193
|
}
|
194
194
|
output {
|
195
|
-
microsoft-sentinel-
|
195
|
+
microsoft-sentinel-logstash-output {
|
196
196
|
client_app_Id => "619c1731-15ca-4403-9c61-xxxxxxxxxxxx"
|
197
197
|
client_app_secret => "xxxxxxxxxxxxxxxx"
|
198
198
|
tenant_id => "72f988bf-86f1-41af-91ab-xxxxxxxxxxxx"
|
@@ -216,7 +216,7 @@ input {
|
|
216
216
|
filter {
|
217
217
|
}
|
218
218
|
output {
|
219
|
-
microsoft-sentinel-
|
219
|
+
microsoft-sentinel-logstash-output {
|
220
220
|
client_app_Id => "619c1731-15ca-4403-9c61-xxxxxxxxxxxx"
|
221
221
|
client_app_secret => "xxxxxxxxxxxxxxxx"
|
222
222
|
tenant_id => "72f988bf-86f1-41af-91ab-xxxxxxxxxxxx"
|
@@ -236,7 +236,7 @@ input {
|
|
236
236
|
}
|
237
237
|
|
238
238
|
output {
|
239
|
-
microsoft-sentinel-
|
239
|
+
microsoft-sentinel-logstash-output {
|
240
240
|
client_app_Id => "${CLIENT_APP_ID}"
|
241
241
|
client_app_secret => "${CLIENT_APP_SECRET}"
|
242
242
|
tenant_id => "${TENANT_ID}"
|
@@ -8,7 +8,7 @@ require "logstash/sentinel_la/logsSender"
|
|
8
8
|
|
9
9
|
class LogStash::Outputs::MicrosoftSentinelOutput < LogStash::Outputs::Base
|
10
10
|
|
11
|
-
config_name "microsoft-sentinel-
|
11
|
+
config_name "microsoft-sentinel-logstash-output"
|
12
12
|
|
13
13
|
# Stating that the output plugin will run in concurrent mode
|
14
14
|
concurrency :shared
|
@@ -92,9 +92,9 @@ class LogstashLoganalyticsOutputConfiguration
|
|
92
92
|
|
93
93
|
|
94
94
|
def print_missing_parameter_message_and_raise(param_name)
|
95
|
-
@logger.error("Missing a required setting for the microsoft-sentinel-
|
95
|
+
@logger.error("Missing a required setting for the microsoft-sentinel-logstash-output output plugin:
|
96
96
|
output {
|
97
|
-
microsoft-sentinel-
|
97
|
+
microsoft-sentinel-logstash-output {
|
98
98
|
#{param_name} => # SETTING MISSING
|
99
99
|
...
|
100
100
|
}
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: microsoft-sentinel-logstash-output
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.2.
|
4
|
+
version: 1.2.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Pouyan & Koos
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-04-
|
11
|
+
date: 2024-04-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rest-client
|
@@ -86,7 +86,7 @@ files:
|
|
86
86
|
- README.md
|
87
87
|
- SECURITY.md
|
88
88
|
- code_of_conduct.md
|
89
|
-
- lib/logstash/outputs/microsoft-sentinel-
|
89
|
+
- lib/logstash/outputs/microsoft-sentinel-logstash-output.rb
|
90
90
|
- lib/logstash/sentinel_la/customSizeBasedBuffer.rb
|
91
91
|
- lib/logstash/sentinel_la/eventsHandler.rb
|
92
92
|
- lib/logstash/sentinel_la/logAnalyticsAadTokenProvider.rb
|
@@ -100,7 +100,7 @@ files:
|
|
100
100
|
- lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb
|
101
101
|
- lib/logstash/sentinel_la/sampleFileCreator.rb
|
102
102
|
- lib/logstash/sentinel_la/version.rb
|
103
|
-
- microsoft-sentinel-
|
103
|
+
- microsoft-sentinel-logstash-output.gemspec
|
104
104
|
homepage: https://github.com/pkhabazi/microsoft-sentinel-logstash-output
|
105
105
|
licenses:
|
106
106
|
- MIT
|
File without changes
|