pdnssoc 0.1.3 → 0.1.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/config/{td-agent.conf → td-agent.conf.template} +23 -2
  3. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 252758f53648ce58439fc34723eb137fc8cd99225720895cb42dd095ff9d56bc
4
- data.tar.gz: 6a41db486378f24aa6a56765109c8c0cdd0aacf855b07a7f9616b7499bc98526
3
+ metadata.gz: bad54bf458c8c4f03ff489c471dd139d85809834a7497fe3171b12b54d64ff8a
4
+ data.tar.gz: 6b289fd1ed6026bb595b6db9d4caa06ab55256285eaa9571f807c3c25b6df260
5
5
  SHA512:
6
- metadata.gz: 0f81edfb60851df94c8c2541bfb71c7d264d5cda518ce1327d1af6051762984ae47eade862ad60defcb14bae1d530ce1a078ba1998a6ae28f901e41474460c29
7
- data.tar.gz: ebdf588d2afad5cbec0379d6e50e11c82a29b61449b09867e77aeee30a9e739e203f87c2e80aa4e0da814f2b3f151459fdd5724d775a6d292597bf81effa0ab2
6
+ metadata.gz: ce039adfb59406c2274c6ace3fed372a5da3287bf6de9e400283f25d78a2f1f39f71e1162d27d947327e62595763ef1c8f0dbc80b09ca097b1e4573bef165d44
7
+ data.tar.gz: c254a4ac9355c03f9bd1c0076d7143e27cba19790fe5a262fe0dd3bcd72628f7801f0105baec1951d451ec65e4bf40f84bcf69488171ac2e4420701d340e696d
data/config/{td-agent.conf → td-agent.conf.template} RENAMED
@@ -72,6 +72,17 @@
72
72
  </parse>
73
73
  </source>
74
74
 
75
+ ## OpenSearch
76
+ # Getting logs from pdnssoc to send to OpenSearch
77
+ # <source>
78
+ # @type tail
79
+ # path /var/log/td-agent/alerts.log
80
+ # tag pdnssoc_alerts
81
+ # read_from_head true
82
+ # <parse>
83
+ # @type json
84
+ # </parse>
85
+ # </source>
75
86
 
76
87
  ## DATA ROUTING
77
88
  # Copying our pdnssocdata into multiple streams
@@ -130,7 +141,7 @@
130
141
  @type filter_list
131
142
  filter AC
132
143
  key_to_filter query
133
- pattern_file_paths ["/etc/td-agent/misp_domains.txt"]
144
+ pattern_file_paths ["/etc/pdnssoc/misp_domains.txt"]
134
145
  filter_empty true
135
146
  action whitelist
136
147
  </filter>
@@ -146,7 +157,7 @@
146
157
  @type filter_list
147
158
  filter AC
148
159
  key_to_filter answer
149
- pattern_file_paths ["/etc/td-agent/misp_domains.txt", "/etc/td-agent/misp_ips.txt"]
160
+ pattern_file_paths ["/etc/pdnssoc/misp_domains.txt", "/etc/pdnssoc/misp_ips.txt"]
150
161
  filter_empty true
151
162
  action whitelist
152
163
  </filter>
@@ -171,3 +182,13 @@
171
182
  </buffer>
172
183
  </match>
173
184
  </label>
185
+
186
+ # Forward logs to OpenSearch
187
+ # <match pdnssoc_alerts>
188
+ # @type opensearch
189
+ # hosts https://opensearch.domain.org
190
+ # logstash_format true
191
+ # logstash_prefix pdnssoc
192
+ # user %{USER}
193
+ # password %{PASSWORD}
194
+ # </match>
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pdnssoc
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.3
4
+ version: 0.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Pau Cutrina
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2023-08-07 00:00:00.000000000 Z
13
+ date: 2023-08-10 00:00:00.000000000 Z
14
14
  dependencies: []
15
15
  description: pDNS correlation with MISP
16
16
  email:
@@ -21,7 +21,7 @@ extra_rdoc_files: []
21
21
  files:
22
22
  - config/notification_email.html
23
23
  - config/pdnssoc.conf
24
- - config/td-agent.conf
24
+ - config/td-agent.conf.template
25
25
  - lib/alerts.rb
26
26
  - lib/configalerts.rb
27
27
  - lib/constants.rb