Last active
June 16, 2019 18:45
-
-
Save PierpaoloPernici/fada20829374842d46a660dc9727a787 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "order": -1, | |
| "index_patterns": [ | |
| "pfsense_*" | |
| ], | |
| "settings": { | |
| "index": { | |
| "analysis": { | |
| "analyzer": { | |
| "analyzer_keyword": { | |
| "filter": "lowercase", | |
| "tokenizer": "keyword" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "mappings": { | |
| "message": { | |
| "properties": { | |
| "PFSENSE_ICMP_DATA": { | |
| "type": "keyword" | |
| }, | |
| "PFSENSE_ICMP_ECHO_REQ_REPLY": { | |
| "type": "keyword" | |
| }, | |
| "PFSENSE_ICMP_RESPONSE": { | |
| "type": "keyword" | |
| }, | |
| "PFSENSE_ICMP_TYPE": { | |
| "type": "keyword" | |
| }, | |
| "PFSENSE_ICMP_UNREACHPORT": { | |
| "type": "keyword" | |
| }, | |
| "PFSENSE_IGMP_DATA": { | |
| "type": "keyword" | |
| }, | |
| "PFSENSE_IP_DATA": { | |
| "type": "keyword" | |
| }, | |
| "PFSENSE_IP_SPECIFIC_DATA": { | |
| "type": "keyword" | |
| }, | |
| "PFSENSE_IPv4_SPECIFIC_DATA": { | |
| "type": "keyword" | |
| }, | |
| "PFSENSE_LOG_DATA": { | |
| "type": "keyword" | |
| }, | |
| "PFSENSE_LOG_ENTRY": { | |
| "type": "keyword" | |
| }, | |
| "PFSENSE_PROTOCOL_DATA": { | |
| "type": "keyword" | |
| }, | |
| "PFSENSE_TCP_DATA": { | |
| "type": "keyword" | |
| }, | |
| "PFSENSE_UDP_DATA": { | |
| "type": "keyword" | |
| }, | |
| "ack_number": { | |
| "type": "keyword" | |
| }, | |
| "action": { | |
| "type": "keyword" | |
| }, | |
| "data_length": { | |
| "type": "keyword" | |
| }, | |
| "dest_ip": { | |
| "type": "keyword" | |
| }, | |
| "dest_ip_city_name": { | |
| "type": "keyword" | |
| }, | |
| "dest_ip_country_code": { | |
| "type": "keyword" | |
| }, | |
| "dest_ip_geolocation": { | |
| "type": "text", | |
| "copy_to": "dst_location" | |
| }, | |
| "dst_location": { | |
| "type": "geo_point" | |
| }, | |
| "dest_port": { | |
| "type": "keyword" | |
| }, | |
| "direction": { | |
| "type": "keyword" | |
| }, | |
| "ecn": { | |
| "type": "keyword" | |
| }, | |
| "facility": { | |
| "type": "keyword" | |
| }, | |
| "flags": { | |
| "type": "keyword" | |
| }, | |
| "full_message": { | |
| "type": "text", | |
| "analyzer": "standard" | |
| }, | |
| "gl2_remote_ip": { | |
| "type": "keyword" | |
| }, | |
| "gl2_remote_port": { | |
| "type": "keyword" | |
| }, | |
| "gl2_source_input": { | |
| "type": "keyword" | |
| }, | |
| "gl2_source_node": { | |
| "type": "keyword" | |
| }, | |
| "icmp_echo_id": { | |
| "type": "keyword" | |
| }, | |
| "icmp_echo_sequence": { | |
| "type": "keyword" | |
| }, | |
| "icmp_type": { | |
| "type": "keyword" | |
| }, | |
| "icmp_unreachport_dest_ip": { | |
| "type": "keyword" | |
| }, | |
| "icmp_unreachport_dest_ip_city_name": { | |
| "type": "keyword" | |
| }, | |
| "icmp_unreachport_dest_ip_country_code": { | |
| "type": "keyword" | |
| }, | |
| "icmp_unreachport_dest_ip_geolocation": { | |
| "type": "keyword" | |
| }, | |
| "icmp_unreachport_port": { | |
| "type": "keyword" | |
| }, | |
| "icmp_unreachport_protocol": { | |
| "type": "keyword" | |
| }, | |
| "id": { | |
| "type": "keyword" | |
| }, | |
| "iface": { | |
| "type": "keyword" | |
| }, | |
| "ip_ver": { | |
| "type": "keyword" | |
| }, | |
| "length": { | |
| "type": "keyword" | |
| }, | |
| "level": { | |
| "type": "long" | |
| }, | |
| "message": { | |
| "type": "text", | |
| "analyzer": "standard" | |
| }, | |
| "offset": { | |
| "type": "keyword" | |
| }, | |
| "proto": { | |
| "type": "keyword" | |
| }, | |
| "proto_id": { | |
| "type": "keyword" | |
| }, | |
| "reason": { | |
| "type": "keyword" | |
| }, | |
| "rule": { | |
| "type": "keyword" | |
| }, | |
| "sequence_number": { | |
| "type": "keyword" | |
| }, | |
| "source": { | |
| "type": "text", | |
| "analyzer": "analyzer_keyword", | |
| "fielddata": true | |
| }, | |
| "src_ip": { | |
| "type": "keyword" | |
| }, | |
| "src_ip_city_name": { | |
| "type": "keyword" | |
| }, | |
| "src_ip_country_code": { | |
| "type": "keyword" | |
| }, | |
| "src_ip_geolocation": { | |
| "type": "string", | |
| "copy_to": "src_location" | |
| }, | |
| "src_location": { | |
| "type": "geo_point" | |
| }, | |
| "src_port": { | |
| "type": "keyword" | |
| }, | |
| "streams": { | |
| "type": "keyword" | |
| }, | |
| "tcp_flags": { | |
| "type": "keyword" | |
| }, | |
| "tcp_options": { | |
| "type": "keyword" | |
| }, | |
| "tcp_window": { | |
| "type": "keyword" | |
| }, | |
| "timestamp": { | |
| "type": "date", | |
| "format": "yyyy-MM-dd HH:mm:ss.SSS" | |
| }, | |
| "real_timestamp": { | |
| "type": "date", | |
| "format": "yyyy-MM-dd HH:mm:ss" | |
| }, | |
| "tos": { | |
| "type": "keyword" | |
| }, | |
| "tracker": { | |
| "type": "keyword" | |
| }, | |
| "ttl": { | |
| "type": "keyword" | |
| } | |
| }, | |
| "dynamic_templates": [{ | |
| "internal_fields": { | |
| "match": "gl2_*", | |
| "mapping": { | |
| "type": "keyword" | |
| } | |
| } | |
| }, | |
| { | |
| "store_generic": { | |
| "match_mapping_type": "string", | |
| "mapping": { | |
| "type": "keyword" | |
| } | |
| } | |
| } | |
| ], | |
| "_source": { | |
| "enabled": true | |
| } | |
| } | |
| }, | |
| "aliases": {} | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment