Support CADF notifications
Change-Id: Ibc504c401a95df527b47f469ed5df7467bec959d
This commit is contained in:
parent
0d2dea001e
commit
d4c3707582
|
@ -61,7 +61,7 @@ if $kibana_tls['enabled'] {
|
|||
}
|
||||
}
|
||||
|
||||
lma_logging_analytics::es_template { ['log', 'notification']:
|
||||
lma_logging_analytics::es_template { ['log', 'notification', 'audit']:
|
||||
number_of_replicas => $number_of_replicas,
|
||||
host => $es_vip,
|
||||
port => $es_port,
|
||||
|
|
|
@ -111,6 +111,14 @@ class lma_logging_analytics::kibana_dashboards (
|
|||
content => template('lma_logging_analytics/kibana4_objects/search_notifications.json'),
|
||||
type => 'search',
|
||||
},
|
||||
'audit-*' => {
|
||||
content => template('lma_logging_analytics/kibana4_objects/index-pattern_audit.json'),
|
||||
type => 'index-pattern',
|
||||
},
|
||||
'search-audit' => {
|
||||
content => template('lma_logging_analytics/kibana4_objects/search_audit.json'),
|
||||
type => 'search',
|
||||
},
|
||||
}
|
||||
|
||||
create_resources(
|
||||
|
|
|
@ -0,0 +1,91 @@
|
|||
{
|
||||
"mappings": {
|
||||
"message": {
|
||||
"properties": {
|
||||
"Payload": {
|
||||
"type": "string"
|
||||
},
|
||||
"Logger": {
|
||||
"index": "not_analyzed",
|
||||
"type": "string"
|
||||
},
|
||||
"Hostname": {
|
||||
"index": "not_analyzed",
|
||||
"type": "string"
|
||||
},
|
||||
"Pid": {
|
||||
"index": "not_analyzed",
|
||||
"type": "long"
|
||||
},
|
||||
"Severity": {
|
||||
"index": "not_analyzed",
|
||||
"type": "long"
|
||||
},
|
||||
"Type": {
|
||||
"index": "not_analyzed",
|
||||
"type": "string"
|
||||
},
|
||||
"severity_label": {
|
||||
"index": "not_analyzed",
|
||||
"type": "string"
|
||||
},
|
||||
"environment_label": {
|
||||
"index": "not_analyzed",
|
||||
"type": "string"
|
||||
},
|
||||
"action": {
|
||||
"index": "not_analyzed",
|
||||
"type": "string"
|
||||
},
|
||||
"event_type": {
|
||||
"index": "not_analyzed",
|
||||
"type": "string"
|
||||
},
|
||||
"outcome": {
|
||||
"index": "not_analyzed",
|
||||
"type": "string"
|
||||
},
|
||||
"notification_type": {
|
||||
"index": "not_analyzed",
|
||||
"type": "string"
|
||||
},
|
||||
"openstack_roles": {
|
||||
"type": "string",
|
||||
"analyzer": "ost_roles"
|
||||
},
|
||||
"openstack_region": {
|
||||
"index": "not_analyzed",
|
||||
"type": "string"
|
||||
},
|
||||
"openstack_release": {
|
||||
"index": "not_analyzed",
|
||||
"type": "string"
|
||||
},
|
||||
"deployment_id": {
|
||||
"index": "not_analyzed",
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"settings": {
|
||||
"analysis": {
|
||||
"tokenizer": {
|
||||
"comma" : {
|
||||
"type": "pattern",
|
||||
"pattern": ","
|
||||
}
|
||||
},
|
||||
"analyzer": {
|
||||
"ost_roles": {
|
||||
"type": "custom",
|
||||
"tokenizer": "comma",
|
||||
"filter": ["lowercase"]
|
||||
}
|
||||
}
|
||||
},
|
||||
"number_of_shards": <%= @number_of_shards %>,
|
||||
"number_of_replicas": <%= @number_of_replicas %>
|
||||
},
|
||||
"template": "<%= @template %>"
|
||||
}
|
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
"title": "audit-*",
|
||||
"timeFieldName": "Timestamp",
|
||||
"fields": "[{\"name\":\"openstack_release\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"openstack_roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"doc_values\":false},{\"name\":\"Type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"severity_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"Logger\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"Severity\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"Pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"Hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"Payload\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"notification_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"doc_values\":false},{\"name\":\"deployment_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"Timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"environment_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"openstack_region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"doc_values\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"doc_values\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"doc_values\":false}]"
|
||||
}
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
{
|
||||
"title": "Audit",
|
||||
"description": "",
|
||||
"hits": 0,
|
||||
"columns": [
|
||||
"Logger",
|
||||
"notification_type",
|
||||
"outcome",
|
||||
"Payload"
|
||||
],
|
||||
"sort": [
|
||||
"Timestamp",
|
||||
"desc"
|
||||
],
|
||||
"version": 1,
|
||||
"kibanaSavedObjectMeta": {
|
||||
"searchSourceJSON": "{\"index\":\"audit-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}"
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue