-
Notifications
You must be signed in to change notification settings - Fork 337
/
Copy pathlogstash.env.example
17 lines (17 loc) · 1.24 KB
/
logstash.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# Parameters for tuning Logstash pipelines (see
# https://www.elastic.co/guide/en/logstash/current/logstash-settings-file.html)
pipeline.workers=3
pipeline.batch.size=75
pipeline.batch.delay=50
# Whether or not Logstash will map MAC addresses to vendors for MAC addresses
LOGSTASH_OUI_LOOKUP=true
# Whether or not Logstash will perform severity scoring on network traffic metadata
LOGSTASH_SEVERITY_SCORING=true
# Whether or not Logstash will perform a reverse DNS lookup for external IP addresses
LOGSTASH_REVERSE_DNS=false
# Which types of logs will be enriched via NetBox (comma-separated list of provider.dataset, or the string all to enrich all logs)
LOGSTASH_NETBOX_ENRICHMENT_DATASETS=suricata.alert,zeek.conn,zeek.dhcp,zeek.dns,zeek.known_hosts,zeek.known_services,zeek.ntlm,zeek.notice,zeek.signatures,zeek.software,zeek.weird
# Zeek log types that will be ignored (dropped) by LogStash
LOGSTASH_ZEEK_IGNORED_LOGS=analyzer,broker,cluster,config,loaded_scripts,packet_filter,png,print,prof,reporter,stderr,stdout
# Logstash memory allowance and other Java options
LS_JAVA_OPTS=-server -Xmx2500m -Xms2500m -Xss2048k -XX:-HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/./urandom -Dlog4j.formatMsgNoLookups=true -Dlogstash.pipelinebus.implementation=v1