From 983aeb493854c54f725eb970ea2304c99519a0e1 Mon Sep 17 00:00:00 2001
From: Kameron Kenny <1267885+kkenny@users.noreply.github.com>
Date: Fri, 14 Jun 2024 12:23:11 -0400
Subject: [PATCH] ES Teamplate firewall

---
 config/syslog-ng.conf | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/config/syslog-ng.conf b/config/syslog-ng.conf
index ed1f4cb..71b752a 100644
--- a/config/syslog-ng.conf
+++ b/config/syslog-ng.conf
@@ -19,6 +19,8 @@ filter f_unifi_mcad { message("mcad"); };
 filter f_unifi_hostapd { message("hostapd"); };
 filter f_unifi_wlan { message("wlan:"); };
 
+parser p_kv { kv-parser(prefix("kv.")); };
+
 destination d_local {
   file("/var/log/messages");
   file("/var/log/messages-kv.log" template("$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n") frac-digits(3));
@@ -35,15 +37,7 @@ destination d_unifi_firewall {
     url("http://pi501.in.thelinuxpro.net:9200/_bulk")
     template("$(format-json --scope rfc5424 --scope dot-nv-pairs
     --rekey .* --shift 1 --scope nv-pairs
-    --exclude DATE @timestamp=${ISODATE}
-    DESCRIPTION=$(DESC)
-    INTERFACE_IN=$(IN)
-    INTERFACE_OUT=$(OUT)
-    IP_SOURCE=$(SRC)
-    IP_DESTINATION=$(DST)
-    PROTOCOL=$(PROTO)
-    PORT_SOURCE=$(SPT)
-    PORT_DESTINATION=$(DPT))")
+    --exclude DATE @timestamp=${ISODATE})")
     persist-name("d_unifi_firewall")
   );
 };
@@ -149,6 +143,7 @@ destination d_syslog_ng_es {
 log {
   source(s_network_udp);
   filter(f_unifi_fw_lan);
+  parser(p_kv);
   destination(d_unifi_firewall);
   flags(final);
 };