From 9f1807325cc7e5ed3409a99ad6fdd0076fcf1bfc Mon Sep 17 00:00:00 2001
From: Kameron Kenny <1267885+kkenny@users.noreply.github.com>
Date: Mon, 28 Oct 2024 11:51:44 -0400
Subject: [PATCH] stats

---
 config/syslog-ng.conf.d/nas81.conf | 40 ++++++++++++++++++++++++++++--
 config/syslog-ng.conf.d/unifi.conf |  4 +--
 2 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/config/syslog-ng.conf.d/nas81.conf b/config/syslog-ng.conf.d/nas81.conf
index 4f8e81e..e1371fc 100644
--- a/config/syslog-ng.conf.d/nas81.conf
+++ b/config/syslog-ng.conf.d/nas81.conf
@@ -1,12 +1,24 @@
 filter f_nas81_suricata { match("suricata" value("PROGRAM")); };
 filter f_nas81_host { match("nas81" value("HOST")); };
+filter f_nas81_suricata_stats { match("stats" value("event_type")); };
+
+template t_json {
+  template("${MESSAGE}\n");
+  template-escape(no);
+};
+
+parser p_json {
+  json-parser(fields("json"));
+};
+
+parser p_suricata_stats_json {
+  json-parser(prefix("suricata.stats."));
+};
 
 destination d_nas81_suricata {
   elasticsearch-http(
     index("nas81-suricata")
     type("")
-    user("elastic")
-    password("forty6and2")
     url("http://pi501.in.thelinuxpro.net:9200/_bulk")
     template("$(format-json --scope rfc5424 --scope dot-nv-pairs
     --rekey .* --shift 1 --scope nv-pairs
@@ -15,11 +27,24 @@ destination d_nas81_suricata {
   );
 };
 
+destination d_nas81 {
+  elasticsearch-http(
+    index("nas81")
+    type("")
+    url("http://pi501.in.thelinuxpro.net:9200/_bulk")
+    template("$(format-json --scope rfc5424 --scope dot-nv-pairs
+    --rekey .* --shift 1 --scope nv-pairs
+    --exclude DATE @timestamp=${ISODATE})")
+    persist-name("d_nas81")
+  );
+};
+
 destination d_file_suricata { file("/var/log/suricata.log"); };
 
 log {
   source(s_network_udp);
   filter(f_nas81_host);
+  filter(f_suricata);
   parser(p_suricata_json);
   parser(p_suricata_src_ip_geoip2_city);
   parser(p_suricata_dest_ip_geoip2_city);
@@ -27,3 +52,14 @@ log {
   flags(final);
 };
 
+log {
+  source(s_network_udp);
+  filter(f_nas81_host);
+  filter(f_suricata);
+  filter(f_nas81_suricata_stats);
+  parser(p_suricata_stats_json);
+  parser(p_suricata_src_ip_geoip2_city);
+  parser(p_suricata_dest_ip_geoip2_city);
+  destination(d_nas81_suricata);
+  flags(final);
+};
diff --git a/config/syslog-ng.conf.d/unifi.conf b/config/syslog-ng.conf.d/unifi.conf
index 1155b0d..82e4356 100644
--- a/config/syslog-ng.conf.d/unifi.conf
+++ b/config/syslog-ng.conf.d/unifi.conf
@@ -1,4 +1,4 @@
-filter f_unifi_suricata { match("suricata" value("PROGRAM")); };
+filter f_suricata { match("suricata" value("PROGRAM")); };
 filter f_unifi_bash_history { match("bash" value("PROGRAM")); };
 filter f_unifi_fw_lan { match("LAN_" value("PID")); };
 filter f_unifi_fw_wan { match("WAN_" value("PID")); };
@@ -178,7 +178,7 @@ destination d_unifi_wlan {
 
 log {
   source(s_network_udp);
-  filter(f_unifi_suricata);
+  filter(f_suricata);
   parser(p_suricata_json);
   parser(p_suricata_src_ip_geoip2_city);
   parser(p_suricata_dest_ip_geoip2_city);