From eb0d2f5e287b47c4e00fef2ab7732105482ed3ad Mon Sep 17 00:00:00 2001 From: "Zane C. Bowers-Hadley" Date: Mon, 8 Nov 2021 20:23:42 -0600 Subject: [PATCH] fix srcx and hostx for syslog and bump for release --- Changes | 63 ++++++++++++----------- lib/Search/ESsearcher.pm | 4 +- lib/Search/ESsearcher/Templates/syslog.pm | 8 +-- 3 files changed, 39 insertions(+), 36 deletions(-) diff --git a/Changes b/Changes index 6219ecd..366dc42 100644 --- a/Changes +++ b/Changes @@ -1,43 +1,46 @@ Revision history for Search-ESsearcher -0.4.3 2021-11-04/04:00 - -Remove mutate from geoip on fail2ban. +0.4.4 2021-11-04/20:30 + -Fix srcx and hostx for syslog. + +0.4.3 2021-11-04/04:00 + -Remove mutate from geoip on fail2ban. This removes the need for mappings in Elasticsearch. - -Add back in GeoIP for Postfix. + -Add back in GeoIP for Postfix. -0.4.2 2021-10-21/23:15 - - Include logstash examples. - - Update Postfix logstash bits. +0.4.2 2021-10-21/23:15 + - Include logstash examples. + - Update Postfix logstash bits. -0.4.1 2019-12-08/04:05 - - Remove accidentally included emacs save. - - Correct datestamp on previous change log entry. +0.4.1 2019-12-08/04:05 + - Remove accidentally included emacs save. + - Correct datestamp on previous change log entry. -0.4.0 2019-12-08/04:00 - - Make host searching work better. Thanks, Kevin Greene. - - Add the aonHost. +0.4.0 2019-12-08/04:00 + - Make host searching work better. Thanks, Kevin Greene. + - Add the aonHost. -0.3.1 2019-06-05/05:0 - - Add missing options to postfix pod. +0.3.1 2019-06-05/05:0 + - Add missing options to postfix pod. -0.3.0 2019-06-05/01:30 - - Add postfix support. - - Add repo info. +0.3.0 2019-06-05/01:30 + - Add postfix support. + - Add repo info. -0.2.0 2019-06-03/04:30 - - The bf2b template now properly processes --ip - - Add the httpAccess template. - - Add a missing flag to the help for bf2b. - - Added the option for pretty printing -S via -p +0.2.0 2019-06-03/04:30 + - The bf2b template now properly processes --ip + - Add the httpAccess template. + - Add a missing flag to the help for bf2b. + - Added the option for pretty printing -S via -p -0.1.0 2019-06-02/09:00 - - Add bf2b, beats fail2ban support. - - Actually set the output template now. - - name validation no longer chokes on numbers. - - Now prints the proper help info instead of the - one for the default, syslog. +0.1.0 2019-06-02/09:00 + - Add bf2b, beats fail2ban support. + - Actually set the output template now. + - name validation no longer chokes on numbers. + - Now prints the proper help info instead of the + one for the default, syslog. -0.0.0 2019-06-02/04:40 - - Initial release. +0.0.0 2019-06-02/04:40 + - Initial release. diff --git a/lib/Search/ESsearcher.pm b/lib/Search/ESsearcher.pm index 1442ed1..0aeb1fb 100644 --- a/lib/Search/ESsearcher.pm +++ b/lib/Search/ESsearcher.pm @@ -17,11 +17,11 @@ Search::ESsearcher - Provides a handy system for doing templated elasticsearch s =head1 VERSION -Version 0.4.3 +Version 0.4.4 =cut -our $VERSION = '0.4.3'; +our $VERSION = '0.4.4'; =head1 SYNOPSIS diff --git a/lib/Search/ESsearcher/Templates/syslog.pm b/lib/Search/ESsearcher/Templates/syslog.pm index a312452..f45833f 100644 --- a/lib/Search/ESsearcher/Templates/syslog.pm +++ b/lib/Search/ESsearcher/Templates/syslog.pm @@ -10,11 +10,11 @@ Search::ESsearcher::Templates::syslog - Provides syslog support for essearcher. =head1 VERSION -Version 1.1.0 +Version 1.1.1 =cut -our $VERSION = '1.1.0'; +our $VERSION = '1.1.1'; =head1 LOGSTASH @@ -189,14 +189,14 @@ return ' [% IF o.hostx %] {"query_string": { "default_field": "host.keyword", - "query": [% o.host.json %] + "query": [% o.hostx.json %] } }, [% END %] [% IF o.srcx %] {"query_string": { "default_field": "logsource.keyword", - "query": [% o.src.json %] + "query": [% o.srcx.json %] } }, [% END %]