Merge pull request #39 from mkubenka/fix/logstash-5.x

Fix Logstash 5.x
bitsofinfo · Jun 19, 2017 · 865226a · 865226a
2 parents 7a6e498 + cb985d8
commit 865226a
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/2081_filter_section_h_convert_to_key-value.conf b/2081_filter_section_h_convert_to_key-value.conf
@@ -21,18 +21,20 @@ filter {
       ruby {
         code => "
             auditLogTrailer = event.get('auditLogTrailer').to_hash
-            auditLogTrailerMessages = event.get('auditLogTrailerMessages').to_hash
+            auditLogTrailerMessages = event.get('auditLogTrailerMessages')
             auditLogTrailer.each { |k, v|
               if !v.nil? and v.is_a? String
                 auditLogTrailer[k] = v.strip
               end
             }
             auditLogTrailer.delete('Message')
             auditLogTrailer['messages'] = auditLogTrailerMessages
+
+            event.set('auditLogTrailer', auditLogTrailer)
           "
       }
 
-      drop {
+      mutate {
         remove_field => ['auditLogTrailerMessages']
       }
     }

diff --git a/2089_filter_section_h_example_severities.conf b/2089_filter_section_h_example_severities.conf
@@ -11,7 +11,7 @@ filter {
     ruby {
       code => "
           modsecSeverities = Set.new
-          trailerMsgs = event.get('auditLogTrailerMessages').to_hash
+          trailerMsgs = event.get('auditLogTrailer[messages]')
           trailerMsgs.each {|m|
             if m.key?('severity')
               modsecSeverities.add(m['severity'])