From db263555009c69b2879bf27db494c758f9003328 Mon Sep 17 00:00:00 2001
From: ajpc500 <62765165+ajpc500@users.noreply.github.com>
Date: Sun, 30 Jun 2024 20:02:24 +0100
Subject: [PATCH] Update inputs.conf with additional Zeek logs

Including logs for DCE/RPC, NTLM, Kerberos, as well as notice and weird.log files.
---
 .../roles/zeek_sensor/files/inputs.conf       | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/packer/ansible/roles/zeek_sensor/files/inputs.conf b/packer/ansible/roles/zeek_sensor/files/inputs.conf
index 81dbcf4b1..6e4bf2a5a 100644
--- a/packer/ansible/roles/zeek_sensor/files/inputs.conf
+++ b/packer/ansible/roles/zeek_sensor/files/inputs.conf
@@ -1,6 +1,31 @@
 [default]
 host = zeek
 
+[monitor:///opt/zeek/logs/current/weird.log]
+_TCP_ROUTING = *
+index = zeek
+sourcetype = bro:weird:json
+
+[monitor:///opt/zeek/logs/current/notice.log]
+_TCP_ROUTING = *
+index = zeek
+sourcetype = bro:notice:json
+
+[monitor:///opt/zeek/logs/current/ntlm.log]
+_TCP_ROUTING = *
+index = zeek
+sourcetype = bro:ntlm:json
+
+[monitor:///opt/zeek/logs/current/kerberos.log]
+_TCP_ROUTING = *
+index = zeek
+sourcetype = bro:kerberos:json
+
+[monitor:///opt/zeek/logs/current/dce_rpc.log]
+_TCP_ROUTING = *
+index = zeek
+sourcetype = bro:dce_rpc:json
+
 [monitor:///opt/zeek/logs/current/conn.log]
 _TCP_ROUTING = *
 index = zeek