changelog

ES Versions:
  * pfelk >= 22.# supports Elasticstack >=8.1.0+
  * pfelk >= 20.# supports Elastic Stack >= 7.11.0+
  * pfelk >= 6.0  supports Elastic Stack >= 7.0.0+
  * pfelk >= 6.0  supports pfSense >= 2.4.0+
  * pfelk >= 6.0  supports OPNsense >= 19+
  
v22.04
  - Revised to accomidate default security implemented by Elastic
  - Renamed *.conf to *.pfelk to mitigate conflict where other *.conf files reside 
  - Made various refinements 
  - Cleaned up various files
  - Possibly last supported version...too time consuming to continue to support
  
v22.01
  - Updated output (50-outputs.conf) supporting data streams
  - ILM now supported by default
  - Updated output (50-outputs.conf); cleaned-up to simplify output reduced consumption of resources
  - Updated input (01-inputs.conf); reduced ports required to recieve logs to one port
  - Removed 02-types.conf and 03-filter.conf no longer needed
  - Simplified initial grok pattern to support pfSense's legacy (archaic) syslog format (however, it does not support multiple log instances [e.g. more than one firewall sending logs])
  - Data Stream format required update to Kibana saved index patterns (e.g. pfelk-firewall-* to *-pfelk-firewall*)
  - Data Stream format required updated templates (e.g. pfelk-firewall-* to *-pfelk-firewall*)

v20.3
  -File Mappings
  - File locations were amended to mimic docker configuraiton. This will mitigate the need to revise/amend various paths within the respective conf files.

v6.5 202#/##/##
  -SCRIPT
  - Simple Installer  - Fix Elasticsearch timeout on startup (issue #170) <-- https://www.elastic.co/guide/en/elasticsearch/reference/current/stopping-elasticsearch.html
                      - Add symbolic link to aid with quicker shutdowns (issue #128) <-- https://www.elastic.co/guide/en/elasticsearch/reference/current/stopping-elasticsearch.html
                      - Add check tmp space prior to install (issue #128) <-- Fixed 1-November-2020

v6.1 2020/12/10
  -LOGSTASH
  - conf files        - Made various changes for ECS conformity
                      - Prevented default logstash template from being installed (eliminated initial setup issues) `manage_template => false`
                      - Enabled ECS compatibility (v1)
                      - Update GROK pattern aligning log output with ECS v1.7.0
                        - Most fields are now compliant
                          - Fields with `pf` parent are not ECS supported but renamed within GROK pattern for better organization
                          - Squid and Snort parent fields removed to align with ECS
                          - Enriched `tcp.options` field parsing out values in an array vs single string
                          - Parsed DHCP logs for independent indexing
                          - Removed or amended 'host' field to comply with ECS
 
  -ELASTICSEARCH
  - templates         - Migrated to new index templates 
                        - Legacy templates are depreciated and likely removed with pending v8 release (Elastic)
                        - ECS compliant template utilized/implemented 
                        - Created ILM 
                          - Roll over at 5G or 7-days
                            - Still needs refining 
                        - Suricata template built based off of https://www.elastic.co/guide/en/beats/filebeat/current/exported-fields-suricata.html
                          - The following alias fields were ommited 
                            - fileinfo.filename
                            - fileinfo.size
                            - dest_port
                            - src_port
                            - proto
                            - src_ip
                            - dest_ip
                            - http_status
                            - http.http_user_agent
                            - http.http_refer
                            - http.url
                            - http.hostname
                            - http.length
                            - http.http_method
                            - timestamp
                            - alert.severity
                            - alert.action
                            - flow.bytes_toclient
                            - flow.start
                            - flow.pkts_toclient
                            - flow.bytes_toserver
                            - flow.pkts_toserver
                            - app_proto
                            
                        - Haproxy template was refined based off of https://www.elastic.co/guide/en/beats/filebeat/current/exported-fields-haproxy.html
                          - Still needs testing and finalization (note: grok pattern was primary utilized to amend fields)
                          - The following fields were ommited
                            - time_request <-- needs to be amended to align with haproxy module
                            - time_backend_response <-- needs to be amended to align with haproxy module
                            - http_status_code <-- Alias 
               
  -KIBANA
  - Visualizations    - Updated and aligned with templates
  - Dashboards        - Updated and aligned with updates                    
                      
v6.0 2020/10/18
  -LOGSTASH
  - conf files        - Removed host filtering (mitigate issues with logs traversing via routers/containers)
                      - Added observer fields for enhanced filtering for multiple firewall setups 
  - grok pattern      - Updated to conform to Elastic Common Schema (ECS) and aligned with pfsense Raw Filter Format
  
  -ELASTICSEARCH
  - templates         - Added index settings and mappings
                      - Templates are dependent upon underlying templates                
  -KIBANA
  - Visualizations    - Updated and aligned with templates
  - Dashboards        - Custom index pattern ID for each major template