From 694d121310447d552b4226d8aca3c5eec5e9d38b Mon Sep 17 00:00:00 2001
From: Stig Lindqvist <me@stig.nz>
Date: Tue, 10 Sep 2019 09:37:17 +1200
Subject: [PATCH 1/3] drop auditd and osqueryd log events

---
 templates/conf.d/graylog.erb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/templates/conf.d/graylog.erb b/templates/conf.d/graylog.erb
index 8bef289..14a692d 100644
--- a/templates/conf.d/graylog.erb
+++ b/templates/conf.d/graylog.erb
@@ -17,6 +17,11 @@ filter {
         drop { }
     }
 
+	# these log types aren't user friendly and handled by our SIEM
+    if [log_type] in ["audit", "osqueryd"] {
+        drop { }
+    }
+
     if [short_message] =~ "^proxy$" {
         drop{ }
     }

From 0bf3778b6de3ab5b7c3c3a5075582e80ca3c36e2 Mon Sep 17 00:00:00 2001
From: Brett Tasker <brett@silverstripe.com>
Date: Mon, 20 Feb 2023 10:33:41 +1300
Subject: [PATCH 2/3] Remove GC configuration to upgrade to Java 9

---
 templates/jvm_options.erb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/jvm_options.erb b/templates/jvm_options.erb
index a0018fa..0d93ca7 100644
--- a/templates/jvm_options.erb
+++ b/templates/jvm_options.erb
@@ -17,8 +17,8 @@
 ################################################################
 
 ## GC configuration
--XX:CMSInitiatingOccupancyFraction=75
--XX:+UseCMSInitiatingOccupancyOnly
+# -XX:CMSInitiatingOccupancyFraction=75
+# -XX:+UseCMSInitiatingOccupancyOnly
 
 ## Locale
 # Set the locale language

From e00bc50a351f258a5ebfec11ed3b81b8a950b82a Mon Sep 17 00:00:00 2001
From: Ben Percy <ben.percy@silverstripe.com>
Date: Wed, 3 Jul 2024 15:01:11 +1200
Subject: [PATCH 3/3] Removed SSL from logstash config as it is now terminated
 at the NLB

---
 templates/conf.d/inputs.erb | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/templates/conf.d/inputs.erb b/templates/conf.d/inputs.erb
index a4b5029..7b81c9a 100644
--- a/templates/conf.d/inputs.erb
+++ b/templates/conf.d/inputs.erb
@@ -2,9 +2,7 @@ input {
 	beats {
 		port => 5044
 		type => "logs"
-		ssl => true
-		ssl_certificate => "/etc/pki/tls/certs/logstash.crt"
-		ssl_key => "/etc/pki/tls/private/logstash.key"
+		ssl => false
 		client_inactivity_timeout => 120
 	}
 	lumberjack {