diff --git a/salt/elasticfleet/defaults.yaml b/salt/elasticfleet/defaults.yaml
index d29e08f9a..4da5123ac 100644
--- a/salt/elasticfleet/defaults.yaml
+++ b/salt/elasticfleet/defaults.yaml
@@ -6,3 +6,18 @@ elasticfleet:
       es_token: ''
       grid_enrollment: ''
       url: ''
+  logging:
+    zeek:
+      excluded:
+        - broker
+        - capture_loss
+        - ecat_arp_info
+        - known_hosts
+        - known_services
+        - loaded_scripts
+        - ntp
+        - packet_filter
+        - reporter
+        - stats
+        - stderr
+        - stdout